2011-12-08  Eric Blake  <eblake@redhat.com>

	spec: don't use chkconfig --list
	https://bugzilla.redhat.com/show_bug.cgi?id=694403 reports that
	the specfile is incorrectly checking for a running libvirt-guests
	service.  For example,

	$ LC_ALL=es_ES chkconfig --list libvirt-guests
	libvirt-guests 	  0:desactivado		 1:desactivado	   2:desactivado     3:activo	 4:activo  5:activo	    6:desactivado

	will fail to find 5:on, even though it is active.  But chkconfig
	already has a mode where you can silently use the exit status to
	check for an active service.

	* libvirt.spec.in (%post): Use simpler chkconfig options, to avoid
	issues with localization.

	build: fix build with older libxml2
	On RHEL 5, with libxml2-2.6.26, the build failed with:
	virsh.c: In function 'vshNodeIsSuperset':
	virsh.c:11951: warning: implicit declaration of function 'xmlChildElementCount'

	(or if warnings aren't errors, a link failure later on).

	* src/util/xml.h (virXMLChildElementCount): New prototype.
	* src/util/xml.c (virXMLChildElementCount): New function.
	* src/libvirt_private.syms (xml.h): Export it.
	* tools/virsh.c (vshNodeIsSuperset): Use it.

2011-12-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix updating of haveTheBuck in RPC client to be race-free
	When one thread passes the buck to another thread, it uses
	virCondSignal to wake up the target thread. The variable
	'haveTheBuck' is not updated in a race-free manner when
	this occurs. The current thread sets it to false, and the
	woken up thread sets it to true. There is a window where
	a 3rd thread can come in and grab the buck.

	Even if this didn't lead to crashes & deadlocks, this would
	still result in unfairness in the buckpassing algorithm.

	A better solution is to *never* set haveTheBuck to false
	when we're passing the buck. Only set it to false when there
	is no further thread waiting for the buck.

	* src/rpc/virnetclient.c: Only set haveTheBuck to false
	  if no thread is waiting

	Revert fd066925440ba48acc95d8f31b2c98b1cc9d582d
	Commit fd066925440ba48acc95d8f31b2c98b1cc9d582d tried to fix
	a race condition in

	  commit fa9595003d043df9f2efe95521c00898cef27106
	  Author: Daniel P. Berrange <berrange@redhat.com>
	  Date:   Fri Nov 11 15:28:41 2011 +0000

	    Explicitly track whether the buck is held in remote client

	Unfortunately there is a second race condition whereby the
	event loop can trigger due to incoming data to read. Revert
	this fix, so a complete fix for the problem can be cleanly
	applied

	* src/rpc/virnetclient.c: Revert fd066925440ba48acc95d8f31b2c98b1cc9d582d

2011-12-08  Jim Fehlig  <jfehlig@suse.com>

	Prevent crash of libvirtd when attaching to existing qemu process
	With security_driver set to "none" in /etc/libvirt/qemu.conf,
	libvirtd would crash when attempted to attach to an existing
	qemu process.  Only copy the security model if it actually exists.

2011-12-08  Christophe Fergeau  <cfergeau@redhat.com>

	Add documentation for <disk><source type="dir">

	Fix typo in virDomainResume API doc
	It's referring to virSuspendDomain instead of
	virDomainSuspend.

2011-12-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Ignore shutdown event from destroyed domain
	During virDomainDestroy, QEMU may emit SHUTDOWN event as a response to
	SIGTERM and since domain object is still locked, the event is processed
	after the domain is destroyed. We need to ignore this event in such case
	to avoid changing domain state from shutoff to shutdown.

2011-12-07  Osier Yang  <jyang@redhat.com>

	npiv: Expose fabric_name outside
	This patch is to expose the fabric_name of fc_host class, which
	might be useful for users who wants to known which fabric the
	(v)HBA connects to.

	The patch also adds the missed capabilities' XML schema of scsi_host,
	(of course, with fabric_wwn added), and update the documents
	(docs/formatnode.html.in)

2011-12-07  Daniel P. Berrange  <berrange@redhat.com>

	Conditionalize daemonPath decl for Win32 which lacks UNIX sockets

	Improve error reporting when libvirtd is not installed
	Currently if you try to connect to a local libvirtd when
	libvirtd is not in $PATH, you'll get an error

	  error: internal error invalid use of command API

	This is because remoteFindDaemonPath() returns NULL, which
	causes us to pass NULL into virNetSocketConnectUNIX which
	in turn causes us to pass NULL into virCommandNewArgList.

	Adding missing error checks improves this to

	  error: internal error Unable to locate libvirtd daemon in $PATH

	* src/remote/remote_driver.c: Report error if libvirtd
	  cannot be found
	* src/rpc/virnetsocket.c: Report error if caller requested
	  spawning of daemon, but provided no binary path

2011-12-06  Eric Blake  <eblake@redhat.com>

	spec: fix sanlock dependency
	* libvirt.spec.in (with_sanlock): On RHEL, don't force sanlock
	on architectures where it isn't available.

	spec: add dmidecode as prereq
	https://bugzilla.redhat.com/show_bug.cgi?id=754909 complains that
	because libvirt didn't require dmidecode, that the logs are noisy
	and virConnectGetSysinfo needlessly fails.  Even 'virt-what' requires
	dmidecode, so it's not that onerous of a dependency.  We may be
	able to drop this in the future when we move to parsing sysfs data,
	but for now, listing the dependency will help matters.

	* libvirt.spec.in (Requires): Sort Requires before BuildRequires.
	Add dmidecode.

	build: reduce warnings from older gcc
	Older gcc warns (on every file!) that -Wabi and -Wdeprecated only
	make sense on C++ projects.  Newer gcc accepts these warnings for
	C, but it is not clear that they can do anything useful, so it
	is easier to just drop the warnings altogether.

	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Silence
	-Wabi and -Wdeprecated on older gcc.
	Reported by Peter Krempa.

2011-12-06  Jiri Denemark  <jdenemar@redhat.com>

	examples: Update event tests for shutdown event

2011-12-05  Daniel P. Berrange  <berrange@redhat.com>

	Fix incorrect symbols for virtime.h module breaking Mingw32
	The Mingw32 linker highlighted that the symbols for virtime.h
	declared in libvirt_private.syms were incorrect

	* src/libvirt_private.syms: Fix virtime.h symbols

2011-12-05  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Rework handling of shutdown event
	When QEMU guest finishes its shutdown sequence, qemu stops virtual CPUs
	and when started with -no-shutdown waits for us to kill it using
	SGITERM. Since QEMU is flushing its internal buffers, some time may pass
	before QEMU actually dies. We mistakenly used "paused" state (and
	events) for this which is quite confusing since users may see a domain
	going to pause while they expect it to shutdown. Since we already have
	"shutdown" state with "the domain is being shut down" semantics, we
	should use it for this state.

	However, the state didn't have a corresponding event so I created one
	and called its detail as VIR_DOMAIN_EVENT_SHUTDOWN_FINISHED (guest OS
	finished its shutdown sequence) with the intent to add
	VIR_DOMAIN_EVENT_SHUTDOWN_STARTED in the future if we have a
	sufficiently capable guest agent that can notify us when guest OS starts
	to shutdown.

2011-12-05  Guido Günther  <agx@sigxcpu.org>

	remote_driver: don't fail if keepalive check fails
	Otherwise connections to older libvirt abort with:

	$ virsh -c qemu+ssh://host.example.com/system list
	error: invalid connection pointer in virDrvSupportsFeature
	error: failed to connect to the hypervisor

	Tested against 0.8.3 and 0.9.8-rc2.

2011-12-05  Jiri Denemark  <jdenemar@redhat.com>

	Add support for QEMU 1.0

2011-12-05  Peter Krempa  <pkrempa@redhat.com>

	python: Expose binding for virNodeGetMemoryStats()
	This patch adds binding for virNodeGetMemoryStats method of libvirtd.
	Return value is represented as a python dictionary mapping field
	names to values.

	python: Expose binding for virNodeGetCPUStats()
	This patch adds binding for virNodeGetCPUStats method of libvirtd.
	Return value is represented as a python dictionary mapping field names
	to values.

2011-12-04  Eric Blake  <eblake@redhat.com>

	maint: fix improper use of 'an'
	https://bugzilla.redhat.com/show_bug.cgi?id=648855 mentioned a
	misuse of 'an' where 'a' is proper; that has since been fixed,
	but a search found other problems (some were a spelling error for
	'and', while most were fixed by 'a').

	* daemon/stream.c: Fix grammar.
	* src/conf/domain_conf.c: Likewise.
	* src/conf/domain_event.c: Likewise.
	* src/esx/esx_driver.c: Likewise.
	* src/esx/esx_vi.c: Likewise.
	* src/rpc/virnetclient.c: Likewise.
	* src/rpc/virnetserverprogram.c: Likewise.
	* src/storage/storage_backend_fs.c: Likewise.
	* src/util/conf.c: Likewise.
	* src/util/dnsmasq.c: Likewise.
	* src/util/iptables.c: Likewise.
	* src/xen/xen_hypervisor.c: Likewise.
	* src/xen/xend_internal.c: Likewise.
	* src/xen/xs_internal.c: Likewise.
	* tools/virsh.c: Likewise.

	build: require more tools from maintainers
	We want our tarballs to be complete - this means that any
	generated file that gets shipped as part of the tarball so that
	ordinary users don't have to rebuild it must be something
	that the maintainer can generate.  There have been various
	reports of random build failures when using libvirt.git
	instead of a tarball, and often it is due to missing a
	maintainer-specific tool to produce one of these generated
	files.  This patch raises the bar for what you must have
	installed to build libvirt.git, but does not impact what
	you can get away with for building tarballs.

	Note: It still remains possible to do a successful 'make dist'
	without these tools, when starting from a release tarball.

	* bootstrap.conf (buildreq): Add tools that maintainers need for a
	successful 'make dist' from a fresh git checkout.

	command: handle empty buffer argument correctly
	virBufferContentAndReset (intentionally) returns NULL for a buffer
	with no content, but it is feasible to invoke a command with an
	explicit empty string.

	* src/util/command.c (virCommandAddEnvBuffer): Reject empty string.
	(virCommandAddArgBuffer): Allow explicit empty argument.
	* tests/commandtest.c (test9): Test it.
	* tests/commanddata/test9.log: Adjust.

	build: fix build on Cygwin
	The RPC fixups needed on Linux are also needed on cygwin, and
	worked without further tweaking to the list of fixups.  Also,
	unlike BSD, Cygwin exports 'struct ifreq', but unlike Linux,
	Cygwin lacks the ioctls that we were using 'struct ifreq' to
	access.  This patch allows compilation under cygwin.

	* src/rpc/genprotocol.pl: Also perform fixups on cygwin.
	* src/util/virnetdev.c (HAVE_STRUCT_IFREQ): Also require AF_PACKET
	definition.
	* src/util/virnetdevbridge.c (virNetDevSetupControlFull): Only
	compile if SIOCBRADDBR works.

2011-12-03  Eric Blake  <eblake@redhat.com>

	build: fix build at -O2 on rawhide
	I had previously tested commit 059d746 with -O intentionally omitted
	from my CFLAGS; but that means that I missed out on this warning
	from gcc 4.6.2 when optimizations are enabled:

	util/buf.c: In function 'virBufferGetIndent':
	util/buf.c:86:1: error: function might be candidate for attribute 'pure' [-Werror=suggest-attribute=pure]

	While it is probably a good idea to add the attributes and silence
	this warning, it's also invasive; 'make -k' found more than 75 such
	complaints.  And it doesn't help that gcc 4.6.2 is still buggy
	(coreutils reported a case where gcc 4.6.2 incorrectly suggested
	marking a function pure that incremented a global variable; fixed
	in gcc 4.7).  So the best fix for now is to disable the warning.

	It also doesn't help that I stumbled across another problem - gcc
	documents that -Wsuggest-attribute=pure only warns if you use -O,
	or if you use -fipa-pure-const.  But in practice, when I omitted -O
	but added -fipa-pure-const, the warnings are fickle - I got warnings
	for simple compilation that disappeared when I also added -fPIC.
	And the way libtool compiles things is with -fPIC first, then without
	-fPIC but with errors sent to /dev/null - which meant that without
	disabling -Wsuggest-attribute=pure, I got a compile error with no
	message.  :(  See http://debbugs.gnu.org/cgi/bugreport.cgi?bug=10197

	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Silence
	-Wsuggest-attribute warnings for now.

2011-12-03  Serge Hallyn  <serge.hallyn@canonical.com>

	apparmor: allow tunnelled migrations.
	The pathname for the pipe for tunnelled migration is unresolvable.  The
	libvirt apparmor driver therefore refuses access, causing migration to
	fail.  If we can't resolve the path, the worst that can happen is that
	we should have given permission to the file but didn't.  Otherwise
	(especially since this is a /proc/$$/fd/N file) the file is already open
	and libvirt won't be refused access by apparmor anyway.

	Also adjust virt-aa-helper to allow access to the
	*.tunnelmigrate.dest.name files.

	For more information, see https://launchpad.net/bugs/869553.

2011-12-02  Peter Krempa  <pkrempa@redhat.com>

	client: Check if other thread claims it has the buck before claiming it.
	Originaly, the code checked if another client is the queue and infered
	ownership of the buck from that. Commit fa9595003d043df9f2efe95521c008
	added a separate variable to track the buck. That caused, that a new
	call might enter claiming it has the buck, while another thread was
	signalled to take the buck. This ends in two threads claiming they hold
	the buck and entering poll(). This happens due to a race on waking up
	threads on the client lock mutex.

	This caused multi-threaded clients to hang, most prominently visible and
	reproducible on python based clients, like virt-manager.

	This patch causes threads, that have been signalled to take the buck to
	re-check if buck is held by another thread.

2011-12-02  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Update of filters to handle multiple IP addresses
	With fragments borrowed from David Steven's previous submission and some
	further modifications:

	A set of modifications to filters to handle multiple IP addresses
	(and MAC addresses) per interface.

	Also:
	- enable DHCP traffic from VM to any DHCP server
	- will require an update to a libvirt-tck data file

2011-12-02  Eric Blake  <eblake@redhat.com>

	virsh: translate net-info help
	Reported by kato.tomoyuki@jp.fujitsu.com at
	https://bugzilla.redhat.com/show_bug.cgi?id=749564

	* tools/virsh.c (info_network_info): Mark string for translation.

	maint: typo fixes
	Many of these were mentioned by Yuri Chornoivan in:
	https://bugzilla.redhat.com/show_bug.cgi?id=669506

	* src/esx/esx_vi.c (esxVI_WaitForTaskCompletion): Fix spelling.
	* src/conf/netdev_vport_profile_conf.c
	(virNetDevVPortProfileParse): Likewise.
	* src/xen/xend_internal.c (xenDaemonDomainSetVcpusFlags):
	Likewise.
	* src/xen/xm_internal.c (xenXMDomainSetVcpusFlags): Likewise.
	* src/esx/esx_util.c (esxUtil_ResolveHostname): Likewise.
	* src/storage/storage_backend_fs.c
	(virStorageBackendFileSystemBuild): Likewise.
	* daemon/libvirtd.conf: Likewise.
	* src/util/logging.c (virLogMessage): Likewise.
	* src/uml/uml_conf.c (umlBuildCommandLineNet): Likewise.
	* src/vmx/vmx.c (virVMXFormatEthernet): Likewise.

	build: update to latest gnulib
	* .gnulib: Update to latest, for improved 'make syntax-check' and
	compiler warnings.
	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS):
	Re-silence -Wformat-nonliteral.
	* cfg.mk (_test_script_regex): Recognize our test scripts.
	* gnulib/local/lib/*.diff: Drop, now that gnulib has this.
	* tests/virsh-optparse: Fix use of compare.
	* tests/virsh-schedinfo: Likewise.

	build: properly skip tests
	I got this failure on FreeBSD:

	shunloadtest.c: In function 'main':
	shunloadtest.c:150: error: 'EXIT_AM_SKIP' undeclared (first use in this function)

	but inspection showed several other problems, all fixed here.

	* tests/domainsnapshotxml2xmltest.c [!WITH_QEMU]: Ensure
	EXIT_AM_SKIP is defined.
	* tests/esxutilstest.c [!WITH_ESX]: Likewise.
	* tests/openvzutilstest.c [!WITH_OPENVZ]: Likewise.
	* tests/qemuargv2xmltest.c [!WITH_QEMU]: Likewise.
	* tests/qemuhelptest.c [!WITH_QEMU]: Likewise.
	* tests/qemuxml2argvtest.c [!WITH_QEMU]: Likewise.
	* tests/qemuxml2xmltest.c [!WITH_QEMU]: Likewise.
	* tests/qemuxmlnstest.c [!WITH_QEMU]: Likewise.
	* tests/shunloadtest.c [!linux]: Likewise.
	* tests/vmx2xmltest.c [!WITH_VMX]: Likewise.
	* tests/xml2vmxtest.c [!WITH_VMX]: Likewise.

2011-12-02  Daniel P. Berrange  <berrange@redhat.com>

	Avoid crash in shunloadtest
	For unknown reasons, the shunloadtest will crash on Fedora 16
	inside dlopen()

	 (gdb) bt
	 #0  0x00000000000050e6 in ?? ()
	 #1  0x00007ff61a77b9d5 in floor () from /lib64/libm.so.6
	 #2  0x00007ff61e522963 in _dl_relocate_object () from /lib64/ld-linux-x86-64.so.2
	 #3  0x00007ff61e5297e6 in dl_open_worker () from /lib64/ld-linux-x86-64.so.2
	 #4  0x00007ff61e525006 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
	 #5  0x00007ff61e52917a in _dl_open () from /lib64/ld-linux-x86-64.so.2
	 #6  0x00007ff61e0f6f26 in dlopen_doit () from /lib64/libdl.so.2
	 #7  0x00007ff61e525006 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
	 #8  0x00007ff61e0f752f in _dlerror_run () from /lib64/libdl.so.2
	 #9  0x00007ff61e0f6fc1 in dlopen@@GLIBC_2.2.5 () from /lib64/libdl.so.2
	 #10 0x0000000000400a15 in main (argc=<optimized out>, argv=<optimized out>) at shunloadtest.c:105

	Changing from RTLD_NOW to RTLD_LAZY avoids this problem,
	but quite possibly does not fix the root cause.

	* shunloadtest.c: s/NOW/LAZY/

	Fix build for platforms lacking struct ifreq
	This ought to fix the build if you have net/if.h but do
	not have struct ifreq

	* configure.ac: Check for struct ifreq in net/if.h
	* src/util/virnetdev.c: Conditionalize to avoid use of
	  struct ifreq if it does not exist

2011-12-02  Eric Blake  <eblake@redhat.com>

	build: fix 'make dist' without dtrace
	probes.h can only be generated on Linux, and then only with dtrace
	installed.  If it is part of the tarball, then either 'make dist'
	will fail if you don't have that setup, or we would have to start
	keeping probes.h in libvirt.git.  Since we only need it to be
	generated when dtrace is in use, it's better to avoid shipping
	it in the first place, and avoid tracking it in git.

	Meanwhile, there is a build dependency - since the RPC code is
	generated, it can be built early; but when dtrace is enabled, we
	must ensure probes.h is built even earlier.  Commit 1afcfbdd tried
	to fix this, but did so in a way that added probes.h into the
	tarball, and broke VPATH as well.  Commit ecbca767 fixed VPATH,
	but didn't fix the more fundamental problem.  This patch solves
	the issue by adding a dependency instead.

	Tested with 'make dist' in a clean VPATH builds, for both
	'./configure --without-dtrace' and './configure --with-dtrace';
	all configurations were able to correctly build a tarball, and
	the dtrace configuration no longer sticks probes.h in the tarball.

	* src/Makefile.am (REMOTE_DRIVER_GENERATED): Don't ship probes.h;
	rather, make it a dependency.

2011-12-01  Lei Li  <lilei@linux.vnet.ibm.com>

	Fix a logic error for setting block I/O
	Fix a logic error, the initial value of ret = -1, if just set --config,
	it will goto endjob directly without doing its really job here.

2011-12-01  Daniel P. Berrange  <berrange@redhat.com>

	Don't use undocumented __isleap macro
	The glibc time.h header has an undocumented __isleap macro
	that we are using. Since it is undocumented & does not appear
	on any other OS, stop using it and just define the macro in
	libvirt code instead.

	* src/util/virtime.c: Remove __isleap usage

2011-12-01  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Allow other escape characters for console
	Currently virsh supports only ^] as escape character for console.
	However, some users might want to use something else. This patch
	creates such ability by specifying '-e' switch on virsh command
	line.

2011-12-01  Peter Krempa  <pkrempa@redhat.com>

	bridge_driver: Don't define network if XML contains more IPv4 adreses.
	Only one IPv4 DHCP definition is supported. Originally the code checked
	for a multiple definition and returned an error, but the new domain
	definition was already added to networks. This patch moves the check
	before the newly defined network is added to active networks.

	 *src/network/bridge_driver.c: networkDefine(): - move multiple IPv4
	                                                  addresses check before
	                                                  definition is used.

2011-12-01  Eric Blake  <eblake@redhat.com>

	spec: mark directories in /var/run as ghosts
	We have several directories that are created on the fly, and which
	only contain state relevant to a running libvirtd process (all
	located in /var/run).  Since the directories are created as needed,
	and make no sense without a running libvirtd, we want them deleted
	if libvirt is uninstalled.  And in F15 and newer, /var/run is on
	tmpfs (forcing us to recreate on the fly); which means that someone
	trying to verify a complete rpm will fail if the directory does not
	currently exist because libvirtd has not been started since boot.
	The solution, then, is to mark the directories as %ghost, so that
	rpm knows that we own them and will clean it up if libvirt is
	uninstalled, but will no longer create the directory for us at
	install, nor complain at verify time if the directory does not exist.

	See https://bugzilla.redhat.com/show_bug.cgi?id=656611.

	* libvirt.spec.in (%files): Add %ghost to temporary directories
	that we don't install, but want cleaned up on libvirt removal.

2011-12-01  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Fix possible deadlock when virsh is about to exit
	Not only was ctl->quit accessed without a mutex but unfortunately,
	virEventAddTimeout only interrupts the poll when event loop is running
	so the hack needs to add a timeout that will make next poll return
	immediately without blocking.

2011-12-01  Alex Jia  <ajia@redhat.com>

	util: Plug memory leak on virNetDevMacVLanCreateWithVPortProfile() error path
	Detected by Coverity. Leak introduced in commit 90074ec.

	util: Plug memory leak on virNetDevBridgeGet() sucessful path
	Detected by Coverity. Leak introduced in commit c1df2c1.

	Two bugs here:
	1. memory leak on successful parse
	2. failure to parse still returned success

	uml: Plug memory leak on umlStartVMDaemon() error path
	Detected by Coverity.  Leak introduced in commit 8866eed.

	Two bugs here:
	1. logfd wasn't closed on all return paths
	2. if we failed to mark a domain autodestroy, then the domain
	was not made transient but we still returned success

	rpc: Plug memory leak on virNetClientSendInternal() error path
	Detected by Coverity. Leak introduced in commit 673adba.

	Two separate bugs here:
	1. call was not freed on all error paths
	2. virCondDestroy was called even if virCondInit failed

	conf: Plug memory leak on virDomainDefParseXML() error path
	Detected by Coverity. Leak introduced in commit 0873b68.

	qemu: Plug memory leak onqemuProcessWaitForMonitor() error path
	Detected by Coverity. Leak introduced in commit 109efd7.

2011-12-01  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	Add PPC cpu driver.
	To add support for running libvirt on PowerPC, a CPU driver for the
	PowerPC platform must be added.
	Most generic cpu driver routines such as CPU compare, decode, etc
	are based on CPUID comparison and are not relevant for non-x86
	platforms.
	Here, we introduce stubs for relevant PowerPC routines invoked by libvirt.

2011-12-01  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: filter blkio 0-device-weight at two other places
	filter 0-device-weight when:

	  - getting blkio parameters with --config
	  - starting up a domain

	When testing with blkio, I found these issues:

	  (dom is down)
	  virsh blkiotune dom --device-weights /dev/sda,300,/dev/sdb,500
	  virsh blkiotune dom --device-weights /dev/sda,300,/dev/sdb,0
	  virsh blkiotune dom
	  weight         : 800
	  device_weight  : /dev/sda,200,/dev/sdb,0

	  # issue 1: shows 0 device weight of /dev/sdb that may confuse user

	  (continued)
	  virsh start dom

	  # issue 2: If /dev/sdb doesn't exist, libvirt refuses to bring the
	  # dom up because it wants to set the device weight to 0 of a
	  # non-existing device. Since 0 means no weight-limit, we really don't
	  # have to set it.

2011-12-01  Eric Blake  <eblake@redhat.com>

	qemu: amend existing table of device weights
	Prior to this patch, for a running dom, the commands:

	$ virsh blkiotune dom --device-weights /dev/sda,502,/dev/sdb,498
	$ virsh blkiotune dom --device-weights /dev/sda,503
	$ virsh blkiotune dom
	weight         : 500
	device_weight  : /dev/sda,503

	claim that /dev/sdb no longer has a non-default weight, but
	directly querying cgroups says otherwise:

	$ cat /cgroup/blkio/libvirt/qemu/dom/blkio.weight_device
	8:0     503
	8:16    498

	After this patch, an explicit 0 is required to remove a device path
	from the XML, and omitting a device path that was previously
	specified leaves that device path untouched in the XML, to match
	cgroups behavior.

	* src/qemu/qemu_driver.c (parseBlkioWeightDeviceStr): Rename...
	(qemuDomainParseDeviceWeightStr): ...and use correct type.
	(qemuDomainSetBlkioParameters): After parsing string, modify
	rather than replacing existing table.
	* tools/virsh.pod (blkiotune): Tweak wording.

	conf: reject duplicate paths in device weights
	The next patch will make it possible to have virDomainSetBlkioParameters
	leave device weights unchanged if they are not mentioned in the incoming
	string, but this only works if the list of block weights does not allow
	duplicate paths.  Technically, a user can still confuse libvirt by
	passing alternate spellings that resolve to the same device, but it
	is not worth worrying about working around that kind of abuse.

	* src/conf/domain_conf.c (virDomainDefParseXML): Require unique
	paths.

2011-12-01  Hu Tao  <hutao@cn.fujitsu.com>

	virsh: fix setting weight and device-weights at the same time
	When setting both blkio weight and device-weights at the same time, the weight
	is lost. Fix it.

2011-12-01  Lei Li  <lilei@linux.vnet.ibm.com>

	Add tests for blkdeviotune

	Support virDomain{Set, Get}BlockIoTune in the python API
	Python support for both setting and getting block I/O throttle.

	Enable the blkdeviotune command in virsh
	Support virsh command blkdeviotune. Can set or query a block disk
	I/O throttle setting.

	Implement virDomain{Set, Get}BlockIoTune for the qemu driver
	Implement the block I/O throttle setting and getting support to qemu
	driver.

	Support block I/O throttle in XML
	Enable block I/O throttle for per-disk in XML, as the first
	per-disk IO tuning parameter.

	Add virDomain{Set, Get}BlockIoTune support to the remote driver
	Support Block I/O Throttle setting and query to remote driver.

2011-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak build config file path
	* src/libvirt.c: Free user directory path

	Remove time APIs from src/util/util.h
	The virTimestamp and virTimeMs functions in src/util/util.h
	duplicate functionality from virtime.h, in a non-async signal
	safe manner. Remove them, and convert all code over to the new
	APIs.

	* src/util/util.c, src/util/util.h: Delete virTimeMs and virTimestamp
	* src/lxc/lxc_driver.c, src/qemu/qemu_domain.c,
	  src/qemu/qemu_driver.c, src/qemu/qemu_migration.c,
	  src/qemu/qemu_process.c, src/util/event_poll.c: Convert to use
	  virtime APIs

	Make logging async signal safe wrt time stamp generation
	Use the new virTimeStringNowRaw() API for generating log timestamps
	in an async signal safe manner

	* src/util/logging.c: Use virTimeStringNowRaw

	Add internal APIs for dealing with time
	The logging APIs need to be able to generate formatted timestamps
	using only async signal safe functions. This rules out using
	gmtime/localtime/malloc/gettimeday(!) and much more.

	Introduce a new internal API which is async signal safe.

	  virTimeMillisNowRaw replacement for gettimeofday. Uses clock_gettime
	                      where available, otherwise falls back to the unsafe
	                      gettimeofday

	  virTimeFieldsNowRaw  replacements for gmtime(), convert a timestamp
	  virTimeFieldsThenRaw into a broken out set of fields. No localtime()
	                       replacement is provided, because converting to
	                       local time is not practical with only async signal
	                       safe APIs.

	  virTimeStringNowRaw  replacements for strftime() which print a timestamp
	  virTimeStringThenRaw into a string, using a pre-determined format, with
	                       a fixed size buffer (VIR_TIME_STRING_BUFLEN)

	For each of these there is also a version without the Raw postfix
	which raises a full libvirt error. These versions are not async
	signal safe

	* src/Makefile.am, src/util/virtime.c, src/util/virtime.h: New files
	* src/libvirt_private.syms: New APis
	* configure.ac: Check for clock_gettime in -lrt
	* tests/virtimetest.c, tests/Makefile.am: Test new APIs

	Remove obsolete virGetPMCapabilities sym from private symbols file
	Fix the build on Mingw32 by removing the now obsolete
	virGetPMCapabilities symbol from the private exports file

	* src/libvirt_private.syms: Remove virGetPMCapabilities

	Don't mark suspend as active until we know it is running
	If suspend failed for some reason (e.g. too short duration) then
	subsequent attempts to trigger suspend were rejected because we
	had already marked a suspend as being in progress

	* src/util/virnodesuspend.c: Don't mark suspend as active
	  until we've successfully triggered it

	Add suspend info to Xen, LXC and UML hypervisor capabilities
	* src/lxc/lxc_conf.c, src/uml/uml_conf.c,
	  src/xen/xen_hypervisor.c: Initialize suspend capabilities
	* tests/xencapsdata/*xml: Add empty powermgmt capabilities

	Remove pointless strdup in node suspend code
	The command name for the suspend action does not need to be
	strdup'd. The constant string can be used directly. This
	also means the code can be trivially rearranged to make the
	switch clearer

	* src/util/virnodesuspend.c: Remove strdup of cmdString

	Do lazy init of host PM features
	To avoid probing the host power management features on any
	call to virInitialize, only initialize the mutex in
	virNodeSuspendInit. Do lazy load of the supported PM target
	mask when it is actually needed

	* src/util/virnodesuspend.c: Lazy init of supported features

	Remove powerMgmt_valid field from capabilities struct
	If we ensure that virNodeSuspendGetTargetMask always resets
	*bitmask to zero upon failure, there is no need for the
	powerMgmt_valid field.

	* src/util/virnodesuspend.c: Ensure *bitmask is zero upon
	  failure
	* src/conf/capabilities.c, src/conf/capabilities.h: Remove
	  powerMgmt_valid field
	* src/qemu/qemu_capabilities.c: Remove powerMgmt_valid

	Add export of node suspend capabilities APIs
	* src/libvirt_private.syms: Export virNodeSuspendSupportsTarget
	  and virNodeSuspendGetTargetMask

	Move suspend capabilities APIs out of util.h into virnodesuspend.c
	The node suspend capabilities APIs should not have been put into
	util.[ch]. Instead move them into virnodesuspend.[ch]

	* src/util/util.c, src/util/util.h: Remove suspend capabilities APIs
	* src/util/virnodesuspend.c, src/util/virnodesuspend.h: Add
	  suspend capabilities APIs
	* src/qemu/qemu_capabilities.c: Include virnodesuspend.h

	Rename suspend capabilities APIs
	Rename virGetPMCapabilities to virNodeSuspendGetTargetMask and
	virDiscoverHostPMFeature to virNodeSuspendSupportsTarget.

	* src/util/util.c, src/util/util.h: Rename APIs
	* src/qemu/qemu_capabilities.c, src/util/virnodesuspend.c: Adjust
	  for new names

	Sanitize virDiscoverHostPMFeature to return a boolean
	Since virDiscoverHostPMFeature is just checking one feature,
	there is no reason for it to return a bitmask. Change it to
	return a boolean

	* src/util/util.c, src/util/util.h: Make virDiscoverHostPMFeature
	  return a boolean

	Move the virHostPMCapability enum helpers into capabilities.c
	The virHostPMCapability enum helper was declared in util.h
	but implemented in capabilities.c, which is in a completely
	separate library at link time. Move the declaration into the
	capabilities.c file and rename it to match normal conventions

	* src/util/util.h: Remove virHostPMCapability enum decl
	* src/conf/capabilities.c: Add virCapsHostPMTarget enum

	Fix capabilities XML to use generic terms for suspend targets
	The capabilities XML uses the x86 specific terms 'S3', 'S4'
	and 'Hybrid-Syspend'. Switch it to use the same terminology
	as the API constants and virsh options, eg 'suspend_mem'
	'suspend_disk' and 'suspend_hybrid'

	* docs/formatcaps.html.in, docs/schemas/capability.rng,
	  src/conf/capabilities.c: Rename suspend constants

	Remove internal only virHostPMCapability enum
	The internal virHostPMCapability enum just duplicates the
	public virNodeSuspendTarget enum, but with different names.

	* src/util/util.c: Use VIR_NODE_SUSPEND_TARGET constants
	* src/util/util.h: Remove virHostPMCapability enum
	* src/conf/capabilities.c: Use VIR_NODE_SUSPEND_TARGET_LAST

	Fix values of PM target type constants
	The VIR_NODE_SUSPEND_TARGET constants are not flags, so they
	should just be assigned straightforward incrementing values.

	* include/libvirt/libvirt.h.in: Change VIR_NODE_SUSPEND_TARGET
	  values
	* src/util/virnodesuspend.c: Fix suspend target checks

2011-11-30  Alex Jia  <ajia@redhat.com>

	util: avoid null deref on qcowXGetBackingStore
	Detected by Coverity. the only case is caller passes a NULL to 'format' variable,
	then taking 'if (format)' false branch, the function qcow2GetBackingStoreFormat
	will directly dereferences the NULL 'format' pointer variable.

	virsh: correct return value error
	Fix cmdDomblklist to return 'true' on success instead of '0'

	https://bugzilla.redhat.com/show_bug.cgi?id=758590

2011-11-30  Lei Li  <lilei@linux.vnet.ibm.com>

	Add new API virDomain{Set, Get}BlockIoTune
	This patch add new pulic API virDomainSetBlockIoTune and
	virDomainGetBlockIoTune.

2011-11-30  Hu Tao  <hutao@cn.fujitsu.com>

	blkiotune: add qemu support for blkiotune.device_weight
	Implement setting/getting per-device blkio weights in qemu,
	using the cgroups blkio.weight_device tunable.

	blkiotune: add interface for blkiotune.device_weight
	This adds per-device weights to <blkiotune>.  Note that the
	cgroups implementation only supports weights per block device,
	and not per-file within the device; hence this option must be
	global to the domain definition rather than tied to individual
	<devices>/<disk> entries:

	<domain ...>
	  <blkiotune>
	    <device>
	      <path>/path/to/block</path>
	      <weight>1000</weight>
	    </device>
	  </blkiotune>
	..

	This patch also adds a parameter --device-weights to virsh command
	blkiotune for setting/getting blkiotune.weight_device for any
	hypervisor that supports it.  All <device> entries under
	<blkiotune> are concatenated into a single string attribute under
	virDomain{Get,Set}BlkioParameters, named "device_weight".

2011-11-30  Eric Blake  <eblake@redhat.com>

	qemu: fix blkiotune --live --config
	Without this,  'virsh blkiotune --live --config --weight=n'
	only affected live.

	* src/qemu/qemu_driver.c (qemuDomainSetBlkioParameters): Allow
	setting both configurations at once.

	qemu, lxc: drop redundant checks
	After the previous patch, there are now some redundant checks.

	* src/qemu/qemu_driver.c (qemudDomainGetVcpuPinInfo)
	(qemuGetSchedulerParametersFlags): Drop checks now guaranteed by
	libvirt.c.
	* src/lxc/lxc_driver.c (lxcGetSchedulerParametersFlags):
	Likewise.

	API: prevent query of --live and --config at once
	Drivers were inconsistent when presented both --live and --config
	at once.  For example, within qemu, getting memory parameters
	favored live, getting blkio tuning favored config, and getting
	scheduler parameters errored out.  Also, some, but not all,
	attempts to mix flags on query were filtered at the virsh level.
	We shouldn't have to duplicate efforts in every client app, nor
	in every driver.  So, it is simpler to just enforce that the two
	flags cannot both be used at once on query operations, which has
	precedent in libvirt.c, and which matches the documentation of
	virDomainModificationImpact.

	* src/libvirt.c (virDomainGetMemoryParameters)
	(virDomainGetBlkioParameters)
	(virDomainGetSchedulerParametersFlags, virDomainGetVcpuPinInfo):
	Borrow sanity checking from virDomainGetVcpusFlags.

	build: fix typo in last patch
	* src/remote_protocol-structs: Use correct RPC name.

2011-11-29  Osier Yang  <jyang@redhat.com>

	block_resize: Update test file for RPC
	Pushed under build failure rule.

	block_resize: Expose the new API to virsh

	block_resize: Implement qemu driver method
	It requires the domain is running, otherwise fails. Resize to a lower
	size is supported, but should be used with extreme caution.

	In order to prohibit the "size" overflowing after multiplied by
	1024. We do checking in the codes. For QMP mode, the default units
	is Bytes, the passed size needs to be multiplied by 1024, however,
	for HMP mode, the default units is "Megabytes", the passed "size"
	needs to be divided by 1024 then.

	block_resize: Implement qemu monitor functions
	Implements functions for both HMP and QMP mode.

	For HMP mode, qemu uses "M" as the units by default, so the passed "sized"
	is divided by 1024.

	For QMP mode, qemu uses "Bytes" as the units by default, the passed "sized"
	is multiplied by 1024.

	All of the monitor functions return -1 on failure, 0 on success, or -2 if
	not supported.

	block_resize: Wire up the remote protocol

	block_resize: Define the new API
	The new API is named as "virDomainBlockResize", intending to add
	support for qemu monitor command "block_resize" (both HMP and QMP).

	Similar with APIs like "virDomainSetMemoryFlags", the units for
	argument "size" is kilobytes.

2011-11-29  Michal Privoznik  <mprivozn@redhat.com>

	bandwidth: Fix funky identation

2011-11-29  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Fix typos in man page

	lxc: Fix suspend/resume with freezer cgroup

2011-11-29  Osier Yang  <jyang@redhat.com>

	examples: Correct the example command to use testnode.xml
	 * s/-connection/-c/
	 * Removes the redundant '/'.
	 * Add "absolute" so that it's more clear.

	Pushed under trivial rule.

2011-11-29  Srivatsa S. Bhat  <srivatsa.bhat@linux.vnet.ibm.com>

	Add virsh command to initiate suspend on the host
	Add a new command 'nodesuspend' to perform a timed suspend on the host.

	Implement the core API to suspend/resume the host
	Add the core functions that implement the functionality of the API.
	Suspend is done by using an asynchronous mechanism so that we can return
	the status to the caller before the host gets suspended. This asynchronous
	operation is achieved by suspending the host in a separate thread of
	execution. However, returning the status to the caller is only best-effort,
	but not guaranteed.

	To resume the host, an RTC alarm is set up (based on how long we want to
	suspend) before suspending the host. When this alarm fires, the host
	gets woken up.

	Suspend-to-RAM operation on a host running Linux can take upto more than 20
	seconds, depending on the load of the system. (Freezing of tasks, an operation
	preceding any suspend operation, is given up after a 20 second timeout).
	And Suspend-to-Disk can take even more time, considering the time required
	for compaction, creating the memory image and writing it to disk etc.
	So, we do not allow the user to specify a suspend duration of less than 60
	seconds, to be on the safer side, since we don't want to prematurely declare
	failure when we only had to wait for some more time.

	Add the remote protocol implementation for virNodeSuspendForDuration
	Implement the remote protocol for virNodeSuspendForDuration() API.

	Add a public API to invoke suspend/resume on the host
	Implement the public definitions for the new API
	virNodeSuspendForDuration() which will be subsequently used to
	do a timed suspend on the host.

	Add 'Hybrid-Suspend' power management discovery for the host
	Some systems support a feature known as 'Hybrid-Suspend', apart from the
	usual system-wide sleep states such as Suspend-to-RAM (S3) or Suspend-to-Disk
	(S4). Add the functionality to discover this power management feature and
	export it in the capabilities XML under the <power_management> tag.

2011-11-29  Jiri Denemark  <jdenemar@redhat.com>

	rpc: Really send non-blocking calls while waiting for another call
	When another thread was dispatching while we wanted to send a
	non-blocking call, we correctly queued the call and woke up the thread
	but the thread just threw the call away since it forgot to recheck if
	its socket was writable.

2011-11-29  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Don't traverse childless nodes in vshNodeIsSuperset
	If both nodes do not have any children, we pass zero to
	virBitmapAlloc which returns NULL. In turn we report OOM error
	and return false (meaning nodes are different). This is not true.

2011-11-29  Christian Franke  <nobody@nowhere.ws>

	virnetsocket: pass XAUTORITY for ssh connection
	When spawning an ssh connection, the environment variables
	DISPLAY, SSH_ASKPASS, ... are passed. However XAUTHORITY,
	which is necessary if the .Xauthority is in a non default
	place, was not passed.

2011-11-29  Lorin Hochstein  <lorin@isi.edu>

	conf: make virt-xml-validate work with vbox domains
	virt-xml-validate fails when run on a domain XML file of type 'vbox'.

	For failing test case, see https://bugzilla.redhat.com/show_bug.cgi?id=757097

	This patch updates the XML schema to accept all valid hypervisor
	types, as well as dropping hypervisor types that are not in use
	by the current code base.

2011-11-28  Michal Privoznik  <mprivozn@redhat.com>

	conf: Improve incorrect root element error messages
	When user pass wrong root element, it is not 'internal error' and
	we can give him hint what we are expecting.

2011-11-28  Daniel P. Berrange  <berrange@redhat.com>

	Refactor initial LXC mem tune / device ACL code
	To make lxcSetContainerResources smaller, pull the mem tune
	and device ACL setup code out into separate methods

	* src/lxc/lxc_controller.c: Introduce lxcSetContainerMemTune
	  and lxcSetContainerDeviceACL

	Add support for blkio tuning of LXC containers
	* src/lxc/lxc_controller.c: Refactor setting of initial blkio
	  tuning parameters
	* src/lxc/lxc_driver.c: Enable live change of blkio tuning

	Add support for CPU quota/period to LXC driver
	* src/lxc/lxc_driver.c: Support changing quota/period for LXC
	  containers
	* src/lxc/lxc_controller.c: Set initial quota/period at startup

	Support CPU placement in LXC driver
	While LXC does not have the concept of VCPUS, so we can't do
	per-VCPU pCPU placement, we can support the VM level CPU
	placement. Todo this simply set the CPU affinity of the LXC
	controller at startup. All child processes will inherit this
	affinity.

	* src/lxc/lxc_controller.c: Set process affinity

	Support NUMA memory placement for LXC containers
	Use numactl to set NUMA memory placement for LXC containers

	* src/lxc/lxc_controller.c: Support NUMA memory placement

2011-11-25  Michal Privoznik  <mprivozn@redhat.com>

	storage: Refetch file status after open
	This partly reverts my previous patch f88de3eb. We need to
	get file status after open, as given path could have been symlink,
	so fstat() will operate on different file than lstat().

2011-11-25  Paolo Bonzini  <pbonzini@redhat.com>

	util: fix thinko in runIO
	When aligning you need to clear the bits in the mask and leave the
	others aside.  Likely this code has never run, and will never run.

2011-11-25  Michal Privoznik  <mprivozn@redhat.com>

	storage: Skip socket and fifo on pool-start
	If pool directory contains special files like FIFO or sockets
	we want to skip those on pool-start or pool-refresh otherwise
	open() will get an error.

	conf: Don't drop console definition on domain restart
	One of my latest patches 2e37bf42d28d8bb5d045b206587c64643c64d02a
	copy serial console definition. On domain shutdown we save this
	info into state XML. However, later on the daemon start we simply
	drop this info and since we are not re-reading qemu log,
	vm->def->consoles[0] does not get populated with copy. Therefore
	we need to avoid dropping console definition if it is just alias
	for serial console.

2011-11-24  Jiri Denemark  <jdenemar@redhat.com>

	Fix version numbers for isAlive and setKeepAlive driver APIs

	build: Properly generate and check virkeepaliveprotocol-structs
	This fixes make dist broken by recent keepalive series

	examples: Use virConnectOpenAuth in events-c

	qemu: Cancel p2p migration when connection breaks
	If a connection to destination host is lost during peer-to-peer
	migration (because keepalive protocol timed out), we won't be able to
	finish the migration and it doesn't make sense to wait for qemu to
	transmit all data. This patch automatically cancels such migration
	without waiting for virDomainAbortJob to be called.

	qemu: Add support for keepalive messages during p2p migration

	Add keepalive support into domain-events examples

	Implement virConnectIsAlive in all drivers

	Introduce virConnectIsAlive API
	This API can be used to check if the socket associated with
	virConnectPtr is still open or it was closed (probably because keepalive
	protocol timed out). If there the connection is local (i.e., no socket
	is associated with the connection, it is trivially always alive.

	Implement keepalive protocol in remote driver

	Add support for async close of client RPC socket

	Implement keepalive protocol in libvirt daemon

	virsh: Always run event loop
	Since virsh already implements event loop, it has to also run it. So far
	the event loop was only running during virsh console command.

	Introduce virConnectSetKeepAlive
	virConnectSetKeepAlive public API can be used by a client connecting to
	remote server to start using keepalive protocol. The API is handled
	directly by remote driver and not transmitted over the wire to the
	server.

	Implement common keepalive handling
	These APIs are used by both client and server RPC layer to handle
	processing of keepalive messages.

	Define keepalive protocol
	The keepalive program has two procedures: PING, and PONG.
	Both are used only in asynchronous messages and the sender doesn't wait
	for any reply. However, the party which receives PING messages is
	supposed to react by sending PONG message the other party, but no
	explicit binding between PING and PONG messages is made. For backward
	compatibility neither server nor client are allowed to send keepalive
	messages before checking that remote party supports them.

	rpc: Add some debug messages to virNetClient

	rpc: Fix handling of non-blocking calls that could not be sent
	When virNetClientIOEventLoop is called for a non-blocking call and not
	even a single byte can be sent from this call without blocking, we
	properly reported that to the caller which properly frees the call. But
	we never removed the call from a call queue.

	rpc: Fix a typo in virNetClientSendNonBlock documentation

	rpc: Pass the buck only to the first available thread

2011-11-24  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: remove virConnectPtr from internal API calls
	Remove the virConnectPtr from the nwfilter's internal API calls as
	far as possible.

2011-11-23  Peter Krempa  <pkrempa@redhat.com>

	qemu: Avoid dereference of NULL pointer
	If something fails while initializing qemu job object in
	qemuDomainObjPrivateAlloc(), memory to the private pointer is freed, but
	after that, the pointer is still dereferenced, which may result in a
	segfault.

	* qemuDomainObjPrivateAlloc() - Don't dereference NULL pointer.

2011-11-23  Eric Blake  <eblake@redhat.com>

	qemu: fix a const-correctness issue
	Generally, functions which return malloc'd strings should be typed
	as 'char *', not 'const char *', to make it obvious that the caller
	is responsible to free things.  free(const char *) fails to compile,
	and although we have a cast embedded in VIR_FREE to work around poor
	code that frees const char *, it's better to not rely on that hack.

	* src/qemu/qemu_driver.c (qemuDiskPathToAlias): Change return type.
	(qemuDomainBlockJobImpl): Update caller.

	API: prefer 'disk' over 'block' or 'path'
	Given that we can now handle the target's disk shorthand, in addition
	to an absolute path to the file or block device used on the host,
	the term 'disk' fits a bit better as the parameter name than 'path'.

	* include/libvirt/libvirt.h.in: Update some parameter names.
	* src/libvirt.c (virDomainBlockStats, virDomainBlockStatsFlags)
	(virDomainBlockPeek, virDomainGetBlockInfo, virDomainBlockJobAbort)
	(virDomainGetBlockJobInfo, virDomainBlockJobSetSpeed)
	(virDomainBlockPull): Likewise.

	blockstats: support lookup by path in blockstats
	Commit 89b6284f made it possible to pass either a source name or
	the target device to most API demanding a disk designation, but
	forgot to update the documentation.  It also failed to update
	virDomainBlockStats to take both forms. This patch fixes both the
	documentation and the remaining function.

	Xen continues to use just device shorthand (that is, I did not
	implement path lookup there, since xen does not track a domain_conf
	to quickly tie a path back to the device shorthand).

	* src/libvirt.c (virDomainBlockStats, virDomainBlockStatsFlags)
	(virDomainGetBlockInfo, virDomainBlockPeek)
	(virDomainBlockJobAbort, virDomainGetBlockJobInfo)
	(virDomainBlockJobSetSpeed, virDomainBlockPull): Document
	acceptable disk naming conventions.
	* src/qemu/qemu_driver.c (qemuDomainBlockStats)
	(qemuDomainBlockStatsFlags): Allow lookup by source name.
	* src/test/test_driver.c (testDomainBlockStats): Likewise.

2011-11-23  Michal Privoznik  <mprivozn@redhat.com>

	nwfilter: Initialize virNWFilterAddIpAddrForIfname return variable
	Latest nwfilter patch ad6c67cf introduced uninitialized return
	value. This was spotted by 4.6.2 gcc.

2011-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix disabling of virtual port profile code on old hosts
	The WITH_VIRTUALPORT macro is defined to 0 when disabled, not
	left undefined. So #if must be used instead of #ifdef

	* src/util/virnetdevvportprofile.c: s/#ifdef/#if/

	Fix uninitialized variable in NWfilter IP learning code
	* src/nwfilter/nwfilter_learnipaddr.c: Initialize ret variable

2011-11-23  Michal Prívozník  <mprivozn@redhat.com>

	virsh: Increase device-detach intelligence
	Up to now users have to give a full XML description on input when
	device-detaching. If they omitted something it lead to unclear
	error messages (like generated MAC wasn't found, etc.).
	With this patch users can specify only those information which
	specify one device sufficiently precise. Remaining information is
	completed from domain.

2011-11-23  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Enable detection of multiple IP addresses
	In preparation of DHCP Snooping and the detection of multiple IP
	addresses per interface:

	The hash table that is used to collect the detected IP address of an
	interface can so far only handle one IP address per interface. With
	this patch we extend this to allow it to handle a list of IP addresses.

	Above changes the returned variable type of virNWFilterGetIpAddrForIfname()
	from char * to virNWFilterVarValuePtr; adapt all existing functions calling
	this function.

2011-11-23  Eli Qiao  <taget@linux.vnet.ibm.com>

	fix error message when using wrong URI alias

	When configuring a URI alias like this in 'libvirt.conf':

	uri_aliases = [
	  "jj#j=qemu+ssh://root@127.0.0.1/system",
	  "sleet=qemu+ssh://root@sleet.cloud.example.com/system",
	]
	virsh -c jj#j

	It will show this error message:
	'no connection driver available for No connection for URI jj#j'
	Actually，we expect this message below：
	Malformed 'uri_aliases' config entry 'jj#j=qemu+ssh://root@127.0.0.1/system', aliases may only contain 'a-Z, 0-9, _, -'

	Give this patch to fix this error.

2011-11-23  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Pass additional parameter into applyDHCPOnly function
	In preparation for the DHCP Snooping code:
	Pass an additional parameter into the applyDHCPOnly function
	of the 'techdriver'.

	nwfilter: use shell variable to invoke 'ip(6)tables' command
	Introduce a shell variable 'IBT' to invoke the ip(6)tables command.

	Tested with libvirt-tck.

	nwfilter: use shell variable to invoke 'ebtables' command
	Introduce a shell variable 'EBT' to invoke the ebtables command.
	Hard-code the used ebtables table to '-t nat'.

	Tested with libvirt-tck.

	Improve error reporting of failures to apply filtering rules
	Display the executed command and failure message if a command failed to
	execute.

	Add documentation for STP filtering support
	Add documentation for the STP filtering support. Describe the XML attributes
	that are supported.

	Add test cases for STP traffic filtering
	This patch adds a few test cases for the XML parsing of STP filtering nodes.

	Add support for STP filtering
	This patch adds support for filtering of STP (spanning tree protocol) traffic
	to the parser and makes us of the ebtables support for STP filtering. This code
	now enables the filtering of traffic in chains with prefix 'stp'.

	Add a 'mac' chain
	With hunks borrowed from one of David Steven's previous patches, we now
	add the capability of having a 'mac' chain which is useful to filter
	for multiple valid MAC addresses.

2011-11-23  Eric Blake  <eblake@redhat.com>

	docs: fix grammar of capabilities
	* docs/formatcaps.html.in: Avoid run-on sentence, wrap lines.

2011-11-22  Daniel P. Berrange  <berrange@redhat.com>

	Add strings.h include to capabilities.h for ffs() function prototype
	On Mingw32 the ffs() function was not declared due to missing header
	include

	* src/conf/capabilities.c: The ffs() function lives in strings.h

2011-11-22  Osier Yang  <jyang@redhat.com>

	build: Update AUTHORS
	Add Chang Liu to the AUTHORS' list.

2011-11-22  Chang Liu  <lingjiao.lc@taobao.com>

	storage: Fallback to use lvchange first if lvremove fails
	virStorageBackendLogicalDeleteVol() could not remove the lv with error
	"could not remove open logical volume" sometimes. Generally it's caused
	by the volume is still active, even if lvremove tries to remove it with
	option "--force".

	This patch is to fix it by disbale the lv first using "lvchange -aln"
	and "lvremove -f" afterwards if the direct "lvremove -f" failed.

2011-11-22  Srivatsa S. Bhat  <srivatsa.bhat@linux.vnet.ibm.com>

	Export KVM Host Power Management capabilities
	This patch exports KVM Host Power Management capabilities as XML so that
	higher-level systems management software can make use of these features
	available in the host.

	The script "pm-is-supported" (from pm-utils package) is run to discover if
	Suspend-to-RAM (S3) or Suspend-to-Disk (S4) is supported by the host.
	If either of them are supported, then a new tag "<power_management>" is
	introduced in the XML under the <host> tag.

	However in case the query to check for power management features succeeded,
	but the host does not support any such feature, then the XML will contain
	an empty <power_management/> tag. In the event that the PM query itself
	failed, the XML will not contain any "power_management" tag.

	To use this, new APIs could be implemented in libvirt to exploit power
	management features such as S3/S4.

2011-11-22  Eric Blake  <eblake@redhat.com>

	conf: don't modify cpu set string during parsing
	None of the callers cared if str was updated to point to the next
	byte after the parsed cpuset; simplifying this results in quite
	a few code simplifications.  Additionally, virCPUDefParseXML was
	strdup()'ing a malloc()'d string; avoiding a memory copy resulted
	in less code.

	* src/conf/domain_conf.h (virDomainCpuSetParse): Alter signature.
	* src/conf/domain_conf.c (virDomainCpuSetParse): Don't modify str.
	(virDomainVcpuPinDefParseXML, virDomainDefParseXML): Adjust
	callers.
	* src/conf/cpu_conf.c (virCPUDefParseXML): Likewise.
	* src/xen/xend_internal.c (sexpr_to_xend_topology): Likewise.
	* src/xen/xm_internal.c (xenXMDomainPinVcpu): Likewise.
	* src/xenxs/xen_sxpr.c (xenParseSxpr): Likewise.
	* src/xenxs/xen_xm.c (xenParseXM): Likewise.

2011-11-22  Roopa Prabhu  <roprabhu@cisco.com>

	qemu: don't release network actual device twice
	For direct attach devices, in qemuBuildCommandLine, we seem to be freeing
	actual device on error path (with networkReleaseActualDevice). But the actual
	device is not deleted.

	qemuProcessStop eventually deletes the direct attach device and releases
	actual device. But by the time qemuProcessStop is called qemuBuildCommandLine
	has already freed actual device, leaving stray macvtap devices behind on error.
	So the simplest fix is to remove the networkReleaseActualDevice in
	qemuBuildCommandLine. This patch does just that.

2011-11-21  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Copy console definition from serial
	Now, when we support multiple consoles per domain,
	the vm->def->console[0] can still remain an alias
	for vm->def->serial[0]; However, we need to copy
	it's source definition as well otherwise we'll regress
	on virDomainOpenConsole.

2011-11-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix distribution of .syms files for previous commit
	* src/Makefile.am: Remove libvirt_bridge.syms and libvirt_macvtap.syms
	  from EXTRA_DIST. Add libvirt_dbus.syms

	Fix build on Mingw32 wrt export of virNetServerGetDBusConn
	Mingw32 complains if you request export of a symbol which does
	not in fact exist.

	* src/libvirt_bridge.syms, src/libvirt_macvtap.syms: Delete
	  obsolete files
	* src/libvirt_private.syms: Remove virNetServerGetDBusConn
	* src/libvirt_dbus.syms: Add virNetServerGetDBusConn

2011-11-21  Osier Yang  <jyang@redhat.com>

	storage: Skips backingStore of virtual snapshot lv
	lvs outputs "[$lvname_vorigin]" for the virtual snapshot lv
	(created with "--virtualsize"), and the original device pointed
	by "$lvname_vorigin" is just for lvm internal use, one should
	never use it.

	Per lvm's nameing rules, "[" is not valid as part of the vg/lv name.
	(man 8 lvm).

	<quote>
	VALID NAMES
	The following characters are valid for VG and LV names: a-z A-Z 0-9 + _
	. -

	VG and LV names cannot begin with a hyphen.   There  are  also  various
	reserved  names that are used internally by lvm that can not be used as
	LV or VG names.  A VG cannot be called anything that exists in /dev/ at
	the time of creation, nor can it be called '.' or '..'.  A LV cannot be
	called '.' '..' 'snapshot' or 'pvmove'. The LV name may also  not  con‐
	tain the strings '_mlog' or '_mimage'
	</quote>

	So we can skip the set the lv's backingStore by checking if the name
	begins with a "[".

2011-11-19  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add documentation for VLAN filtering support
	Add documentation for the VLAN filtering support. Describe the XML attributes
	that are supported.

	Add test cases for VLAN traffic filtering
	This patch adds a few test cases for the XML parsing of VLAN filtering nodes.

	Add support for VLAN filtering
	This patch adds support for filtering of VLAN (802.1Q) traffic to the
	parser and makes us of the ebtables support for VLAN filtering. This code
	now enables the filtering of traffic in chains with prefix 'vlan'.

2011-11-19  Jim Fehlig  <jfehlig@suse.com>

	Don't copy sexpr node value that is an empty string
	Xen4.1 initializes some unspecified sexpr config items to an empty
	string, unlike previous Xen versions that would leave the item unset.
	E.g. the kernel item for an HVM guest (non-direct kernel boot):

	Xen4.0 and earlier
	  ...
	  (image
	    (hvm
	      (kernel )
	  ...

	Xen4.1
	  ...
	  (image
	    (hvm
	      (kernel '')
	  ...

	The empty string for kernel causes some grief in subsequent parsing
	where existence of specified kernel is checked, e.g.

	  if (!def->os.kernel)
	  ...

	This patch solves the problem in sexpr_node_copy() by not copying
	a node containing an empty string.

2011-11-19  Eric Blake  <eblake@redhat.com>

	tests: avoid xend ABRT crash report
	I installed the xen development packages on my non-Xen F16 machine
	in order to compile-test xen code and ensure we don't break things
	on that front, but being a non-xen machine, /usr/sbin/xend is
	obviously not running.  Unfortunately, xen-4.1.2-1.fc16 has a bug
	where merely trying to probe xend status on a non-xen kernel causes
	xend to issue an ABRT crash report:

	https://bugzilla.redhat.com/show_bug.cgi?id=728696

	Even though libvirt (correctly) skips the test, the xend crash report
	is unnecessary noise.  Fix this by first filtering out non-xen
	kernels even before attempting to probe xend.  The test still runs
	and passes on a RHEL 5 xen kernel after this patch.

	* tests/reconnect.c (mymain): Skip xend probe on non-xen kernel.
	* tests/statstest.c (mymain): Likewise.

	build: fix compile error with no macvtap
	Since commit 6ec8288a, compilation has failed on RHEL 5:

	util/virnetdevmacvlan.c:672: error: conflicting types for 'virNetDevMacVLanCreateWithVPortProfile'

	* src/util/virnetdevmacvlan.c
	(virNetDevMacVLanCreateWithVPortProfile): Add missing parameter.

2011-11-19  Hu Tao  <hutao@cn.fujitsu.com>

	enable cgroup cpuset by default
	This prepares for subsequent patches which introduce dependence
	on cgroup cpuset. Enable cgroup cpuset by default so users don't
	have to modify configuration file before encountering a cpuset
	error.

2011-11-19  Eric Blake  <eblake@redhat.com>

	build: fix accidental POTFILES.in regression
	The original patch for commit 4789fb2 considered renaming a file,
	then backed out the name change, but forgot to back out the POTFILES.in
	change, resulting in 'make syntax-check' failure.

	tests: test recent hash addition
	Excercise the new hash API, to ensure we avoid regressions.

	* tests/hashtest.c (testHashGetItems): New test.

2011-11-19  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add test cases for parsing of list values
	This patch adds test cases for parsing of parameters with
	multiple occurrances of the same name.

	Extend NWFilter parameter parser to cope with lists of values
	This patch modifies the NWFilter parameter parser to support multiple
	elements with the same name and to internally build a list of items.
	An example of the XML looks like this:

	        <parameter name='TEST' value='10.1.2.3'/>
	        <parameter name='TEST' value='10.2.3.4'/>
	        <parameter name='TEST' value='10.1.1.1'/>

	The list of values is then stored in the newly introduced data type
	virNWFilterVarValue.

	The XML formatter is also adapted to print out all items in alphabetical
	order sorted by 'name'.

	This patch also fixes a bug in the XML schema on the way.

	Create rules for each member of a list
	This patch extends the NWFilter driver for Linux (ebiptables) to create
	rules for each member of a previously introduced list. If for example
	an attribute value (internally) looks like this:

	IP = [10.0.0.1, 10.0.0.2, 10.0.0.3]

	then 3 rules will be generated for a rule accessing the variable 'IP',
	one for each member of the list. The effect of this is that this now
	allows for filtering for multiple values in one field. This can then be
	used to support for filtering/allowing of multiple IP addresses per
	interface.

	An iterator is introduced that extracts each member of a list and
	puts it into a hash table which then is passed to the function creating
	a rule. For the above example the iterator would cause 3 loops.

	Rework value part of name-value pairs
	NWFilters can be provided name-value pairs using the following
	XML notation:

	      <filterref filter='xyz'>
	        <parameter name='PORT' value='80'/>
	        <parameter name='VAL' value='abc'/>
	      </filterref>

	The internal representation currently is so that a name is stored as a
	string and the value as well. This patch now addresses the value part of it
	and introduces a data structure for storing a value either as a simple
	value or as an array for later support of lists.

	This patch adjusts all code that was handling the values in hash tables
	and makes it use the new data type.

	Documentation about chains' priorities, lists of elements etc.
	This patch adds several aspects of documentation about the network filtering
	system:

	- chains, chains' priorities and chains' default priorities
	- talks about lists of elements, i.e., a variable assigned multiple values
	  (part of already ACK-ed series)
	- already mentions the vlan, stp and mac chains added later on
	  (https://www.redhat.com/archives/libvir-list/2011-October/msg01238.html)
	- mentions limitations of vlan filtering (when sent by VM) on Linux systems

	Add test cases
	Add test case for the chain names with known prefixes and the chain
	priority.

	Interleave jumping into chains with filtering rules in 'root' table
	The previous patch extends the priority of filtering rules into negative
	numbers. We now use this possibility to interleave the jumping into
	chains with filtering rules to for example create the 'root' table of
	an interface with the following sequence of rules:

	Bridge chain: libvirt-I-vnet0, entries: 6, policy: ACCEPT
	-p IPv4 -j I-vnet0-ipv4
	-p ARP -j I-vnet0-arp
	-p ARP -j ACCEPT 
	-p 0x8035 -j I-vnet0-rarp
	-p 0x835 -j ACCEPT 
	-j DROP 

	The '-p ARP -j ACCEPT' rule now appears between the jumps.
	Since the 'arp' chain has been assigned priority -700 and the 'rarp'
	chain -600, the above ordering can now be achieved with the following
	rule:

	  <rule action='accept' direction='out' priority='-650'>
	    <mac protocolid='arp'/>
	  </rule>

	This patch now sorts the commands generating the above shown jumps into
	chains and interleaves their execution with those for generating rules.

	Extend rule priorities into negative numbers
	So far rules' priorities have only been valid in the range [0,1000].
	Now I am extending their priority into the range [-1000, 1000] for subsequently
	being able to sort rules and the access of (jumps into) chains following
	priorities.

	Enable chains with names having a known prefix
	This patch enables chains that have a known prefix in their name.
	Known prefixes are: 'ipv4', 'ipv6', 'arp', 'rarp'. All prefixes
	are also protocols that can be evaluated on the ebtables level.

	Following the prefix they will be automatically connected to an interface's
	'root' chain and jumped into following the protocol they evaluate, i.e.,
	a table 'arp-xyz' will be accessed from the root table using

	ebtables -t nat -A <iface root table> -p arp -j I-<ifname>-arp-xyz

	thus generating a 'root' chain like this one here:

	Bridge chain: libvirt-O-vnet0, entries: 5, policy: ACCEPT
	-p IPv4 -j O-vnet0-ipv4
	-p ARP -j O-vnet0-arp
	-p 0x8035 -j O-vnet0-rarp
	-p ARP -j O-vnet0-arp-xyz
	-j DROP 

	where the chain 'arp-xyz' is accessed for filtering of ARP packets.

	Extend the filter XML to support priorities of chains
	This patch extends the filter XML to support priorities of chains
	in the XML. An example would be:

	<filter name='allow-arpxyz' chain='arp-xyz' priority='200'>
	[...]
	</filter>

	The permitted values for priorities are [-1000, 1000].
	By setting the priority of a chain the order in which it is accessed
	from the interface root chain can be influenced.

	Use the actual names of chains in data structure
	Use the name of the chain rather than its type index (enum).
	This pushes the later enablement of chains with user-given names
	into the XML parser. For now we still only allow those names that
	are well known ('root', 'arp', 'rarp', 'ipv4' and 'ipv6').

	Use scripting for cleaning and renaming of chains
	Use scripts for the renaming and cleaning up of chains. This allows us to get
	rid of some of the code that is only capable of renaming and removing chains
	whose names are hardcoded.

	A shell function 'collect_chains' is introduced that is given the name
	of an ebtables chain and then recursively determines the names of all
	chains that are accessed from this chain and its sub-chains using 'jumps'.

	The resulting list of chain names is then used to delete all the found
	chains by first flushing and then deleting them.

	The same function is also used for renaming temporary filters to their final
	names.

	I tested this with the bash and dash as script interpreters.

	Make filter creation in root table more flexible
	Use the previously introduced chain priorities to sort the chains for access
	from an interface's 'root' table and have them created in the proper order.
	This gets rid of a lot of code that was previously creating the chains in a 
	more hardcoded way.

	To determine what protocol a filter is used for evaluation do prefix-
	matching, i.e., the filter 'arp' is used to filter for the 'arp' protocol,
	'ipv4' for the 'ipv4' protocol and 'arp-xyz' will also be used to filter
	for the 'arp' protocol following the prefix 'arp' in its name.

	Introduce an internal priority for chains
	For better handling of the sorting of chains introduce an internally used
	priority. Use a lookup table to store the priorities. For now their actual
	values do not matter just that the values cause the chains to be properly
	sorted through changes in the following patches. However, the values are
	chosen as negative so that once they are sorted along with filtering rules
	(whose priority may only be positive for now) they will always be instantiated
	before them (lower values cause instantiation before higher values). This
	is done to maintain backwards compatibility.

	Add function to get hash table's key/value pairs
	Add a function to the virHashTable for getting an array of the hash table's
	key-value pairs and have the keys (optionally) sorted.

2011-11-19  Daniel P. Berrange  <berrange@redhat.com>

	Add support for systemd init service
	This patch adds support for a systemd init service for libvirtd
	and libvirt-guests. The libvirtd.service is *not* written to use
	socket activation, since we want libvirtd to start on boot so it
	can do guest auto-start.

	The libvirt-guests.service is pretty lame, just exec'ing the
	original init script for now. Ideally we would factor out the
	functionality, into some shared tool.

	Instead of

	  ./configure --with-init-script=redhat

	You can now do

	  ./configure --with-init-script=systemd

	Or better still:

	  ./configure --with-init-script=systemd+redhat

	We can also now support install of the upstart init script

	* configure.ac: Add systemd, and systemd+redhat options to
	  --with-init-script option
	* daemon/Makefile.am: Install systemd services
	* daemon/libvirtd.sysconf: Add note about unused env variable
	  with systemd
	* daemon/libvirtd.service.in: libvirtd systemd service unit
	* libvirt.spec.in: Add scripts to installing systemd services
	  and migrating from legacy init scripts
	* tools/Makefile.am: Install systemd services
	* tools/libvirt-guests.init.sh: Rename to tools/libvirt-guests.init.in
	* tools/libvirt-guests.service.in: systemd service unit

	Add support for interfaces with type=direct to LXC
	Support creation of macvlan devices for LXC containers. Do not
	allow setting of bandwidth controls or vport profiles due to the
	complication that there is no host side visible device to work
	with.

	* src/lxc/lxc_driver.c: Support type=direct interfaces

	Allow creation of plain macvlan devices
	Update virNetDevMacVLanCreateWithVPortProfile to allow creation
	of plain macvlan devices, as well as macvtap devices. The former
	is useful for LXC containers

	* src/qemu/qemu_command.c: Explicitly request a macvtap device
	* src/util/virnetdevmacvlan.c, src/util/virnetdevmacvlan.h: Add
	  new flag to allow switching between macvlan and macvtap
	  creation

	Refactor LXC network setup to allow future enhancements
	The current lxcSetupInterfaces() method directly performs setup
	of the bridge devices. Since it will shortly need to also create
	macvlan devices, move the bridge related code into a separate
	method

	* src/lxc/lxc_driver.c: Split lxcSetupInterfaces() to create a
	  new lxcSetupInterfaceBridge()

	Add missing 'const' annotations for internal domain conf helpers
	The virDomainNetGetActualBridgeName and virDomainNetGetActualDirectDev
	methods both return strings that point to data in the virDomainDefPtr
	struct, and should therefore not be freed. The return values should
	thus be 'const char *' not 'char *'.

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Mark const
	* src/network/bridge_driver.c: Update to use a const char *

	Fix up ordering of private symbols file
	Fix ordering of symbols after re-arranging network device
	management API source files

	* src/libvirt_private.syms: Fix ordering

	Move ifaceMacvtapLinkDump and ifaceGetNthParent functions
	Move the ifaceMacvtapLinkDump and ifaceGetNthParent functions
	into virnetdevvportprofile.c since they are specific to that
	code. This avoids polluting the headers with the Linux specific
	netlink data types

	* src/util/interface.c, src/util/interface.h: Move
	  ifaceMacvtapLinkDump and ifaceGetNthParent functions and delete
	  remaining file
	* src/util/virnetdevvportprofile.c: Add ifaceMacvtapLinkDump
	  and ifaceGetNthParent functions
	* src/network/bridge_driver.c, src/nwfilter/nwfilter_gentech_driver.c,
	  src/nwfilter/nwfilter_learnipaddr.c, src/util/virnetdevmacvlan.c:
	  Remove include of interface.h

	Move functions for dealing with physical/virtual devices
	Move virNetDevIsVirtualFunction, virNetDevGetVirtualFunctionIndex
	and virNetDevGetPhysicalFunction to virnetdev.c

	* src/util/interface.c, src/util/interface.h, src/util/virnetdev.c,
	  src/util/virnetdev.h: Move APIs

	Rename APIs for dealing with virtual/physical functions
	Rename ifaceIsVirtualFunction to virNetDevIsVirtualFunction,
	ifaceGetVirtualFunctionIndex to virNetDevGetVirtualFunctionIndex
	and ifaceGetPhysicalFunction to virNetDevGetPhysicalFunction

	* src/util/interface.c, src/util/interface.h: Rename APIs
	* src/util/virnetdevvportprofile.c: Update for API rename

	Move virNetDevValidateConfig to virnetdev.c
	* src/util/interface.c, src/util/interface.h: Remove virNetDevValidateConfig
	* src/util/virnetdev.c, src/util/virnetdev.h: Add virNetDevValidateConfig

	Rename ifaceCheck to virNetDevValidateConfig
	Rename the ifaceCheck method to virNetDevValidateConfig and change
	so that it always raises an error and returns -1 on error.

	* src/util/interface.c, src/util/interface.h: Rename ifaceCheck
	  to virNetDevValidateConfig
	* src/nwfilter/nwfilter_gentech_driver.c,
	  src/nwfilter/nwfilter_learnipaddr.c: Update for API rename

	Move virNetDevGetIPv4Address to virnetdev.c
	Move the virNetDevGetIPv4Address function to virnetdev.c

	* util/interface.c, util/interface.h: Remove virNetDevGetIPv4Address
	* util/virnetdev.c, util/virnetdev.h: Add virNetDevGetIPv4Address

	Rename ifaceGetIPAddress to virNetDevGetIPv4Address
	To match up with the existing virNetDevSetIPv4Address, rename
	ifaceGetIPAddress to virNetDevGetIPv4Address

	* util/interface.h, util/interface.c: Rename API
	* network/bridge_driver.c: Update for API rename

	Move virNetDevGetIndex & virNetDevGetVLanID to virnetdev.c
	Move virNetDevGetIndex & virNetDevGetVLanID to virnetdev.c to
	suit their functional purpose

	* util/interface.c, util/interface.h: Remove virNetDevGetIndex &
	  virNetDevGetVLanID
	* util/virnetdev.c, util/virnetdev.h: Add virNetDevGetIndex &
	  virNetDevGetVLanID

	Rename ifaceGetIndex and ifaceGetVLAN
	Rename the ifaceGetIndex method to virNetDevGetIndex and
	ifaceGetVlanID to virNetDevGetVLanID. Also change the error
	reporting behaviour to always raise errors and return -1 on
	failure

	* util/interface.c, util/interface.h: Rename ifaceGetIndex
	  and ifaceGetVLAN
	* nwfilter/nwfilter_gentech_driver.c, nwfilter/nwfilter_learnipaddr.c,
	  nwfilter/nwfilter_learnipaddr.c, util/virnetdevvportprofile.c: Update
	  for API renames and error handling changes

	Move MAC address replacement functions to virnetdev.c
	Move virNetDevReplaceMacAddress and virNetDevRestoreMacAddress
	to the virnetdev.c file where they naturally belong

	* util/interface.c, util/interface.h: Remove
	  virNetDevReplaceMacAddress and virNetDevRestoreMacAddress
	* util/virnetdev.c, util/virnetdev.h: Add
	  virNetDevReplaceMacAddress and virNetDevRestoreMacAddress

	Rename interface MAC address replacement APIs
	Rename ifaceReplaceMacAddress to virNetDevReplaceMacAddress
	and ifaceRestoreMacAddress to virNetDevRestoreMacAddress.

	* util/interface.c, util/interface.h, util/virnetdevmacvlan.c:
	  Rename APIs

	Move the low level macvlan creation APIs
	Move the low level macvlan creation APIs into the
	virnetdevmacvlan.c file where they more naturally
	belong

	* util/interface.c, util/interface.h: Remove virNetDevMacVLanCreate
	  and virNetDevMacVLanDelete
	* util/virnetdevmacvlan.c, util/virnetdevmacvlan.h: Add
	  virNetDevMacVLanCreate and virNetDevMacVLanDelete

	Rename low level macvlan creation APIs
	Rename ifaceMacvtapLinkAdd to virNetDevMacVLanCreate and
	ifaceLinkDel to virNetDevMacVLanDelete. Strictly speaking
	the latter isn't restricted to macvlan devices, but that's
	the only use libvirt has for it.

	* util/interface.c, util/interface.h,
	  util/virnetdevmacvlan.c: Rename APIs

	Rename high level macvlan creation APIs
	Rename virNetDevMacVLanCreate to virNetDevMacVLanCreateWithVPortProfile
	and virNetDevMacVLanDelete to virNetDevMacVLanDeleteWithVPortProfile

	To make way for renaming the other macvlan creation APIs in
	interface.c

	* util/virnetdevmacvlan.c, util/virnetdevmacvlan.h,
	  qemu/qemu_command.c, qemu/qemu_hotplug.c, qemu/qemu_process.c:
	  Rename APIs

	Rename and split the macvtap.c file
	Rename the macvtap.c file to virnetdevmacvlan.c to reflect its
	functionality. Move the port profile association code out into
	virnetdevvportprofile.c. Make the APIs available unconditionally
	to callers

	* src/util/macvtap.h: rename to src/util/virnetdevmacvlan.h,
	* src/util/macvtap.c: rename to src/util/virnetdevmacvlan.c
	* src/util/virnetdevvportprofile.c, src/util/virnetdevvportprofile.h:
	  Pull in vport association code
	* src/Makefile.am, src/conf/domain_conf.h, src/qemu/qemu_conf.c,
	  src/qemu/qemu_conf.h, src/qemu/qemu_driver.c: Update include
	  paths & remove conditional compilation

	Rename Macvtap management APIs
	In preparation for code re-organization, rename the Macvtap
	management APIs to have the following patterns

	  virNetDevMacVLanXXXXX     - macvlan/macvtap interface management
	  virNetDevVPortProfileXXXX - virtual port profile management

	* src/util/macvtap.c, src/util/macvtap.h: Rename APIs
	* src/conf/domain_conf.c, src/network/bridge_driver.c,
	  src/qemu/qemu_command.c, src/qemu/qemu_command.h,
	  src/qemu/qemu_driver.c, src/qemu/qemu_hotplug.c,
	  src/qemu/qemu_migration.c, src/qemu/qemu_process.c,
	  src/qemu/qemu_process.h: Update for renamed APIs

	Fix use of uninitialized variable in QEMU driver

2011-11-18  Bharata B Rao  <bharata@linux.vnet.ibm.com>

	qemu: Generate -numa option
	Add routines to generate -numa QEMU command line option based on
	<numa> ... </numa> XML specifications.

	XML definitions for guest NUMA and parsing routines
	This patch adds XML definitions for guest NUMA specification and contains
	routines to parse the same. The guest NUMA specification looks like this:

	<cpu>
	        ...
	        <topology sockets='2' cores='4' threads='2'/>
	        <numa>
	                <cell cpus='0-7' memory='512000'/>
	                <cell cpus='8-15' memory='512000'/>
	        </numa>
	        ...
	</cpu>

2011-11-18  Eric Blake  <eblake@redhat.com>

	snapshot: refuse to generate names for non-regular backing files
	For whatever reason, the kernel allows you to create a regular
	file named /dev/sdc.12345; although this file will disappear the
	next time devtmpfs is remounted.  If you let libvirt generate
	the name of the external snapshot for a disk image originally
	using the block device /dev/sdc, then the domain will be rendered
	unbootable once the qcow2 file is lost on the next devtmpfs
	remount.  In this case, the user should have used 'virsh
	snapshot-create --xmlfile' or 'virsh snapshot-create-as --diskspec'
	to specify the name for the qcow2 file in a sane location, rather
	than relying on libvirt generating a name that is most likely to
	be wrong.  We can help avoid naive mistakes by enforcing that
	the user provide the external name for any backing file that is
	not a regular file.

	* src/conf/domain_conf.c (virDomainSnapshotAlignDisks): Only
	generate names if backing file exists as regular file.
	Reported by MATSUDA Daiki.

2011-11-17  Jim Fehlig  <jfehlig@suse.com>

	Fix build with polkit0
	I missed adding virNetServerGetDBusConn() to libvirtd_private.syms
	in commit b8adfcc6, which didn't cause a problem in 0.9.6 but
	results in this build error in 0.9.7

	libvirtd-remote.o: In function `remoteDispatchAuthPolkit':
	remote.c:(.text+0x188dd): undefined reference to `virNetServerGetDBusConn'

	Revert commit 0f590c62
	As noted by Daniel Berrange [1], the proper fix for the older
	PolicyKit build issue is to add virNetServerGetDBusConn to
	libvirt_private.syms.  Revert unnecessary changes to
	daemon/Makefile.am

	[1] https://www.redhat.com/archives/libvir-list/2011-November/msg00852.html

2011-11-17  Laine Stump  <laine@laine.org>

	virsh: add iface-bridge and iface-unbridge commands
	One of the top questions by libvirt users is how to create a host
	bridge device so that guests can be directly on the physical
	network. There are several example documents that explain how to do
	this manually, but following them often results in confusion and
	failure. virt-manager does a good job of creating a bridge based on an
	existing network device, but not everyone wants to use virt-manager.

	This patch adds a new command, iface-bridge that makes it just about
	as simple as possible to create a new bridge device based on an
	existing ethernet/vlan/bond device (including associating IP
	configuration with the bridge rather than the now-attached device),
	and start that new bridge up ready for action, eg:

	    virsh iface-bridge eth0 br0

	For symmetry's sake, it also adds a command to remove a device from a
	bridge, restoring the IP config to the now-unattached device:

	    virsh iface-unbridge br0

	(I had a short debate about whether to do "iface-unbridge eth0"
	instead, but that would involve searching through all bridge devices
	for the one that contained eth0, which seems like a bit too much
	trouble).

	NOTE: These two commands require that the netcf library be available
	on the host. Hopefully this will provide some extra incentive for
	people using suse, debian, ubuntu, and other similar systems to polish
	up (and push downstream) the ports to those distros recently pushed to
	the upstream netcf repo by Dan Berrange. Anyone interested in helping
	with that effort in any way should join the netcf-devel mailing list
	(subscription info at
	https://fedorahosted.org/mailman/listinfo/netcf-devel)

	During creation of the bridge, it's possible to specify whether or not
	the STP protocol should be started up on the bridge and, if so, how
	many seconds the bridge should squelch traffic from newly added
	devices while learning new topology (defaults are stp='on' and
	delay='0', which seems to usually work best for bridges used in the
	context of libvirt guests).

	There is also an option to not immediately start the bridge (and a
	similar option to not immediately start the un-attached device after
	destroying the bridge. Default is to start the new device, because in
	the case of iface-unbridge not starting is strongly discouraged as it
	will leave the system with no network connectivity on that interface
	(because it's necessary to destroy/undefine the bridge device before
	the unattached device can be defined), and it seemed better to make
	the option for iface-bridge behave consistently.

	NOTE TO THOSE TRYING THESE COMMANDS FOR THE FIRST TIME: to guard
	against any "unexpected" change to configuration, it is advisable to
	issue an "virsh iface-begin" command before starting any interface
	config changes, and "virsh iface-commit" only after you've verified
	that everything is working as you expect. If something goes wrong,
	you can always run "virsh iface-rollback" or reboot the system (which
	should automatically do iface-rollback).

	Aside from adding the code for these two functions, and the two
	entries into the command table, the only other change to virsh.c was
	to add the option name to vshCommandOptInterfaceBy(), because the
	iface-unbridge command names its interface option as "bridge".

	virsh.pod has also been updated with short descriptions of these two
	new commands.

2011-11-16  Hu Tao  <hutao@cn.fujitsu.com>

	fix a bug in remoteSerializeTypedParameters
	This is a fatal typo believed to be very likely to happen when using
	both i and j at the same time for indexing.

2011-11-16  Daniel P. Berrange  <berrange@redhat.com>

	Don't return a fatal error if receiving unexpected stream data
	Due to the asynchronous nature of streams, we might continue to
	receive some stream packets from the server even after we have
	shutdown the stream on the client side. These should be discarded
	silently, rather than raising an error in the RPC layer.

	* src/rpc/virnetclient.c: Discard stream data silently

	Fix handling of stream EOF
	Very occasionally the sequence of events from poll would result
	in getting a HANGUP on its own, instead of a HANGUP+READABLE
	at the same time. In the former case we would send back an error
	event to the client, but never send the empty packet to indicate
	EOF.

	Allow non-blocking message sending on virNetClient
	Add a new virNetClientSendNonBlock which returns 2 on
	full send, 1 on partial send, 0 on no send, -1 on error

	If a partial send occurs, then a subsequent call to any
	of the virNetClientSend* APIs will finish any outstanding
	I/O.

	TODO: the virNetClientEvent event handler could be used
	to speed up completion of partial sends if an event loop
	is present.

	* src/rpc/virnetsocket.h, src/rpc/virnetsocket.c: Add new
	  virNetSocketHasPendingData() API to test for cached
	  data pending send.
	* src/rpc/virnetclient.c, src/rpc/virnetclient.h: Add new
	  virNetClientSendNonBlock() API to send non-blocking API

	Refactor code for enabling/disabling I/O callback in remote client
	* src/rpc/virnetclient.c: Add helper for setting I/O callback events

	Split virNetClientSend into 2 methods
	Stop multiplexing virNetClientSend for two different purposes,
	instead add virNetClientSendWithReply and virNetClientSendNoReply

	* src/rpc/virnetclient.c, src/rpc/virnetclient.h: Replace
	  virNetClientSend with virNetClientSendWithReply and
	  virNetClientSendNoReply
	* src/rpc/virnetclientprogram.c, src/rpc/virnetclientstream.c:
	  Update for new API names

	Refactor code for passing the buck in the remote client
	Remove some duplication by pulling the code for passing the
	buck out into a helper method

	* src/rpc/virnetclient.c: Introduce virNetClientIOEventLoopPassTheBuck

	Explicitly track whether the buck is held in remote client
	Instead of inferring whether the buck is held from the waitDispatch
	pointer, use an explicit 'bool haveTheBuck' field

	* src/rpc/virnetclient.c: Explicitly track the buck

	Remove all linked list handling from remote client event loop
	Directly messing around with the linked list is potentially
	dangerous. Introduce some helper APIs to deal with list
	manipulating the list

	* src/rpc/virnetclient.c: Create linked list handlers

2011-11-16  Eli Qiao  <taget@linux.vnet.ibm.com>

	util: Add netdev helper functions to private symbols

2011-11-16  Sage Weil  <sage@newdream.net>

	qemu/rbd: improve rbd device specification
	This improves the support for qemu rbd devices by adding support for a few
	key features (e.g., authentication) and cleaning up the way in which
	rbd configuration options are passed to qemu.

	An <auth> member of the disk source xml specifies how librbd should
	authenticate. The username attribute is the Ceph/RBD user to authenticate as.
	The usage or uuid attributes specify which secret to use. Usage is an
	arbitrary identifier local to libvirt.

	The old RBD support relied on setting an environment variable to
	communicate information to qemu/librbd.  Instead, pass those options
	explicitly to qemu.  Update the qemu argument parsing and tests
	accordingly.

2011-11-16  Jim Fehlig  <jfehlig@suse.com>

	Fix build with polkit0
	I missed adding libvirt_driver_remote.la to libvirtd_LDADD in
	commit b8adfcc6, which didn't cause a problem in 0.9.6 but
	results in this build error in 0.9.7

	libvirtd-remote.o: In function `remoteDispatchAuthPolkit':
	remote.c:(.text+0x188dd): undefined reference to `virNetServerGetDBusConn'

2011-11-16  Stefan Berger  <stefanb@us.ibm.com>

	Fix strchr call triggering gcc 4.3 & 4.4 bug
	Replacing the strchr call with two variables through a strstr call.
	Calling strchr with two variables triggers a gcc 4.3/4.4
	bug when used in combination with -Wlogical-op and at least -O1.

	maint: fix build
	include stdint.h to fix the build

2011-11-15  Daniel P. Berrange  <berrange@redhat.com>

	Remove ifaceSetMac and ifaceGetMac APIs
	The ifaceSetMac and ifaceGetMac APIs duplicate the functionality
	of the virNetDevSetMAC and virNetDevGetMAC APIs, but returning
	errno's instead of raising errors.

	* src/util/interface.c, src/util/interface.h: Remove
	  ifaceSetMac and ifaceGetMac APIs, adjusting callers
	  for new error behaviour

	Remove ifaceUp, ifaceDown, ifaceCtrl & ifaceIsUp APIs
	The ifaceUp, ifaceDown, ifaceCtrl & ifaceIsUp APIs can be replaced
	with calls to virNetDevSetOnline and virNetDevIsOnline

	* src/util/interface.c, src/util/interface.h: Delete ifaceUp,
	  ifaceDown, ifaceCtrl & ifaceIsUp
	* src/nwfilter/nwfilter_gentech_driver.c, src/util/macvtap.c:
	  Update to use virNetDevSetOnline and virNetDevIsOnline

	Move LXC veth.c code into shared utility APIs
	Move the virNetDevSetName and virNetDevSetNamespace APIs out
	of LXC's veth.c and into virnetdev.c.

	Move the remaining content of the file to src/util/virnetdevveth.c

	* src/lxc/veth.c: Rename to src/util/virnetdevveth.c
	* src/lxc/veth.h: Rename to src/util/virnetdevveth.h
	* src/util/virnetdev.c, src/util/virnetdev.h: Add
	  virNetDevSetName and virNetDevSetNamespace
	* src/lxc/lxc_container.c, src/lxc/lxc_controller.c,
	  src/lxc/lxc_driver.c: Update include paths

	Rename the LXC veth management APIs and delete duplicated APIs
	The src/lxc/veth.c file contains APIs for managing veth devices,
	but some of the APIs duplicate stuff from src/util/virnetdev.h.
	Delete thed duplicate APIs and rename the remaining ones to
	follow virNetDevVethXXXX

	* src/lxc/veth.c, src/lxc/veth.h: Rename APIs & delete duplicates
	* src/lxc/lxc_container.c, src/lxc/lxc_controller.c,
	  src/lxc/lxc_driver.c: Update for API renaming

	Split src/util/network.{c,h} into 5 pieces
	The src/util/network.c file is a dumping ground for many different
	APIs. Split it up into 5 pieces, along functional lines

	 - src/util/virnetdevbandwidth.c: virNetDevBandwidth type & helper APIs
	 - src/util/virnetdevvportprofile.c: virNetDevVPortProfile type & helper APIs
	 - src/util/virsocketaddr.c: virSocketAddr and APIs
	 - src/conf/netdev_bandwidth_conf.c: XML parsing / formatting
	   for virNetDevBandwidth
	 - src/conf/netdev_vport_profile_conf.c: XML parsing / formatting
	   for virNetDevVPortProfile

	* src/util/network.c, src/util/network.h: Split into 5 pieces
	* src/conf/netdev_bandwidth_conf.c, src/conf/netdev_bandwidth_conf.h,
	  src/conf/netdev_vport_profile_conf.c, src/conf/netdev_vport_profile_conf.h,
	  src/util/virnetdevbandwidth.c, src/util/virnetdevbandwidth.h,
	  src/util/virnetdevvportprofile.c, src/util/virnetdevvportprofile.h,
	  src/util/virsocketaddr.c, src/util/virsocketaddr.h: New pieces
	* daemon/libvirtd.h, daemon/remote.c, src/conf/domain_conf.c,
	  src/conf/domain_conf.h, src/conf/network_conf.c,
	  src/conf/network_conf.h, src/conf/nwfilter_conf.h,
	  src/esx/esx_util.h, src/network/bridge_driver.c,
	  src/qemu/qemu_conf.c, src/rpc/virnetsocket.c,
	  src/rpc/virnetsocket.h, src/util/dnsmasq.h, src/util/interface.h,
	  src/util/iptables.h, src/util/macvtap.c, src/util/macvtap.h,
	  src/util/virnetdev.h, src/util/virnetdevtap.c,
	  tools/virsh.c: Update include files

	Fix error reporting in port profile parsing/formatting APIs
	The virtual port profile parsing/formatting APIs do not
	correctly handle unknown profile type strings/numbers.
	They behave as a no-op, instead of raising an error

	* src/util/network.c, src/util/network.h: Fix error
	  handling of port profile APIs
	* src/conf/domain_conf.c, src/conf/network_conf.c: Update
	  for API changes

	Rename virVirtualPortProfileParams & APIs
	Rename the virVirtualPortProfileParams struct to be
	virNetDevVPortProfile, and rename the APIs to match
	this prefix.

	* src/util/network.c, src/util/network.h: Rename port profile
	  APIs
	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/conf/network_conf.c, src/conf/network_conf.h,
	  src/network/bridge_driver.c, src/qemu/qemu_hotplug.c,
	  src/util/macvtap.c, src/util/macvtap.h: Update for
	  renamed APIs/structs

2011-11-15  Stefan Berger  <stefanb@us.ibm.com>

	maint: Add Michael Wood as an author
	Add Michael Wood <esiotrot@gmail.com> as an author.

2011-11-15  Michael Wood  <esiotrot@gmail.com>

	PATCH: Fix build without MACVTAP
	Hi

	Commit c31d23a78715f1144c73862c46ab0436de8b5e85 removed the "conn"
	parameter from qemuPhysIfaceConnect(), but it's still used if
	WITH_MACVTAP is false.  Also, it's still mentioned in the comment
	above the function:

	/**
	 * qemuPhysIfaceConnect:
	 * @def: the definition of the VM (needed by 802.1Qbh and audit)
	 * @conn: pointer to virConnect object
	 * @driver: pointer to the qemud_driver
	 * @net: pointer to he VM's interface description with direct device type
	 * @qemuCaps: flags for qemu
	 *
	 * Returns a filedescriptor on success or -1 in case of error.
	 */
	int
	qemuPhysIfaceConnect(virDomainDefPtr def,
	                     struct qemud_driver *driver,
	                     virDomainNetDefPtr net,
	                     virBitmapPtr qemuCaps,
	                     enum virVMOperationType vmop)
	{
	    int rc;
	#if WITH_MACVTAP
	[...]
	#else
	    (void)def;
	    (void)conn;
	    (void)net;
	    (void)qemuCaps;
	    (void)driver;
	    (void)vmop;
	    qemuReportError(VIR_ERR_INTERNAL_ERROR,
	                    "%s", _("No support for macvtap device"));
	    rc = -1;
	#endif
	    return rc;
	}

	--
	Michael Wood <esiotrot@gmail.com>

	From f4fc43b4111a4c099395c55902e497b8965e2b53 Mon Sep 17 00:00:00 2001
	From: Michael Wood <esiotrot@gmail.com>
	Date: Sat, 12 Nov 2011 13:37:53 +0200
	Subject: [PATCH] Fix build without MACVTAP.

2011-11-15  Guido Günther  <agx@sigxcpu.org>

	storage: forbid rebuilding existing disk storage pools
	which would blow away all volumes. Honor VIR_STORAGE_POOL_BUILD_OVERWRITE
	to force a rebuild.

	This was caught by libvirt-tck's storage/110-disk-pool.t.

2011-11-12  Eric Blake  <eblake@redhat.com>

	API: add trivial qemu support for VIR_TYPED_PARAM_STRING
	Qemu will be the first driver to make use of a typed string in the
	next round of additions.  Separate out the trivial addition.

	* src/qemu/qemu_driver.c (qemudSupportsFeature): Advertise feature.
	(qemuDomainGetBlkioParameters, qemuDomainGetMemoryParameters)
	(qemuGetSchedulerParametersFlags, qemudDomainBlockStatsFlags):
	Allow typed strings flag where trivially supported.

	API: remote support for VIR_TYPED_PARAM_STRING
	Send and receive string typed parameters across RPC.  This also
	completes the back-compat mentioned in the previous patch - the
	only time we have an older client talking to a newer server is
	if RPC is in use, so filtering out strings during RPC prevents
	returning an unknown type to the older client.

	* src/remote/remote_protocol.x (remote_typed_param_value): Add
	another union value.
	* daemon/remote.c (remoteDeserializeTypedParameters): Handle
	strings on rpc.
	(remoteSerializeTypedParameters): Likewise; plus filter out
	strings when replying to older clients.  Adjust callers.
	* src/remote/remote_driver.c (remoteFreeTypedParameters)
	(remoteSerializeTypedParameters)
	(remoteDeserializeTypedParameters): Handle strings on rpc.
	* src/rpc/gendispatch.pl: Properly clean up typed arrays.
	* src/remote_protocol-structs: Update.
	Based on an initial patch by Hu Tao, with feedback from
	Daniel P. Berrange.

	API: add VIR_TYPED_PARAM_STRING
	This allows strings to be transported between client and server
	in the context of name-type-value virTypedParameter functions.
	For compatibility,

	    o new clients will not send strings to old servers, based on
	      a feature check
	    o new servers will not send strings to old clients without the
	      flag VIR_TYPED_PARAM_STRING_OKAY; this will be enforced at
	      the RPC layer in the next patch, so that drivers need not
	      worry about it in general.  The one exception is that
	      virDomainGetSchedulerParameters lacks a flags argument, so
	      it must not return a string; drivers that forward that
	      function on to virDomainGetSchedulerParametersFlags will
	      have to pay attention to the flag.
	    o the flag VIR_TYPED_PARAM_STRING_OKAY is set automatically,
	      based on a feature check (so far, no driver implements it),
	      so clients do not have to worry about it

	Future patches can then enable the feature on a per-driver basis.

	This patch also ensures that drivers can blindly strdup() field
	names (previously, a malicious client could stuff 80 non-NUL bytes
	into field and cause a read overrun).

	* src/libvirt_internal.h (VIR_DRV_FEATURE_TYPED_PARAM_STRING): New
	driver feature.
	* src/libvirt.c (virTypedParameterValidateSet)
	(virTypedParameterSanitizeGet): New helper functions.
	(virDomainSetMemoryParameters, virDomainSetBlkioParameters)
	(virDomainSetSchedulerParameters)
	(virDomainSetSchedulerParametersFlags)
	(virDomainGetMemoryParameters, virDomainGetBlkioParameters)
	(virDomainGetSchedulerParameters)
	(virDomainGetSchedulerParametersFlags, virDomainBlockStatsFlags):
	Use them.
	* src/util/util.h (virTypedParameterArrayClear): New helper
	function.
	* src/util/util.c (virTypedParameterArrayClear): Implement it.
	* src/libvirt_private.syms (util.h): Export it.
	Based on an initial patch by Hu Tao, with feedback from
	Daniel P. Berrange.

2011-11-12  Eli Qiao  <taget@linux.vnet.ibm.com>

	util: fix compile error on debian
	Add virnetdev.h,virnetdevbridge.h,virnetdevtap.h to private symbols,
	since debian linker no longer allows transitive link resolution

2011-11-12  Eric Blake  <eblake@redhat.com>

	qemu: fix domjobabort regression
	This reverts commit ef1065cf5ac; see also this bug report:
	https://bugzilla.redhat.com/show_bug.cgi?id=751900

	In qemu 0.15.1 and earlier, during migration to file, the
	qemu_savevm_state_begin and qemu_savevm_state_iterate methods
	will both process as much migration data as possible until either

	  1. The file descriptor returns EAGAIN
	  2. The bandwidth rate limit is reached

	If we set the rate limit to ULONG_MAX, test 2 never becomes true. We're
	passing a plain file descriptor to QEMU and POSIX does not support EAGAIN on
	regular files / block devices, so test 1 never becomes true either.

	In the 'virsh save --bypass-cache' case, we pass a pipe instead of a
	regular fd, but using a pipe adds I/O overhead, so always passing a
	pipe just so qemu can see EAGAIN doesn't seem nice.

	The ultimate fix needs to come from qemu - background migration must
	respect asynchronous abort requests, or else periodically return
	control to the main handling loop without an EAGAIN and without
	waiting to hit an insanely large amount of data.  But until a
	version of qemu is fixed to support "unlimited" data rates while
	still allowing cancellation, the best we can do is avoid the
	automatic use of unlimited rates from within libvirt (users can
	still explicitly change the migration rates, if they are aware that
	they are giving up the ability to cancel a job).

	Reverting the lone use of QEMU_DOMAIN_FILE_MIG_BANDWIDTH_MAX is
	the simplest patch; this slows migration back down to a default
	32M/sec cap, but also ensures that the main qemu processing loop
	will still be responsive to cancellation requests.  Hopefully
	upstream qemu will provide us a means of safely using unlimited
	speed, including a runtime probe of that capability.

	* src/qemu/qemu_migration.c (qemuMigrationToFile): Revert attempt
	to use unlimited migration bandwidth when migrating to file.

2011-11-12  Hu Tao  <hutao@cn.fujitsu.com>

	fix two bugs in bridge_driver.c
	steps to reproduce:

	1. having a network xml file(named default.xml) like this one:

	<network>
	  <name>default</name>
	  <uuid>c5322c4c-81d0-4985-a363-ad6389780d89</uuid>
	  <bridge name="virbr0" />
	  <forward/>
	  <ip address="192.168.122.1" netmask="255.255.255.0">
	    <dhcp>
	      <range start="192.168.122.2" end="192.168.122.254" />
	    </dhcp>
	  </ip>
	</network>

	in /etc/libvirt/qemu/networks/, and mark it as autostart:

	$ ls -l /etc/libvirt/qemu/networks/autostart
	total 0
	lrwxrwxrwx 1 root root 14 Oct 12 14:02 default.xml -> ../default.xml

	2. start libvirtd and the device virbr0 is not automatically up.

	The reason is that the function virNetDevExists is now returns 1 if
	the device exists, comparing to the former one returns 0 if the device
	exists. But with only this fix will cause a segmentation fault(the same
	steps as above)  that is fixed by the second chunk of code.

2011-11-12  Eric Blake  <eblake@redhat.com>

	build: drop useless dirent.h includes
	* .gnulib: Update to latest, for improved syntax-check.
	* src/lxc/lxc_container.c (includes): Drop unused include.
	* src/network/bridge_driver.c: Likewise.
	* src/node_device/node_device_linux_sysfs.c: Likewise.
	* src/openvz/openvz_driver.c: Likewise.
	* src/qemu/qemu_conf.c: Likewise.
	* src/storage/storage_backend_iscsi.c: Likewise.
	* src/storage/storage_backend_mpath.c: Likewise.
	* src/uml/uml_conf.c: Likewise.
	* src/uml/uml_driver.c: Likewise.

	xenapi: remove unused variable
	  CC     libvirt_driver_xenapi_la-xenapi_driver.lo
	xenapi/xenapi_driver.c: In function 'xenapiDomainGetVcpus':
	xenapi/xenapi_driver.c:1209:21: error: variable 'cpus' set but not used [-Werror=unused-but-set-variable]

	* src/xenapi/xenapi_driver.c (xenapiDomainGetVcpus): Silence
	compiler warning.

2011-11-11  Eric Blake  <eblake@redhat.com>

	maint: use mailmap, not AUTHORS, for secondary addresses
	* AUTHORS: Move Stefan's second entry...
	* .mailmap: ...here.

2011-11-11  Stefan Berger  <stefanb@us.ibm.com>

	maint: fix make syntax-check
	Add my 2nd email to the list of AUTHORS to get 'make syntax-check'
	to pass.

2011-11-11  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Remove code instantiating filters on direct interfaces
	Remove the code that instantiates network filters on direct type
	of interfaces. The parser already does not accept it.

2011-11-10  Daniel P. Berrange  <berrange@redhat.com>

	Disable numactl on ARM architectures too
	* libvirt.spec.in: Disable numactl on ARM

	Add libvirt confdir to files section in mingw32 spec
	* mingw32-libvirt.spec.in: Ensure we own the confdir

2011-11-10  Eric Blake  <eblake@redhat.com>

	nwfilter: simplify execution of ebiptables scripts
	It's not worth even worrying about a temporary file, unless we
	ever expect the script to exceed maximum command-line argument
	length limits.

	* src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesExecCLI):
	Run the commands as an argument to /bin/sh, rather than worrying
	about a temporary file.
	(ebiptablesWriteToTempFile): Delete unused function.

	nwfilter: avoid failure with noexec /tmp
	If /tmp is mounted with the noexec flag (common on security-conscious
	systems), then nwfilter will fail to initialize, because we cannot
	run any temporary script via virRun("/tmp/script"); but we _can_
	use "/bin/sh /tmp/script".  For that matter, using /tmp risks collisions
	with other unrelated programs; we already have /var/run/libvirt as a
	dedicated temporary directory for use by libvirt.

	* src/nwfilter/nwfilter_ebiptables_driver.c
	(ebiptablesWriteToTempFile): Use internal directory, not /tmp;
	drop attempts to make script executable; and detect close error.
	(ebiptablesExecCLI): Switch to virCommand, and invoke the shell to
	read the script, rather than requiring an executable script.

2011-11-10  Daniel P. Berrange  <berrange@redhat.com>

	Adjust naming of network device bandwidth management APIs
	Rename virBandwidth to virNetDevBandwidth, and virRate to
	virNetDevBandwidthRate.

	* src/util/network.c, src/util/network.h: Rename bandwidth
	  structs and APIs
	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/conf/network_conf.c, src/conf/network_conf.h,
	  src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/qemu/qemu_command.c, src/util/macvtap.c,
	  src/util/macvtap.h, tools/virsh.c: Update for API changes.

	Santize naming of socket address APIs
	The socket address APIs in src/util/network.h either take the
	form  virSocketAddrXXX, virSocketXXX or virSocketXXXAddr.

	Sanitize this so everything is virSocketAddrXXXX, and ensure
	that the virSocketAddr parameter is always the first one.

	* src/util/network.c, src/util/network.h: Santize socket
	  address API naming
	* src/conf/domain_conf.c, src/conf/network_conf.c,
	  src/conf/nwfilter_conf.c, src/network/bridge_driver.c,
	  src/nwfilter/nwfilter_ebiptables_driver.c,
	  src/nwfilter/nwfilter_learnipaddr.c,
	  src/qemu/qemu_command.c, src/rpc/virnetsocket.c,
	  src/util/dnsmasq.c, src/util/iptables.c,
	  src/util/virnetdev.c, src/vbox/vbox_tmpl.c: Update for
	  API renaming

	Split bridge.h into three separate files
	Following the renaming of the bridge management APIs, we can now
	split the source file into 3 corresponding pieces

	 * src/util/virnetdev.c: APIs for any type of network interface
	 * src/util/virnetdevbridge.c: APIs for bridge interfaces
	 * src/util/virnetdevtap.c: APIs for TAP interfaces

	* src/util/virnetdev.c, src/util/virnetdev.h,
	  src/util/virnetdevbridge.c, src/util/virnetdevbridge.h,
	  src/util/virnetdevtap.c, src/util/virnetdevtap.h: Copied
	  from bridge.{c,h}
	* src/util/bridge.c, src/util/bridge.h: Split into 3 pieces
	* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/openvz/openvz_driver.c, src/qemu/qemu_command.c,
	  src/qemu/qemu_conf.h, src/uml/uml_conf.c, src/uml/uml_conf.h,
	  src/uml/uml_driver.c: Update #include directives

	Remove usage of brctl command line tool
	Convert the virNetDevBridgeSetSTP and virNetDevBridgeSetSTPDelay
	to use ioctls instead of spawning brctl.

	Implement the virNetDevBridgeGetSTP and virNetDevBridgeGetSTPDelay
	methods which were declared in the header but never existed

	* src/util/bridge.c: Convert to use bridge ioctls instead of brctl

	Add an API for retrieving the MAC address of an interface
	* src/util/bridge.c, src/util/bridge.h: Add virNetDevGetMAC

	Expose MTU management APIs
	The MTU management APIs are useful to other code inside libvirt,
	so should be exposed as non-static APIs.

	* src/util/bridge.c, src/util/bridge.h: Expose virNetDevSetMTU,
	  virNetDevSetMTUFromDevice & virNetDevGetMTU

	Turn two int parameters into bools in bridge APIs
	* src/util/bridge.c, src/util/bridge.h: s/int/bool/ in
	  virNetDevSetOnline and virNetDevBridgeSetSTP

	Rename all brXXXX APIs to follow new convention
	The existing brXXX APIs in src/util/bridge.h are renamed to
	follow one of three different conventions

	 - virNetDevXXX       - operations for any type of interface
	 - virNetDevBridgeXXX - operations for bridge interfaces
	 - virNetDevTapXXX    - operations for tap interfaces

	* src/util/bridge.h, src/util/bridge.c: Rename all APIs
	* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/qemu/qemu_command.c, src/uml/uml_conf.c,
	  src/uml/uml_driver.c: Update for API renaming

	Make all brXXX APIs raise errors, instead of returning errnos
	Currently every caller of the brXXX APIs has to store the returned
	errno value and then raise an error message. This results in
	inconsistent error messages across drivers, additional burden on
	the callers and makes the error reporting inaccurate since it is
	hard to distinguish different scenarios from 1 errno value.

	* src/util/bridge.c: Raise errors instead of returning errnos
	* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/qemu/qemu_command.c, src/uml/uml_conf.c,
	  src/uml/uml_driver.c: Remove error reporting code

	Remove 'brControl' object
	The bridge management APIs in src/util/bridge.c require a brControl
	object to be passed around. This holds the file descriptor for the
	control socket. This extra object complicates use of the API for
	only a minor efficiency gain, which is in turn entirely offset by
	the need to fork/exec the brctl command for STP configuration.

	This patch removes the 'brControl' object entirely, instead opening
	the control socket & closing it again within the scope of each method.

	The parameter names for the APIs are also made to consistently use
	'brname' for bridge device name, and 'ifname' for an interface
	device name. Finally annotations are added for non-NULL parameters
	and return check validation

	* src/util/bridge.c, src/util/bridge.h: Remove brControl object
	  and update API parameter names & annotations.
	* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/uml/uml_conf.h, src/uml/uml_conf.c, src/uml/uml_driver.c,
	  src/qemu/qemu_command.c, src/qemu/qemu_conf.h,
	  src/qemu/qemu_driver.c: Remove reference to 'brControl' object

2011-11-10  Eric Blake  <eblake@redhat.com>

	build: fix mingw build of gnulib openpty
	Commit f7bd00c12 pulled in a gnulib module that fails to compile
	on mingw.  Work around it while waiting for an upstream gnulib fix.

	* gnulib/local/lib/pty.in.h (openpty): Provide forward
	declarations of opaque structs not present on mingw.
	* gnulib/local/lib/openpty.c (openpty): Provide stub for mingw.

	build: allow for local gnulib diffs
	Commit f7bd00c12 pulled in a gnulib module that fails to compile
	on mingw.  While it would be nice to pull in a newer version of
	.gnulib that fixes this, it is difficult to backport any .gnulib
	update to older releases.  So, it makes sense to take advantage
	of gnulib-tool's ability to support local diffs, where we can
	apply specific diffs in our use of gnulib without waiting for
	upstream gnulib to pick up those changes, as well as avoiding
	a wholesale .gnulib update.  The existence of local diffs will
	also make it easier to backport fixes against a tarball (as long
	as a tarball and libvirt.git share the same .gnulib commit, then
	the tarball can be patched by applying the same local diffs as
	a post-release libvirt.git commit, without having to rerun an
	entire gnulib-tool bootstrap).

	This patch introduces the framework for supporting local diffs,
	without actually introducing any.

	* bootstrap.conf (local_gl_dir): New variable.
	* autogen.sh (bootstrap_hash): Hash any local diffs, to force a
	re-bootstrap if just diffs change.
	* cfg.mk (_update_required): Likewise.

2011-11-09  Alex Jia  <ajia@redhat.com>

	lxc: free error object to avoid memory leak
	Detected by Coverity. Leak introduced in commit 9d201a5.

	* src/lxc/lxc_driver.c: Clean up on failure.

	lxc: free 'ttyFDs' array on return from lxcVmStart
	Detected by Coverity. Leak introduced in commit 0f31f7b.

	* src/lxc/lxc_driver.c: Clean up on failure.

2011-11-09  Osier Yang  <jyang@redhat.com>

	qemu: Fix improper error message for disk detaching
	s/virDomainDeviceTypeToString/virDomainDiskDeviceTypeToString/

	Report by Xu He Jie <xuhj@linux.vnet.ibm.

2011-11-09  Xu He Jie  <xuhj@linux.vnet.ibm.com>

	virsh: Add VSH_OFLAG_EMPTY_OK for attach-disk command
	As the description of removing CDROM media from
	  http://wiki.libvirt.org/page/QEMUSwitchToLibvirt#eject_DEV

	Add flag 'VSH_OFLAG_EMPTY_OK' to the option 'source' of attach-disk

	Then avoid outputting <source> in the XML if 'source' was empty,
	rather than trusting libvirt domain_conf.c to understand an empty
	string.

2011-11-08  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.7
	* confiure.ac docs/news.html.in libvirt.spec.in: update for release
	* po/*.po*: update localizations and rebuilt

2011-11-08  Eric Blake  <eblake@redhat.com>

	build: fix build on platforms without ptsname_r
	MacOS lacks ptsname_r, and gnulib doesn't (yet) provide it.
	But we can avoid it altogether, by using gnulib openpty()
	instead.  Note that we do _not_ want the pt_chown module;
	gnulib uses it only to implement a replacement openpty() if
	the system lacks both openpty() and granpt(), but all
	systems that we currently port to either have at least one of
	openpty() and/or grantpt(), or lack ptys altogether.  That is,
	we aren't porting to any system that requires us to deal with
	the hassle of installing a setuid pt_chown helper just to use
	gnulib's ability to provide openpty() on obscure platforms.

	* .gnulib: Update to latest, for openpty fixes
	* bootstrap.conf (gnulib_modules): Add openpty, ttyname_r.
	(gnulib_tool_option_extras): Exclude pt_chown module.
	* src/util/util.c (virFileOpenTty): Rewrite in terms of openpty
	and ttyname_r.
	* src/util/util.h (virFileOpenTtyAt): Delete dead prototype.

2011-11-07  Daniel P. Berrange  <berrange@redhat.com>

	Add missing defaultConsoleTargetType callback for AppArmour
	Every instance of virCapsPtr must have the defaultConsoleTargetType
	field set.

	* src/security/virt-aa-helper.c: Add defaultConsoleTargetType to
	  virCapsPtr

	Fix sending/receiving of FDs when stream returns EAGAIN
	The code calling sendfd/recvfd was mistakenly assuming those
	calls would never block. They can in fact return EAGAIN and
	this is causing us to drop the client connection when blocking
	ocurrs while sending/receiving FDs.

	Fixing this is a little hairy on the incoming side, since at
	the point where we see the EAGAIN, we already thought we had
	finished receiving all data for the packet. So we play a little
	trick to reset bufferOffset again and go back into polling for
	more data.

	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Update
	  virNetSocketSendFD/RecvFD to return 0 on EAGAIN, or 1
	  on success
	* src/rpc/virnetclient.c: Move decoding of header & fds
	  out of virNetClientCallDispatch and into virNetClientIOHandleInput.
	  Handling blocking when sending/receiving FDs
	* src/rpc/virnetmessage.h: Add a 'donefds' field to track
	  how many FDs we've sent / received
	* src/rpc/virnetserverclient.c: Handling blocking when
	  sending/receiving FDs

2011-11-05  Eric Blake  <eblake@redhat.com>

	build: silence compiler warning on BSD
	Building on 64-bit FreeBSD 8.2 complained about a cast between
	a pointer and a smaller integer.  Going through an intermediate
	cast shuts up the compiler.

	* src/util/threads-pthread.c (virThreadSelfID): Silence a warning.

	build: fix linking on BSD
	While building on FreeBSD (and after fixing a ptsname_r link error),
	I got this failure:

	./.libs/libvirt_util.a(libvirt_util_la-threads.o)(.text+0x240): In function `virThreadCreate':
	util/threads-pthread.c:185: undefined reference to `pthread_create'

	It turns out that gnulib used only pthread_join for LIB_PTHREAD,
	but on FreeBSD, libc provides that (as a stub function); whereas
	the more complex pthread_create really does require -pthread,
	which gnulib tracked under [LT]LIBMULTITHREAD.

	* configure.ac (LIBS): Check LIBMULTITHREAD alongside LIB_PTHREAD.
	* src/Makefile.am (THREAD_LIBS): New variable.
	(libvirt_util_la_LIBADD, libvirt_lxc_LDADD): Use it.

2011-11-05  Laine Stump  <laine@laine.org>

	remote: fix mingw32 build
	tty is initialized, and later set in code that is compiled for all
	platforms, but is only used in a section that's inside #ifndef WIN32.

2011-11-04  Eric Blake  <eblake@redhat.com>

	lxc: avoid use-after-free
	I got this weird failure:

	error: Failed to start domain simple
	error: internal error cannot mix caller fds with blocking execution

	and tracked it down to a use-after-free - virCommandSetOutputFD
	was storing the address of a stack-local variable, which then
	went out of scope before the virCommandRun that dereferenced it.

	Bug introduced in commit 451cfd05 (0.9.2).

	* src/lxc/lxc_driver.c (lxcBuildControllerCmd): Move log fd
	registration...
	(lxcVmStart): ...to caller.

2011-11-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix naming of constant for disk event
	All constants related to events should have a prefix of
	VIR_DOMAIN_EVENT_

	* include/libvirt/libvirt.h.in, src/qemu/qemu_domain.c:
	  Rename VIR_DOMAIN_DISK_CHANGE_MISSING_ON_START to
	  VIR_DOMAIN_EVENT_DISK_CHANGE_MISSING_ON_START

2011-11-04  Jiri Denemark  <jdenemar@redhat.com>

	conf: Don't free uninitialized pointer
	This causes libvirtd to crash when both <boot dev='...'/> and <boot
	order='...'/> are used in one domain XML. Introduced by
	5fa3d775a9f8cdb3423373eb084219aaf778df11

2011-11-04  Eric Blake  <eblake@redhat.com>

	build: fix deep VPATH builds
	I ran into the following build failure:
	$ mkdir -p build1 build2/a/very/deep/hierarcy
	$ cd build2/a/very/deep/hierarcy
	$ ../../../../../configure && make
	$ cd ../../../../build1
	$ ../configure && make
	...
	../../src/remote/remote_protocol.c:7:55: fatal error: ../../../../../src/remote/remote_protocol.h: No such file or directory

	Turns out that we were sometimes generating the remote_protocol.c
	file with information from the VPATH build, which is bad, since
	any file shipped in the tarball should be idempotent no matter how
	deep the VPATH build tree that created it.

	* src/rpc/genprotocol.pl: Don't embed VPATH into generated file.

2011-11-04  Philipp Hahn  <hahn@univention.de>

	doc: Add <deviceboot> capability.
	Allow /capabilities/guest/features/deviceboot.

2011-11-03  Eric Blake  <eblake@redhat.com>

	lxc: use common code for process cleanup
	Based on a Coverity report - the return value of waitpid() should
	always be checked, to avoid problems with leaking resources.

	* src/lxc/lxc_controller.c (lxcControllerRun): Use simpler virPidAbort.

2011-11-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix default console type setting
	The default console type may vary based on the OS type. ie a Xen
	paravirt guests wants a 'xen' console, while a fullvirt guests
	wants a 'serial' console.

	A plain integer default console type in the capabilities does
	not suffice. Instead introduce a callback that is passed the
	OS type.

	* src/conf/capabilities.h: Use a callback for default console
	  type
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Use callback
	  for default console type. Add missing LXC/OpenVZ console types.
	* src/esx/esx_driver.c, src/libxl/libxl_conf.c,
	  src/lxc/lxc_conf.c, src/openvz/openvz_conf.c,
	  src/phyp/phyp_driver.c, src/qemu/qemu_capabilities.c,
	  src/uml/uml_conf.c, src/vbox/vbox_tmpl.c,
	  src/vmware/vmware_conf.c, src/xen/xen_hypervisor.c,
	  src/xenapi/xenapi_driver.c: Set default console type callback

	Set aliases for LXC/UML console devices
	To allow virDomainOpenConsole to access non-primary consoles,
	device aliases are required to be set. Until now only the QEMU
	driver has done this. Update LXC & UML to set aliases for any
	console devices

	* src/lxc/lxc_driver.c, src/uml/uml_driver.c: Set aliases
	  for console devices

	Default console target type with no <target> element
	When no <target> element was set at all, the default console
	target type was not being honoured

	* src/conf/domain_conf.c: Set default target type for consoles
	  with no <target>

	Add support for multiple consoles in LXC
	Currently the LXC controller only supports setup of a single
	text console. This is wired up to the container init's stdio,
	as well as /dev/console and /dev/tty1. Extending support for
	multiple consoles, means wiring up additional PTYs to /dev/tty2,
	/dev/tty3, etc, etc. The LXC controller is passed multiple open
	file handles, one for each console requested.

	* src/lxc/lxc_container.c, src/lxc/lxc_container.h: Wire up
	  all the /dev/ttyN links required to symlink to /dev/pts/NN
	* src/lxc/lxc_container.h: Open more container side /dev/pts/NN
	  devices, and adapt event loop to handle I/O from all consoles
	* src/lxc/lxc_driver.c: Setup multiple host side PTYs

	Rewrite LXC I/O forwarding to use main event loop
	The current I/O code for LXC uses a hand crafted event loop
	to forward I/O between the container & host app, based on
	epoll to handle EOF on PTYs. This event loop is not easily
	extensible to add more consoles, or monitor other types of
	file descriptors.

	Remove the custom event loop and replace it with a normal
	libvirt event loop. When detecting EOF on a PTY, disable
	the event watch on that FD, and fork off a background thread
	that does a edge-triggered epoll() on the FD. When the FD
	finally shows new incoming data, the thread re-enables the
	watch on the FD and exits.

	When getting EOF from a read() on the PTY, the existing code
	would do waitpid(WNOHANG) to see if the container had exited.
	Unfortunately there is a race condition, because even though
	the process has closed its stdio handles, it might still
	exist.

	To deal with this the new event loop uses a SIG_CHILD handler
	to perform the waitpid only when the container is known to
	have actually exited.

	* src/lxc/lxc_controller.c: Rewrite the event loop to use
	  the standard APIs.

	Fix crash formatting virtio console
	qemuBuildVirtioSerialPortDevStr was mistakenly accessing the
	target.name field in the virDomainChrDef object for chardevs
	belonging to a console. Those chardevs only have port set,
	and if there's > 1 console, the > 1port number results in
	trying to access a target.name with address 0x1

	* src/qemu/qemu_command.c: Fix target.name handling and
	  make code more robust wrt error reporting

	* src/qemu/qemu_command.c: Conditionally access target.name

	Allow multiple consoles per virtual guest
	While Xen only has a single paravirt console, UML, and
	QEMU both support multiple paravirt consoles. The LXC
	driver can also be trivially made to support multiple
	consoles. This patch extends the XML to allow multiple
	<console> elements in the XML. It also makes the UML
	and QEMU drivers support this config.

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Allow
	  multiple <console> devices
	* src/lxc/lxc_driver.c, src/xen/xen_driver.c,
	  src/xenxs/xen_sxpr.c, src/xenxs/xen_xm.c: Update for
	  internal API changes
	* src/security/security_selinux.c, src/security/virt-aa-helper.c:
	  Only label consoles that aren't a copy of the serial device
	* src/qemu/qemu_command.c, src/qemu/qemu_driver.c,
	  src/qemu/qemu_process.c, src/uml/uml_conf.c,
	  src/uml/uml_driver.c: Support multiple console devices
	* tests/qemuxml2xmltest.c, tests/qemuxml2argvtest.c: Extra
	  tests for multiple virtio consoles. Set QEMU_CAPS_CHARDEV
	  for all console /channel tests
	* tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-auto.args,
	  tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.args
	  tests/qemuxml2argvdata/qemuxml2argv-console-virtio.args: Update
	  for correct chardev syntax
	* tests/qemuxml2argvdata/qemuxml2argv-console-virtio-many.args,
	  tests/qemuxml2argvdata/qemuxml2argv-console-virtio-many.xml: New
	  test file

	Remove translations in socket test case
	The test case errors should not be translated since they're only
	targetted at developers, not users.

	* tests/virnetsockettest.c: Remove error reporting with translations

2011-11-03  Guido Günther  <agx@sigxcpu.org>

	virnetsockettest: Use a temporary directory in /tmp
	to avoid exceeding UNIX_PATH_MAX

	Use ENAMETOOLONG if the the socket path is longer than UNIX_PATH_MAX

2011-11-03  Eric Blake  <eblake@redhat.com>

	xen: allow getting < max typed parameters
	Allow the user to call with nparams too small, per API documentation.

	* src/xen/xen_hypervisor.c (xenHypervisorGetSchedulerParameters):
	Allow fewer than max.
	* src/xen/xend_internal.c (xenDaemonGetSchedulerParameters):
	Likewise.

	test: drop redundant check
	libvirt.c guarantees that nparams is non-zero for scheduler parameters.

	* src/test/test_driver.c (testDomainGetSchedulerParamsFlags): Drop
	redundant check.  Avoid strcpy.

	lxc: allow getting < max typed parameters
	Allow the user to call with nparams too small, per API documentation.
	Also, libvirt.c filters out nparams of 0 for scheduler parameters.

	* src/lxc/lxc_driver.c (lxcDomainGetMemoryParameters): Allow fewer
	than max.
	(lxcGetSchedulerParametersFlags): Drop redundant check.

	libxl: allow getting < max typed parameters
	Allow the user to call with nparams too small, per API documentation.

	* src/libxl/libxl_driver.c
	(libxlDomainGetSchedulerParametersFlags): Allow fewer than max.

	esx: allow getting < max typed parameters
	Allow the user to call with nparams too small, per API documentation.

	* src/esx/esx_driver.c (esxDomainGetMemoryParameters): Drop
	redundant check.
	(esxDomainGetSchedulerParametersFlags): Allow fewer than max.

	API: document scheduler parameter names
	Document the parameter names that will be used by
	virDomain{Get,Set}SchedulerParameters{,Flags}, rather than
	hard-coding those names in each driver, to match what is
	done with memory, blkio, and blockstats parameters.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SCHEDULER_CPU_SHARES)
	(VIR_DOMAIN_SCHEDULER_VCPU_PERIOD)
	(VIR_DOMAIN_SCHEDULER_VCPU_QUOTA, VIR_DOMAIN_SCHEDULER_WEIGHT)
	(VIR_DOMAIN_SCHEDULER_CAP, VIR_DOMAIN_SCHEDULER_RESERVATION)
	(VIR_DOMAIN_SCHEDULER_LIMIT, VIR_DOMAIN_SCHEDULER_SHARES): New
	field name macros.
	* src/qemu/qemu_driver.c (qemuSetSchedulerParametersFlags)
	(qemuGetSchedulerParametersFlags): Use new defines.
	* src/test/test_driver.c (testDomainGetSchedulerParamsFlags)
	(testDomainSetSchedulerParamsFlags): Likewise.
	* src/xen/xen_hypervisor.c (xenHypervisorGetSchedulerParameters)
	(xenHypervisorSetSchedulerParameters): Likewise.
	* src/xen/xend_internal.c (xenDaemonGetSchedulerParameters)
	(xenDaemonSetSchedulerParameters): Likewise.
	* src/lxc/lxc_driver.c (lxcSetSchedulerParametersFlags)
	(lxcGetSchedulerParametersFlags): Likewise.
	* src/esx/esx_driver.c (esxDomainGetSchedulerParametersFlags)
	(esxDomainSetSchedulerParametersFlags): Likewise.
	* src/libxl/libxl_driver.c (libxlDomainGetSchedulerParametersFlags)
	(libxlDomainSetSchedulerParametersFlags): Likewise.

2011-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix off-by-one printing month in logging code
	The field 'mon' in 'struct tm' gives months 0-11, where as
	humans tend to expect months 1-12. Thus the month number
	needing adjusting by 1

	* src/util/logging.c: Use human friendly month number

	Add missing param initialization in qemuDomainBlockStatsFlags
	* src/qemu/qemu_driver.c: Fix use of uninitialized 'params'

2011-11-02  Wen Congyang  <wency@cn.fujitsu.com>

	fix crash when starting network
	commit 27908453 introduces a regression, and it will
	cause libvirt crashed when starting network.

	The reason is that tapfd may be NULL, but we dereference
	it without checking whether it is NULL.

2011-11-02  Eric Blake  <eblake@redhat.com>

	qemu: allow getting < max typed parameters
	Since all virTypedParameter APIs allow us to return the number
	of slots we actually populated, we should allow the user to
	call with nparams too small (without overrunning their array)
	or too large (ignoring the tail of the array that we can't fill),
	rather than requiring that they get things exactly right.

	Making this change will make it easier for a future patch to
	introduce VIR_TYPED_PARAM_STRING, with filtering in libvirt.c
	rather than in every single driver, since users already have
	to be prepared for *nparams to be smaller on exit than on entry.

	* src/qemu/qemu_driver.c (qemuDomainGetBlkioParameters)
	(qemuDomainGetMemoryParameters): Allow variable nparams on entry.
	(qemuGetSchedulerParametersFlags): Drop redundant check.
	(qemudDomainBlockStats, qemudDomainBlockStatsFlags): Rename...
	(qemuDomainBlockStats, qemuDomainBlockStatsFlags): ...to this.
	Don't return unavailable stats.

	docs: improve typed parameter documentation
	virDomainBlockStatsFlags was missing a check that was present in
	virDomainGetMemoryParameters.  Additionally, I found that the
	existing descriptions were a bit hard to read.  A later patch
	will fix qemu to return fewer than max parameters if @nparams
	was too small on input.

	* src/libvirt.c (virDomainGetMemoryParameters)
	(virDomainGetBlkioParameters, virDomainGetSchedulerParameters)
	(virDomainGetSchedulerParametersFlags):
	Tweak documentation wording.
	(virDomainBlockStatsFlags): Likewise, and add sanity check.

2011-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Don't overwrite error message during VM cleanup
	If an LXC VM fails to start, quite a few cleanup paths will
	result in the original error message being overwritten. Some
	other cleanup paths also forgot to actually terminate the VM.

	* src/lxc/lxc_driver.c: Ensure VM is terminated on startup
	  failure and preserve original error

	Add support for probing filesystem with libblkid
	The LXC code for mounting container filesystems from block devices
	tries all filesystems in /etc/filesystems and possibly those in
	/proc/filesystems. The regular mount binary, however, first tries
	using libblkid to detect the format. Add support for doing the same
	in libvirt, since Fedora's /etc/filesystems is missing many formats,
	most notably ext4 which is the default filesystem Fedora uses!

	* src/Makefile.am: Link libvirt_lxc to libblkid
	* src/lxc/lxc_container.c: Probe filesystem format with libblkid

	Fix error message when failing to detect filesystem
	If we looped through /etc/filesystems trying to mount with each
	type and failed all options, we forget to actually raise an
	error message.

	* src/lxc/lxc_container.c: Raise error if unable to detect
	  the filesystems. Also fix existing error message

	Workaround for broken kernel autofs mounts
	The kernel automounter is mostly broken wrt to containers. Most
	notably if you start a new filesystem namespace and then attempt
	to unmount any autofs filesystem, it will typically fail with a
	weird error message like

	  Failed to unmount '/.oldroot/sys/kernel/security':Too many levels of symbolic links

	Attempting to detach the autofs mount using umount2(MNT_DETACH)
	will also fail with the same error. Therefore if we get any error on
	unmount()ing a filesystem from the old root FS when starting a
	container, we must immediately break out and detach the entire
	old root filesystem (ignoring any mounts below it).

	This has the effect of making the old root filesystem inaccessible
	to anything inside the container, but at the cost that the mounts
	live on in the kernel until the container exits. Given that SystemD
	uses autofs by default, we need LXC to be robust this scenario and
	thus this tradeoff is worthwhile.

	* src/lxc/lxc_container.c: Detach root filesystem if any umount
	  operation fails.

	Correctly handle '*' in /etc/filesystems
	The /etc/filesystems file can contain a '*' on the last line to
	indicate that /proc/filessystems should be tried next. We have
	a check that this '*' only occurs on the last line. Unfortunately
	when we then start reading /proc/filesystems, we mistakenly think
	we've seen '*' in /proc/filesystems and fail

	* src/lxc/lxc_container.c: Skip '*' validation when we're reading
	  /proc/filesystems

	Ensure errno is valid when returning from lxcContainerWaitForContinue
	Only some of the return paths of lxcContainerWaitForContinue will
	have set errno. In other paths we need to set it manually to avoid
	the caller getting a random stale errno value

	* src/lxc/lxc_container.c: Set errno in lxcContainerWaitForContinue

	Create /var/lib/libvirt/filesystems for LXC trees
	We already have a /var/lib/libvirt/images for OS install images.
	We need a separate /var/lib/libvirt/filesystems for OS install
	trees, since SELinux labelling will be different

	* libvirt.spec.in: Add /var/lib/libvirt/filesystems
	* src/Makefile.am: Create /var/lib/libvirt/filesystems

2011-11-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Support folders in the path of vpx:// connection URIs
	Allow the datacenter and compute resource parts of the path
	to be prefixed with folders. Therefore, the way the path is
	parsed has changed. Before, it was split in 2 or 3 items and
	the items' meanings were determined by their positions. Now
	the path can have 2 or more items and the the vCenter server
	is asked whether a folder, datacenter of compute resource
	with the specified name exists at the current hierarchy level.

	Before the datacenter and compute resource lookup automatically
	traversed folders during lookup. This is logic got removed
	and folders have to be specified explicitly.

	The proper datacenter path including folders is now used when
	accessing a datastore over HTTPS. This makes virsh dumpxml
	and define work for datacenters in folders.

	https://bugzilla.redhat.com/show_bug.cgi?id=732676

2011-11-02  Patrice LACHANCE  <patlachance@gmail.com>

	esx: Support vSphere 5.x
	And virtual hardware version 8.

2011-11-02  Wen Ruo Lv  <lvroyce@linux.vnet.ibm.com>

	Fix URI alias prefix matching
	with /etc/libvirt/libvirt.conf below:
	uri_aliases = [
	  "hail=qemu:///system",
	  "sleet=qemu+ssh://root 9 115 122 57/system",
	  "sam=qemu+unix:///system?socket=/var/run/libvirt/libvirt-sock",
	]
	Neither "virsh -c hailly" nor "hai" should result in matching "hail=qemu:///system"

	Fix URI alias prefix matching when connecting

2011-11-02  Eric Blake  <eblake@redhat.com>

	docs: fix typo in <disk>/<target> example
	* docs/formatdomain.html.in: Use dev, not def.
	Reported by Alexander Biryukov.

2011-11-01  Michal Privoznik  <mprivozn@redhat.com>

	ServerClient: Flush cached data
	If daemon is using SASL it reads client data into a cache. This cache is
	big (usually 65KB) and can thus contain 2 or more messages. However,
	on socket event we can dispatch only one message. So if we read two
	messages at once, the second will not be dispatched as the socket event
	goes away with filling the cache.
	Moreover, when dispatching the cache we need to remember to take care
	of client max requests limit.

2011-11-01  Daniel P. Berrange  <berrange@redhat.com>

	Fix storage pool source comparison to avoid comparing with self
	If we are comparing storage pools we must skip comparing with
	ourself, so that re-defining an existing pool works

	* conf/storage_conf.c: Skip self when comparing

2011-11-01  Sage Weil  <sage@newdream.net>

	qemu: pass virConnectPtr into Domain{Attach,Detach}*
	The qemu RBD driver needs access to the conn in order to get the secret
	needed for connecting to the ceph cluster.

2011-11-01  Alex Jia  <ajia@redhat.com>

	qemu: plug memory leak
	Detected by Coverity. Leak introduced in commit 6cabc0b.

	* src/qemu/qemu_command.c: Clean up on failure.

2011-11-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	python: Fix documentation of virStream recv
	This was fixed in be757a3f7baf93b for libvirt.c.

2011-10-31  Michal Privoznik  <mprivozn@redhat.com>

	startupPolicty: Minor cleanups
	This patch does some cleanups to my previous startupPolicy patchset.

2011-10-30  Osier Yang  <jyang@redhat.com>

	qemu: Restore the original states of PCI device when restarting daemon
	To support "managed" mode of host PCI device, we record the original
	states (unbind_from_stub, remove_slot, and reprobe) so that could
	reattach the device to host with original driver. But there is no XML
	for theses attrs, and thus after daemon is restarted, we lose the
	original states. It's easy to reproduce:

	    1) virsh start domain
	    2) virsh attach-device dom hostpci.xml (in 'managed' mode)
	    3) service libvirtd restart
	    4) virsh destroy domain

	    You will see the device won't be bound to the original driver
	if there was one.

	This patch is to solve the problem by introducing internal XML
	(won't be dumped to user, only dumped to status XML). The XML is:
	    <origstates>
	      <unbind/>
	      <remove_slot/>
	      <reprobe/>
	    </origstates>

	Which will be child node of <hostdev><source>...</souce></hostdev>.
	(only for PCI device).

	A new struct "virDomainHostdevOrigStates" is introduced for the XML,
	and the according members are updated when preparing the PCI device.
	And function "qemuUpdateActivePciHostdevs" is modified to honor
	the original states. Use of qemuGetPciHostDeviceList is removed
	in function "qemuUpdateActivePciHostdevs", and the "managed" value of
	the device config is honored by the change. This fixes another problem
	alongside:

	    qemuGetPciHostDeviceList set the device as "managed" force
	    regardless of whether the device is configured as "managed='yes'"
	    or not in XML, which is not right.

2011-10-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Add support for VirtualBox 4.1
	Deal with the incompatible changes in the VirtualBox 4.1 API.

	INetworkAdapter has its different AttachTo* method replaced by
	a settable attachmentType property.

	The maximum number of network adapters is now requestable per
	chipset type.

	The OpenMedium method got a bool parameter to request opening
	a medium under a new IID.

	vbox: Support shared folders
	Shared folders are handled as filesystems and can also be hotplugged.

	xenapi: Improve error reporting in xenapiOpen once again
	privP->session->error_description is a list and in order to get the
	complete error message all parts of the list should be concatenated.
	xenapiSessionErrorHandler does this when its third parameter is NULL.
	The current code discards all but the first part of the error message
	resulting in a potentially incomplete error message.

	This partly reverts 006be75ee214f9b4, that tried to avoid reporting
	a (null) in the error message. The actual problem is more general in
	returnErrorFromSession that might return NULL if there is no error.

	Make sure that returnErrorFromSession return non-NULL always. Also
	don't skip the last error message part.

2011-10-29  Roopa Prabhu  <roprabhu@cisco.com>

	macvtap: Fix error return value convention/inconsistencies
	- changed some return 1's to return -1
	- changed if (rc) error checks to if (rc < 0)
	- fixed some other minor convention violations

	I might have missed some. Can fix in another patch or can respin

	Reported-by: Eric Blake <eblake@redhat.com>
	Reported-by: Laine Stump <laine@laine.org>

2011-10-29  Josh Durgin  <josh.durgin@dreamhost.com>

	Use a common xml type for ceph secret usage.
	The types used in domaincommon.rng and secret.rng should be the same.

	Move genericName to basictypes.rng, then drop redundant types now
	that secret.rng uses basictypes.rng.

2011-10-29  Xu He Jie  <xuhj@linux.vnet.ibm.com>

	pci address conflict when virtio disk with drive type
	When using the xml as below:
	------------------------------------------------------
	<devices>
	  <emulator>/home/soulxu/data/work-code/qemu-kvm/x86_64-softmmu/qemu-system-x86_64</emulator>
	    <disk type='file' device='disk'>
	    <driver name='qemu' type='qcow2'/>
	    <source file='/home/soulxu/data/VM/images/linux.img'/>
	    <target dev='vda' bus='virtio'/>
	    <address type='drive' controller='0' bus='0' unit='0'/>
	  </disk>
	  <input type='mouse' bus='ps2'/>
	  <graphics type='vnc' port='-1' autoport='yes'/>
	  <video>
	    <model type='cirrus' vram='9216' heads='1'/>
	    <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
	  </video>
	  <memballoon model='virtio'>
	    <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
	  </memballoon>
	</devices>
	------------------------------------------------------

	Then can't startup qemu, the error message as below:
	virsh # start test-vm
	error: Failed to start domain test-vm
	error: internal error process exited while connecting to monitor: qemu-system-x86_64: -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3: PCI: slot 3 function 0 not available for virtio-balloon-pci, in use by virtio-blk-pci
	qemu-system-x86_64: -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3: Device 'virtio-balloon-pci' could not be initialized

	So adding check for bus type and address type. Only the address of pci type support by virtio bus.

2011-10-29  Eric Blake  <eblake@redhat.com>

	secret: fix bad patch application
	In hand-applying Josh and Sage's patch, I missed out on a break.

	* src/conf/secret_conf.c (virSecretDefFree): Fix my botch.

2011-10-29  Josh Durgin  <josh.durgin@dreamhost.com>

	storage: add auth to virDomainDiskDef
	Add additional fields to let you specify the how to authenticate with a disk.
	The secret to use may be referenced by a usage string or a UUID, i.e.:

	<auth username='myuser'>
	 <secret type='ceph' usage='secretname'/>
	</auth>

	or

	<auth username='myuser'>
	 <secret type='ceph' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
	</auth>

2011-10-29  Sage Weil  <sage@newdream.net>

	secret: add Ceph secret type
	Add a new secret type to store a Ceph authentication key. The name
	is simply an identifier for easy human reference.

	The xml looks like this:

	<secret ephemeral='no' private='no'>
	 <uuid>0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f</uuid>
	 <usage type='ceph'>
	   <name>mycluster_admin</name>
	 </usage>
	</secret>

2011-10-29  Alex Jia  <ajia@redhat.com>

	qemu: plug memory leak
	Leak introduced in commit c1bc3d89.
	Detected by valgrind:

	==18462== 1,100 bytes in 1 blocks are definitely lost in loss record 183 of 184
	==18462==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==18462==    by 0x4A06167: realloc (vg_replace_malloc.c:525)
	==18462==    by 0x4AADBB: virReallocN (memory.c:161)
	==18462==    by 0x4A975E: virBufferGrow (buf.c:117)
	==18462==    by 0x4A9D92: virBufferVasprintf (buf.c:290)
	==18462==    by 0x4A9EF7: virBufferAsprintf (buf.c:263)
	==18462==    by 0x429488: qemuBuildControllerDevStr (qemu_command.c:1993)
	==18462==    by 0x42C4B6: qemuBuildCommandLine (qemu_command.c:3803)
	==18462==    by 0x41A604: testCompareXMLToArgvHelper (qemuxml2argvtest.c:124)
	==18462==    by 0x41BB81: virtTestRun (testutils.c:141)
	==18462==    by 0x416DFF: mymain (qemuxml2argvtest.c:369)
	==18462==    by 0x41B277: virtTestMain (testutils.c:696)
	==18462==
	==18462== LEAK SUMMARY:
	==18462==    definitely lost: 1,100 bytes in 1 blocks
	==18462==    indirectly lost: 0 bytes in 0 blocks

	* src/qemu/qemu_command.c (qemuBuildCommandLine): Clean up on success.

2011-10-28  Eric Blake  <eblake@redhat.com>

	qemu: avoid leaking uninit data from hotplug to dumpxml
	Detected by Coverity.  The fix in 2c27dfa didn't catch all bad
	instances of memcpy().  Thankfully, on further analysis, all of
	the problematic uses are only triggered by old qemu that lacks
	-device.

	* src/qemu/qemu_hotplug.c (qemuDomainAttachPciDiskDevice)
	(qemuDomainAttachNetDevice, qemuDomainAttachHostPciDevice): Init
	all fields since monitor only populates some of them.

2011-10-28  Ryota Ozaki  <ozaki.ryota@gmail.com>

	util: Fix virUUIDGeneratePseudoRandomBytes
	It forgets to move a pointer to a buffer for UUID and as a result
	fills only the first byte of the buffer.

2011-10-28  Daniel P. Berrange  <berrange@redhat.com>

	Implement RPC driver support for virDomainOpenGraphics
	Since it needs to access file descriptors passed in the msg,
	the RPC driver for virDomainOpenGraphics needs to be manually
	implemented.

	* daemon/remote.c: RPC server dispatcher
	* src/remote/remote_driver.c: RPC client dispatcher
	* src/remote/remote_protocol.x: Define protocol

	Extend RPC server to allow FD passing
	The RPC server classes are extended to allow FDs to be received
	from clients with calls. There is not currently any way for a
	procedure to pass FDs back to the client with replies

	* daemon/remote.c, src/rpc/gendispatch.pl: Change virNetMessageHeaderPtr
	  param to virNetMessagePtr in dispatcher impls
	* src/rpc/virnetserver.c, src/rpc/virnetserverclient.c,
	  src/rpc/virnetserverprogram.c, src/rpc/virnetserverprogram.h:
	  Extend to support FD passing

	Add client side support for FD passing
	Extend the RPC client code to allow file descriptors to be sent
	to the server with calls, and received back with replies.

	* src/remote/remote_driver.c: Stub extra args
	* src/libvirt_private.syms, src/rpc/virnetclient.c,
	  src/rpc/virnetclient.h, src/rpc/virnetclientprogram.c,
	  src/rpc/virnetclientprogram.h: Extend APIs to allow
	  FD passing

	Extend RPC protocol to allow FD passing
	Define two new RPC message types VIR_NET_CALL_WITH_FDS and
	VIR_NET_REPLY_WITH_FDS. These message types are equivalent
	to VIR_NET_CALL and VIR_NET_REPLY, except that between the
	message header, and payload there is a 32-bit integer field
	specifying how many file descriptors have been passed.

	The actual file descriptors are sent/recv'd out of band.

	* src/rpc/virnetmessage.c, src/rpc/virnetmessage.h,
	  src/libvirt_private.syms: Add support for handling
	  passed file descriptors
	* src/rpc/virnetprotocol.x: Extend protocol for FD
	  passing

	Add APIs for virNetSocket for sending/receiving file descriptors
	Add APIs to the virNetSocket object, to allow file descriptors
	to be sent/received over UNIX domain socket connections

	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h,
	  src/libvirt_private.syms: Add APIs for FD send/recv

	Wire up QEMU implementation for virDomainOpenGraphics
	The QEMU monitor command 'add_client' can be used to connect to
	a VNC or SPICE graphics display. This allows for implementation
	of the virDomainOpenGraphics API

	* src/qemu/qemu_driver.c: Implement virDomainOpenGraphics
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
	  Add binding for 'add_client' command

	Extend graphics event to include UNIX socket
	Not all VNC/SPICE servers use a TCP socket for their connections.
	It is possible to configure a UNIX socket server. The graphics
	event must thus include a UNIX socket address type.

	* include/libvirt/libvirt.h.in: Add UNIX socket address type
	  for graphics event
	* src/qemu/qemu_monitor_json.c: Add 'unix' string to address
	  type enum

	Introduce the virDomainOpenGraphics API
	The virDomainOpenGraphics API allows a libvirt client to pass in
	a file descriptor for an open socket pair, and get it connected
	to the graphics display of the guest. This is limited to working
	with local libvirt hypervisors connected over a UNIX domain
	socket, since it will use UNIX FD passing

	* include/libvirt/libvirt.h.in: Define virDomainOpenGraphics
	* src/driver.h: Define driver for virDomainOpenGraphics
	* src/libvirt_public.syms, src/libvirt.c: Entry point for
	  virDomainOpenGraphics
	* src/libvirt_internal.h: VIR_DRV_FEATURE_FD_PASSING

	Remove trailing whitespace from all xfig files
	The 5th line of every xfig file has 'Letter   ' which
	annoys GITs trailing-whitespace commit hook. Hand edit
	the files to remove that trailing whitespace

	* docs/*.fig: Remove trailing whitespace

	Add documentation about migration.
	This adds a page documenting many aspects of migration:

	 - The types of migration (managed direct, p2p, unmanaged direct)
	 - Data transports (native, tunnelled)
	 - Migration URIs
	 - Config file handling
	 - Example scenarios

	* libvirt.css: Rules for data tables and diagrams
	* Makefile.am: Include extra png/fig files
	* migration-managed-direct.fig, migration-managed-direct.png,
	  migration-managed-direct.png, migration-managed-p2p.png,
	  migration-native.fig, migration-native.png,
	  migration-tunnel.fig, migration-tunnel.png,
	  migration-unmanaged-direct.fig, migration-unmanaged-direct.png:
	  Diagrams of migration
	* migration.html.in, sitemap.html.in: New migration doc

2011-10-28  Ryota Ozaki  <ozaki.ryota@gmail.com>

	virsh: Fix error message on vol-create-from failure
	If vol-create-from is failed due to 'input volume not found',
	virsh outputs like this:
	  $ sudo virsh vol-create-from testpool test-vol.xml test.img
	  error: failed to get vol 'test.img', specifying --pool might help
	  error: Storage volume not found: no storage vol with matching path
	However, '--pool' is incorrect because it is already specified as
	second argument ('testpool' in this case). It should be "--inputpool".

	The patch fixes this by using pooloptname, which will be "inputpool"
	in this case and "pool" in other cases, as error message.

2011-10-28  Tyler Coumbes  <coumbes@gmail.com>

	bridge: modify for use when sVirt is enabled with qemu
	This refactors the TAP creation code out of brAddTap into a new
	function brCreateTap to allow it to be used on its own. I have also
	changed ifSetInterfaceMac to brSetInterfaceMac and exported it since
	it is will be needed by code outside of util/bridge.c in the next
	patch.

	 AUTHORS                 |    1 +
	 src/libvirt_bridge.syms |    2 +
	 src/util/bridge.c       |  116 +++++++++++++++++++++++++++++++----------------
	 src/util/bridge.h       |    9 ++++
	 4 files changed, 89 insertions(+), 39 deletions(-)

2011-10-28  Jiri Denemark  <jdenemar@redhat.com>

	Use virXMLSaveFile when writing XML config

	Introduce virXMLSaveFile as a wrapper for virFileRewrite
	Every time we write XML into a file we call virEmitXMLWarning to write a
	warning that the file is automatically generated. virXMLSaveFile
	simplifies this into a single step and makes rewriting existing XML file
	safe by using virFileRewrite internally.

	Introduce virFileRewrite for safe file rewrite
	When saving config files we just overwrite old content of the file. In
	case something fails during that process (e.g. disk gets full) we lose
	both old and new content. This patch makes the process more robust by
	writing the new content into a separate file and only if that succeeds
	the original file is atomically replaced with the new one.

2011-10-27  Daniel P. Berrange  <berrange@redhat.com>

	Add a systemtap script for watching QEMU monitor interactions
	This change adds some systemtap/dtrace probes to the QEMU monitor
	client code. In particular it allows watching of all operations
	for a VM

	* examples/systemtap/qemu-monitor.stp: Watch all monitor commands
	* src/Makefile.am: Passing libdir/bindir/sbindir to dtrace2systemtap.pl
	* src/dtrace2systemtap.pl: Accept libdir/bindir/sbindir as args
	  and look for '# binary:' comment to mark probes against libvirtd
	  vs libvirt.so
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor_json.c,
	  src/qemu/qemu_monitor_text.c: Add probes for key functions

2011-10-27  Peter Krempa  <pkrempa@redhat.com>

	lxc: Revert zeroing count of allocated items if VIR_REALLOC_N fails
	Previous commit clears number of items alocated in lxcSetupLoopDevices
	if VIR_REALLOC_N fails. In that case, the pointer is not NULL, and
	causes leaking FDs that have been allocated.

	 *  src/lxc/lxc_controller.c: revert zeroing array size

2011-10-27  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in virFileAccessibleAs
	* src/util/util.c: s/git_t/gid_t/ in parameter list of virFileAccessibleAs

2011-10-27  Alex Jia  <ajia@redhat.com>

	lxc: avoid null deref on lxcSetupLoopDevices failure
	If the function lxcSetupLoopDevices(def, &nloopDevs, &loopDevs) failed,
	the variable loopDevs will keep a initial NULL value, however, the
	function VIR_FORCE_CLOSE(loopDevs[i]) will directly deref it.

	This patch also fixes returning a bogous number of devices from
	lxcSetupLoopDevices on an error path.

	* rc/lxc/lxc_controller.c: fixed a null pointer dereference.

	lxc: avoid missing '{' in the function
	Cppcheck detected a syntaxError on lxcDomainInterfaceStats.

	* src/lxc/lxc_driver.c: fixed missing '{' in the function lxcDomainInterfaceStats.

2011-10-27  Eric Blake  <eblake@redhat.com>

	qemu: simplify use of HAVE_YAJL
	Rather than making all clients of monitor commands that are JSON-only
	check whether yajl support was compiled in, it is simpler to just
	avoid setting the capability bit up front if we can't use the capability.

	* src/qemu/qemu_capabilities.c (qemuCapsComputeCmdFlags): Only set
	capability bit if we also have yajl library to use it.
	* src/qemu/qemu_driver.c (qemuDomainReboot): Drop #ifdefs.
	* src/qemu/qemu_process.c (qemuProcessStart): Likewise.
	* tests/qemuhelptest.c (testHelpStrParsing): Pass test even
	without yajl.
	* tests/qemuxml2argvtest.c (mymain): Simplify use of json flag.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-*.args:
	Update expected results to match.

	snapshot: minor cleanups from reviewing indentation
	Break some long lines, and use more efficient functions when possible,
	such as relying on virBufferEscapeString to skip output on a NULL arg.
	Ensure that output does not embed newlines, since auto-indent won't
	work in those situations.

	* src/conf/domain_conf.c (virDomainTimerDefFormat): Break output lines.
	(virDomainDefFormatInternal, virDomainDiskDefFormat)
	(virDomainActualNetDefFormat, virDomainNetDefFormat)
	(virDomainHostdevDefFormat): Minor cleanups.

	snapshot: simplify indentation of disk encryption xml
	Use auto-indent in more places.

	* src/conf/storage_encryption_conf.h (virStorageEncryptionFormat):
	Drop parameter.
	* src/conf/storage_encryption_conf.c (virStorageEncryptionFormat)
	(virStorageEncryptionSecretFormat): Simplify with auto-indent.
	* src/conf/domain_conf.c (virDomainDiskDefFormat): Adjust caller.
	* src/conf/storage_conf.c (virStorageVolTargetDefFormat): Likewise.

	snapshot: simplify indentation of nwfilter
	Fixing this involved some refactoring of common code out of
	domain_conf and nwfilter_conf into nwfilter_params.

	* src/conf/nwfilter_params.h (virNWFilterFormatParamAttributes):
	Adjust signature.
	* src/conf/nwfilter_params.c (_formatParameterAttrs)
	(virNWFilterFormatParamAttributes): Adjust indentation handling,
	and handle filterref here.
	(formatterParam): Delete unused struct.
	* src/conf/domain_conf.c (virDomainNetDefFormat): Adjust caller.
	* src/conf/nwfilter_conf.c (virNWFilterIncludeDefFormat): Likewise.

	storage: avoid null deref on qemu-img failure
	Detected by Coverity.  Only possible if qemu-img gives bogus output,
	but we might as well be robust.

	* src/storage/storage_backend.c
	(virStorageBackendQEMUImgBackingFormat): Check for strstr failure.

	build: avoid RHEL 5 build failure on LXC
	Per the discussion here, LXC on RHEL 5 makes no sense.
	https://www.redhat.com/archives/libvir-list/2011-September/msg01169.html

	* configure.ac (with_lxc): Reject RHEL 5.x LXC as too old.

2011-10-25  Eric Blake  <eblake@redhat.com>

	build: use gnulib fdatasync
	Commit 1726a73 hacked around MacOS' lack of fdatasync, since
	gnulib did not have it at the time.  But now that we use newer
	gnulib, we can avoid the hack.

	* bootstrap.conf (gnulib_modules): Add fdatasync.
	* configure.ac (AC_CHECK_FUNCS_ONCE): Drop our own check.

2011-10-25  Daniel P. Berrange  <berrange@redhat.com>

	Add REMOTE_PROC_DOMAIN_EVENT_DISK_CHANGE to remote_protocol-structs
	* src/remote_protocol-structs: Add new event

2011-10-25  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: extend schema to support new targets
	Extend the nwfilter schema to support the continue and return targets.

2011-10-25  Michal Privoznik  <mprivozn@redhat.com>

	util: Add virFileAccessibleAs to private symbols
	Commit 458b7099b2e791b58f1286002974927d3e8bcc80 introduced this
	function. However it was not added into libvirt_private.syms so
	the compilation may not succeed on some hosts.

	startupPolicy: Emit event on disk source dropping
	If a disk source gets dropped because it is not accessible,
	mgmt application might want to be informed about this. Therefore
	we need to emit an event. The event presented in this patch
	is however a bit superset of what written above. The reason is simple:
	an intention to be easily expanded, e.g. on 'user ejected disk
	in guest' events. Therefore, callback gets source string and disk alias
	(which should be unique among a domain) and reason (an integer);

	qemu: implement startupPolicy
	This patch implements on_missing feature in qemu driver.
	Upon qemu startup process an accessibility of CDROMs
	and floppy disks is checked. The source might get dropped
	if unavailable and on_missing is set accordingly.
	No event is emit thought. Look for follow up patch.

	qemu: Move device alias assigning before command line construction
	This patch is rather cosmetic as it only moves device alias
	assignation from command line construction just before that.
	However, it is needed in connotation of previous and next patch.

	util: Create virFileAccessibleAs function
	This function checks if a given path is accessible under
	given uid and gid.

	conf: Introduce optional startupPolicy attribute for cdrom and floppy
	This attribute says what to do with cdrom (or floppy) if
	the source is missing. It accepts:
	- mandatory - fail if missing for any reason (the default)
	- requisite - fail if missing on boot up, drop if missing on
	              migrate/restore/revert
	- optional  - drop if missing at any start attempt.

	However, this patch introduces only XML part of this new
	functionality.

2011-10-25  Eric Blake  <eblake@redhat.com>

	storage: make previous leak less likely to regress
	Splitting into two functions allows the user to call the right
	function, rather than having to remember that a *Free function is
	an exception to the rule.

	* src/conf/storage_conf.h (virStoragePoolSourceClear): New function.
	* src/libvirt_private.syms (storage_conf.h): Export it.
	* src/conf/storage_conf.c (virStoragePoolSourceFree): Split...
	(virStoragePoolSourceClear): ...into new function.
	(virStoragePoolDefFree, virStoragePoolDefParseSourceString):
	Update callers.
	* src/test/test_driver.c (testStorageFindPoolSources): Likewise.
	* src/storage/storage_backend_fs.c
	(virStorageBackendFileSystemNetFindPoolSourcesFunc)
	(virStorageBackendFileSystemNetFindPoolSources): Likewise.
	* src/storage/storage_backend_iscsi.c
	(virStorageBackendISCSIFindPoolSources): Likewise.
	* src/storage/storage_backend_logical.c
	(virStorageBackendLogicalFindPoolSources): Likewise.

	storage: plug iscsi memory leak
	Detected by Coverity.  virStoragePoolSourceFree does not free the
	actual passed-in pointer.  A bigger patch would be to rename it
	virStoragePoolSourceClear to match behavior, or even split it into
	two functions depending on needed behavior; but this is the minimal
	fix to the one location out of eight that leaked memory.

	* src/storage/storage_backend_iscsi.c
	(virStorageBackendISCSIFindPoolSources): Free memory.

	waitpid: improve safety
	Based on a report by Coverity.  waitpid() can leak resources if it
	fails with EINTR, so it should never be used without checking return
	status.  But we already have a helper function that does that, so
	use it in more places.

	* src/lxc/lxc_container.c (lxcContainerAvailable): Use safer
	virWaitPid.
	* daemon/libvirtd.c (daemonForkIntoBackground): Likewise.
	* tests/testutils.c (virtTestCaptureProgramOutput, virtTestMain):
	Likewise.
	* src/libvirt.c (virConnectAuthGainPolkit): Simplify with virCommand.

	qemu: avoid leaking uninit data from hotplug to dumpxml
	Detected by Coverity.  Both text and JSON monitors set only the
	bus and unit fields, which means driveAddr.controller spends
	life as garbage on the stack, and is then memcpy()'d into the
	in-memory representation which the user can see via dumpxml.

	* src/qemu/qemu_hotplug.c (qemuDomainAttachSCSIDisk): Only copy
	defined fields.

2011-10-24  Ryota Ozaki  <ozaki.ryota@gmail.com>

	virsh: Fix vol-info's 'Type' output
	We have a new vol type "dir" in addition to "file" and "block", but
	virsh doesn't know it. Fix it.

	Additionally, the patch lets virsh output "unknown" if not matched
	any of them.

2011-10-21  Ryota Ozaki  <ozaki.ryota@gmail.com>

	docs: Document filesystem type='block' for LXC
	Commit 77791dc0e allows LXC to use a host block device as a guest
	filesystem, but it isn't documented yet.

2011-10-21  David L Stevens  <dlstevens@us.ibm.com>

	support continue/return targets in nwfilter
		This patch adds support for "continue" and "return" actions
	in filter rules.

2011-10-21  Eric Blake  <eblake@redhat.com>

	snapshot: simplify indentation of network xml
	More simplifications possible due to auto-indent.  Also,
	<bandwidth> within <actual> was only using 6 instead of 8 spaces.

	* src/util/network.h (virVirtualPortProfileFormat)
	(virBandwidthDefFormat): Alter signature.
	* src/util/network.c (virVirtualPortProfileFormat)
	(virBandwidthDefFormat): Alter indentation.
	(virBandwidthChildDefFormat): Tweak to make use easier.
	* src/conf/network_conf.c (virPortGroupDefFormat)
	(virNetworkDefFormat): Adjust callers.
	* src/conf/domain_conf.c (virDomainNetDefFormat): Likewise.
	(virDomainActualNetDefFormat): Likewise, and fix bandwidth
	indentation.

	snapshot: simplify indentation of cpu features
	Auto-indent makes life a bit easier; this patch also drops unused
	arguments and replaces a misspelled flag name with two entry points
	instead, so that callers don't have to worry about how much spacing
	is present when embedding cpu elements.

	* src/conf/cpu_conf.h (virCPUFormatFlags): Delete.
	(virCPUDefFormat): Drop unused argument.
	(virCPUDefFormatBuf): Alter signature.
	(virCPUDefFormatBufFull): New prototype.
	* src/conf/cpu_conf.c (virCPUDefFormatBuf): Split...
	(virCPUDefFormatBufFull): ...into new function.
	(virCPUDefFormat): Adjust caller.
	* src/conf/domain_conf.c (virDomainDefFormatInternal): Likewise.
	* src/conf/capabilities.c (virCapabilitiesFormatXML): Likewise.
	* src/cpu/cpu.c (cpuBaselineXML): Likewise.
	* tests/cputest.c (cpuTestCompareXML): Likewise.

	snapshot: simplify indentation of sysinfo
	The improvements to virBuffer, along with a paradigm shift to pass
	the original buffer through rather than creating a second buffer,
	allow us to shave off quite a few lines of code.

	* src/util/sysinfo.h (virSysinfoFormat): Alter signature.
	* src/util/sysinfo.c (virSysinfoFormat, virSysinfoBIOSFormat)
	(virSysinfoSystemFormat, virSysinfoProcessorFormat)
	(virSysinfoMemoryFormat): Change indentation parameter.
	* src/conf/domain_conf.c (virDomainSysinfoDefFormat): Adjust
	caller.
	* src/qemu/qemu_driver.c (qemuGetSysinfo): Likewise.

	snapshot: test domainsnapshot indentation
	Add a test for the simple parts of my indentation changes, and
	fix the fallout.

	* tests/domainsnapshotxml2xmltest.c: New test.
	* tests/Makefile.am (domainsnapshotxml2xmltest_SOURCES): Build it.
	* src/conf/domain_conf.c (virDomainSnapshotDefFormat): Avoid NULL
	deref, match documented order.
	* src/conf/domain_conf.h (virDomainSnapshotDefFormat): Add const.
	* tests/domainsnapshotxml2xmlout/all_parameters.xml: Tweak output.
	* tests/domainsnapshotxml2xmlout/disk_snapshot.xml: Likewise.
	* tests/domainsnapshotxml2xmlout/full_domain.xml: Likewise.
	* .gitignore: Exempt new binary.

	snapshot: indent domain xml when nesting
	<domainsnapshot> is the first public instance of <domain> being
	used as a sub-element, although we have two other private uses
	(runtime state, and migration cookie).  Although indentation has
	no effect on XML parsing, using it makes the output more consistent.

	This uses virBuffer auto-indentation to obtain the effect, for all
	but the portions of <domain> that are not generated a line at a
	time into the same virBuffer.  Further patches will clean up the
	remaining problems.

	* src/conf/domain_conf.h (virDomainDefFormatInternal): New prototype.
	* src/conf/domain_conf.c (virDomainDefFormatInternal): Export.
	(virDomainObjFormat, virDomainSnapshotDefFormat): Update callers.
	* src/libvirt_private.syms (domain_conf.h): Add new export.
	* src/qemu/qemu_migration.c (qemuMigrationCookieXMLFormat): Use
	new function.
	(qemuMigrationCookieXMLFormatStr): Update caller.

	virbuf: add auto-indentation support
	Rather than having to adjust all callers in a chain to deal with
	indentation, it is nicer to have virBuffer do auto-indentation.

	* src/util/buf.h (_virBuffer): Increase size.
	(virBufferAdjustIndent, virBufferGetIndent): New prototypes.
	* src/libvirt_private.syms (buf.h): Export new functions.
	* src/util/buf.c (virBufferAdjustIndent, virBufferGetIndent): New
	functions.
	(virBufferSetError, virBufferAdd, virBufferAddChar)
	(virBufferVasprintf, virBufferStrcat, virBufferURIEncodeString):
	Implement auto-indentation.
	* tests/virbuftest.c (testBufAutoIndent): Test it.
	(testBufInfiniteLoop): Don't rely on internals.
	Idea by Daniel P. Berrange.

	virbuf: more detailed error reporting
	The next patch wants to add some sanity checking, which would
	be a different error than ENOMEM.  Many existing callers blindly
	report OOM failure if virBuf reports an error, and this will be
	wrong in the (unlikely) case that they actually had a usage error
	instead; but since the most common error really is ENOMEM, I'm
	not going to fix all callers.  Meanwhile, new discriminating
	callers can react differently depending on what failure happened.

	* src/util/buf.c (virBufferSetError): Add parameter.
	(virBufferGrow, virBufferVasprintf, virBufferEscapeString)
	(virBufferEscapeSexpr, virBufferEscapeShell): Adjust callers.

	virbuf: improve testsuite reporting
	I had some temporary test failures while working on virbuf
	improvements in later patches, with output that looked like:

	Expected [<]
	Actual [  <]

	which is pretty hard to figure out.  Adding an Offset designation
	made it much easier to find which particular '<' was at the
	wrong indentation, to fix the right part of the code.

	* tests/testutils.c (virtTestDifference): Make it easier to
	diagnose test failures.

	virbuf: fix const-correctness
	Although the compiler wasn't complaining (since it was the pointer,
	rather than what was being pointed to, that was actually const), it
	looks quite suspicious to call a function with an argument labeled
	const when the nature of the pointer (virBufferPtr) is hidden behind
	a typedef.  Dropping const makes the function declarations easier
	to read.

	* src/util/buf.h: Drop const from all functions that modify buffer
	argument.
	* src/util/buf.c (virBufferSetError, virBufferAdd)
	(virBufferContentAndReset, virBufferFreeAndReset)
	(virBufferAsprintf, virBufferVasprintf, virBufferEscapeString)
	(virBufferEscapeSexpr, virBufferEscape): Fix fallout.

2011-10-21  Laine Stump  <laine@laine.org>

	docs: fix incorrect info about routed networks
	In a recent expansion of the documentation on network forward modes, I
	incorrectly stated that incoming sessions to guests on routed networks
	were blocked. This is true for guests on NATed networks, but not
	routed. This patch corrects that error, and adds a pointer to the
	nwfilter page for those who do want to restrict incoming sessions to
	hosts on routed networks.

2011-10-21  tangchen  <tangchen@cn.fujitsu.com>

	qemu: allow json in domxml-to-native
	There is a little difference between the output of domxml-to-native and the actual commandline.
	No matter qemu is in control or readline mode, domxml-to-native always converts it to readline mode.

	That is because the parameter "monitor_json" for qemuBuildCommandLine() is always set to false
	in qemuDomainXMLToNative().

2011-10-21  Eric Blake  <eblake@redhat.com>

	docs: document managed=yes of hostdev passthrough
	Clarify some of the effects of managed passthrough <hostdev> devices;
	with recent changes (commit d093547), a nodedev-reattach is only needed
	to pair up to an explicit nodedev-dettach (but beware that older
	virt-manager has a bug where it uses explicit nodedev-dettach under the
	hood when using the gui to hotplug a hostdev device).

	* docs/formatdomain.html.in: Mention reattach.
	* tools/virsh.pod (nodedev): Mention managed mode.

2011-10-20  Daniel P. Berrange  <berrange@redhat.com>

	Fix virFileOpenTty definition on Win32
	Stub out a complete impl of virFileOpenTty to avoid unused
	parameter warnings

	* src/util/util.c: Fix virFileOpenTty on Win32

2011-10-20  Hu Tao  <hutao@cn.fujitsu.com>

	support setting bandwidth from virsh attach-interface
	Adds two options, inbound and outbound, to attach-interface to set
	bandwidth when attaching interfaces

2011-10-20  Serge E. Hallyn  <serge.hallyn@canonical.com>

	lxc: use hand-rolled code in place of unlockpt and grantpt
	The glibc ones (intentionally) cannot handle ptys opened in a
	devpts not mounted at /dev/pts.

	Drop the (un-exported, unused) virFileOpenTtyAt.

2011-10-20  Eric Blake  <eblake@redhat.com>

	build: ignore test executable
	* .gitignore: Add exemption.

2011-10-19  Philipp Hahn  <hahn@univention.de>

	qemu: Test name-space handling
	Add test cases for parsing the qemu-name-space.
	This is based on qemuxml2argv{test,data/}, but can not reside in
	qemuxml2argv{test,data/} because ...

	1. qemuxmlns-qemu-ns-domain.xml is not schema-valid and breaks
	domainschematest. The test is still important to detect xmlns:qemu
	bindings to a name-space other than
	http://libvirt.org/schemas/domain/qemu/1.0

	2. they break qemuxml2xml, because the xmlns:qemu binding is moved to
	the top-level <domain> element when converting from argv to xml.

	qemu: Fix name-space handling
	The XML parser for the qemu specific extensions expects the qemu name-space
	to be bound to the 'qemu' prefix. This is too strict, since the name of the
	name-space-prefix is only meant as an internal lookup key. Only the associated
	URI is relevant.
	<domain>...
	  <qemu:commandline xmlns:qemu="http://libvirt.org/schemas/domain/qemu/1.0">
	  ...</qemu:commandline>
	</domain>

	<domain xmlns:ns0="http://libvirt.org/schemas/domain/qemu/1.0">...
	  <ns0:commandline>
	  ...</ns0:commandline>
	</domain>

	<domain xmlns:qemu="http://libvirt.org/schemas/domain/qemu/1.0">
	  <qemu:commandline xmlns:qemu="urn:foo">
	  ...</qemu:commandline>
	</domain>

	Remove the test for checking the name-space binding on the top-level <domain>
	element. Registering the name-space with XPath is enough.

2011-10-19  Xu He Jie  <xuhj@linux.vnet.ibm.com>

	compile: fix undefined reference to gnutls_x509_crt_get_dn with gcc-4.6.1
	When I compile libvirt with gcc-4.6.1 in ubuntu 11.10, got error as below:

	  CCLD   libvirtd
	/usr/bin/ld: ../src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_migration.o): undefined reference to symbol 'gnutls_x509_crt_get_dn@@GNUTLS_1_4'
	/usr/bin/ld: note: 'gnutls_x509_crt_get_dn@@GNUTLS_1_4' is defined in DSO /usr/lib/x86_64-linux-gnu/libgnutls.so so try adding it to the linker command line
	/usr/lib/x86_64-linux-gnu/libgnutls.so: could not read symbols: Invalid operation
	collect2: ld returned 1 exit status
	make[3]: *** [libvirtd] Error 1

	It can compile with gcc-4.5.2 in ubuntu 11.04, but it can not compile with gcc-4.6.1 in ubuntu 11.10.

	I didn't find reason. Does Anyone know the reason or the different between gcc-4.5.2 and gcc-4.6.1?

	I still provide a patch for this. Just make it is working now.

2011-10-19  Daniel P. Berrange  <berrange@redhat.com>

	Replace virBufferAdd with virBufferAddLit for const string
	The statement

	        virBufferAdd(buf, "''", 2);

	triggers a syntax-check warning

	* src/util/buf.c: Replace virBufferAdd with virBufferAddLit

2011-10-19  Philipp Hahn  <hahn@univention.de>

	documentation: trivial spelling fix

2011-10-19  Daniel P. Berrange  <berrange@redhat.com>

	Allow for URI aliases when connecting to libvirt
	This adds support for a libvirt client configuration file
	either /etc/libvirt/libvirt.conf for privileged clients,
	or $HOME/.libvirt/libvirt.conf for unprivileged clients.

	It allows one parameter

	 uri_aliases = [
	   "hail=qemu+ssh://root@hail.cloud.example.com/system",
	   "sleet=qemu+ssh://root@sleet.cloud.example.com/system",
	 ]

	Any call to virConnectOpen with a non-NULL URI will first
	attempt to match against the uri_aliases list. An application
	can disable this by using VIR_CONNECT_NO_ALIASES

	* docs/uri.html.in: Document URI aliases
	* include/libvirt/libvirt.h.in: Add VIR_CONNECT_NO_ALIASES
	* libvirt.spec.in, mingw32-libvirt.spec.in: Add /etc/libvirt/libvirt.conf
	* src/Makefile.am: Install default config file
	* src/libvirt.c: Add support for URI aliases
	* src/remote/remote_driver.c: Don't try to handle URIs
	  with no scheme and which clearly are not paths
	* src/util/conf.c: Don't raise error on virConfFree(NULL)
	* src/xen/xen_driver.c: Don't raise error on URIs
	  with no scheme

	Add support for autodestroy of guests to the LXC and UML drivers
	We recently added support for VIR_DOMAIN_START_AUTODESTROY and
	an impl to the QEMU driver. It is very desirable to support in
	other drivers, so this adds it to LXC and UML

	* src/lxc/lxc_conf.h, src/lxc/lxc_driver.c,
	  src/uml/uml_conf.h, src/uml/uml_driver.c: Wire up autodestroy
	  functions

2011-10-19  Guido Günther  <agx@sigxcpu.org>

	Use virBufferEscapeShell in cmdEcho

	qemu: replace qemuMonitorEscapeShell by virBufferEscapeShell

	virBufferEscapeShell: Emit quotes for the empty string
	Make the empty string return '' to match cmdEcho's behavior.

2011-10-19  Eric Blake  <eblake@redhat.com>

	snapshot: detect when qemu lacks disk-snapshot support
	Noticed when testing new libvirt against old qemu that lacked the
	snapshot_blkdev HMP command.  Libvirt was mistakenly treating the
	command as successful, and re-writing the domain XML to use the
	just-created 0-byte file, rendering the domain broken on restart.

	* src/qemu/qemu_monitor_text.c (qemuMonitorTextDiskSnapshot):
	Notice another possible error message.
	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotCreateSingleDiskActive): Don't keep 0-byte file
	on failure.

2011-10-18  Guido Günther  <agx@sigxcpu.org>

	virBufferEscapeShell: Fix escaping of single quotes.
	When checking if we need to escape a single quote we were looking at the
	character after the quote instead of at the quote itself.

2011-10-18  Xu He Jie  <xuhj@linux.vnet.ibm.com>

	compile: Add a missing function 'pciDeviceListFind' to libvirt_private.syms
	compile error:
	./src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_hostdev.o): In function `qemuPrepareHostdevPCIDevices':
	/home/soulxu/data/work-code/libvirt/src/qemu/qemu_hostdev.c:183: undefined reference to `pciDeviceListFind'
	/home/soulxu/data/work-code/libvirt/src/qemu/qemu_hostdev.c:230: undefined reference to `pciDeviceListFind'
	./src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_hostdev.o): In function `qemuGetActivePciHostDeviceList':
	/home/soulxu/data/work-code/libvirt/src/qemu/qemu_hostdev.c:102: undefined reference to `pciDeviceListFind'
	./src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_hostdev.o): In function `qemuDomainReAttachHostdevDevices':
	/home/soulxu/data/work-code/libvirt/src/qemu/qemu_hostdev.c:370: undefined reference to `pciDeviceListFind'

2011-10-18  Osier Yang  <jyang@redhat.com>

	qemu: Do not wait if the PCI device is not managed when reattaching
	Waiting for qemu-kvm cleaning up the PCI bar(s) mapping with long time
	while the device is not managed is just waste of time.

2011-10-18  Jim Fehlig  <jfehlig@suse.com>

	Add AHCI support to qemu driver
	Tested with multiple AHCI controllers and multiple disks attached
	to a controller. E.g.,

	    <disk type='file' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source file='/var/lib/libvirt/images/test/disk0.raw'/>
	      <target dev='sda' bus='sata'/>
	      <address type='drive' controller='0' bus='0' unit='0'/>
	    </disk>
	    <disk type='file' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source file='/var/lib/libvirt/images/test/disk1.raw'/>
	      <target dev='sdb' bus='sata'/>
	      <address type='drive' controller='0' bus='0' unit='1'/>
	    </disk>
	    <disk type='file' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source file='/var/lib/libvirt/images/test/disk2.raw'/>
	      <target dev='sdc' bus='sata'/>
	      <address type='drive' controller='1' bus='0' unit='0'/>
	    </disk>
	    <controller type='sata' index='0'>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
	    </controller>
	    <controller type='sata' index='1'>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
	    </controller>

2011-10-18  Eric Blake  <eblake@redhat.com>

	snapshot: implement LIST_LEAVES flag in esx
	Relatively straight-forward filtering.

	* src/esx/esx_vi.h (esxVI_GetNumberOfSnapshotTrees)
	(esxVI_GetSnapshotTreeNames): Add parameter.
	* src/esx/esx_vi.c (esxVI_GetNumberOfSnapshotTrees)
	(esxVI_GetSnapshotTreeNames): Allow leaf filtering.
	* src/esx/esx_driver.c (esxDomainSnapshotNum)
	(esxDomainSnapshotListNames, esxDomainSnapshotNumChildren)
	(esxDomainSnapshotListChildrenNames): Pass new flag through.

2011-10-18  Philipp Hahn  <hahn@univention.de>

	Fix virt-sanlock-cleanup documentation
	The referenced page does not exist, but locking.html has a section about
	sanlock.

2011-10-17  Jiri Denemark  <jdenemar@redhat.com>

	Fix VPATH build
	probes.h is generated in build directory; setting a dependency on
	probes.h from source directory doesn't work well in VPATH builds. Caused
	by commit 1afcfbdda0cac112faa61f74ec943e46aa43f2f5

	qemu: Relax -no-shutdown check to [0.14.0, 0.15.0]
	The patch that fixes SIGTERM handling with -no-shutdown was taken into
	0.15.1 stable release of qemu.

2011-10-17  Philipp Hahn  <hahn@univention.de>

	Fix two comments related to error handling

2011-10-15  Wen Congyang  <wency@cn.fujitsu.com>

	build: fix 'make dist' error
	When I run 'make dist', I receive the following error messages:
	make[1]: Entering directory `/home/wency/source/libvirt/src'
	  GEN    remote/remote_protocol.h
	  GEN    remote/remote_protocol.c
	  GEN    remote/qemu_protocol.h
	  GEN    remote/qemu_protocol.c
	  GEN    remote/qemu_client_bodies.h
	  CC     libvirt_driver_remote_la-remote_protocol.lo
	In file included from ./remote/remote_protocol.h:16,
	                 from ./remote/remote_protocol.c:7:
	/internal.h:249:23: error: probes.h: No such file or directory
	make[1]: *** [libvirt_driver_remote_la-remote_protocol.lo] Error 1
	make[1]: Leaving directory `/home/wency/source/libvirt/src'
	make: *** [distdir] Error 1

	The reason is that we use probes.h before generating it.

2011-10-15  Roopa Prabhu  <roprabhu@cisco.com>

	Add missing strdup return value check
	Check strdup return value and fail if error

2011-10-15  Osier Yang  <jyang@redhat.com>

	qemu: Honor the orginal PCI dev properties when reattaching
	BZ# https://bugzilla.redhat.com/show_bug.cgi?id=736214

	The problem is caused by the original info of domain's PCI dev is
	maintained by qemu_driver->activePciHostdevs list, (E.g. dev->reprobe,
	which stands for whether need to reprobe driver for the dev when do
	reattachment). The fields (dev->reprobe, dev->unbind_from_stub, and
	dev->remove_slot) are initialized properly when preparing the PCI
	device for managed attachment. However, when do reattachment, it
	construct a complete new "pciDevice" without honoring the original
	dev info, and thus the dev won't get the original driver or can get
	other problem.

	This patch is to fix the problem by get the devs from list
	driver->activePciHostdevs.

	Tested with following 3 scenarios:
	  * the PCI was bound to some driver not pci-stub before attaching

	    result: the device will be bound to the original driver

	  * the PCI was bound to pci-stub before attaching

	    result: no driver reprobing, and still bound to pci-stub

	  * The PCI was not bound to any driver

	    result: no driver reprobing, and still not bound to any driver.

2011-10-15  Roopa Prabhu  <roprabhu@cisco.com>

	macvtap: avoid invalid free
	Commit 0472f39 plugged a leak, but introduced another bug:

	Actually looks like physfndev is conditionally allocated in getPhysfnDev
	Its better to modify getPhysfnDev to allocate physfndev every time.

2011-10-15  Laine Stump  <laine@laine.org>

	docs: fix network XML documentation
	A few people have attempted to use the new forwarding modes with older
	versions of libvirt. The docs where the modes are described have
	always stated the minimum required libvirt version, but the examples
	at the end didn't, which I believe is what has caused the confusion.

	Similarly, the section on portgroups now has a version tag added at
	the beginning.

	I also noticed that there was no example of defining a <dns> hostname,
	so I added one, as well as making the domain name example more
	recognizable (by adding ".com" to the domain).

2011-10-15  Jiri Denemark  <jdenemar@redhat.com>

	Clarify semantics of virDomainMigrate2
	Explicitly disallow conflicts between domain name from dxml and dname.

2011-10-15  Osier Yang  <jyang@redhat.com>

	qemu: Do not reattach PCI device used by other domain when shutdown
	When failing on starting a domain, it tries to reattach all the PCI
	devices defined in the domain conf, regardless of whether the devices
	are still used by other domain. This will cause the devices to be deleted
	from the list qemu_driver->activePciHostdevs, thus the devices will be
	thought as usable even if it's not true. And following commands
	nodedev-{reattach,reset} will be successful.

	How to reproduce:
	  1) Define two domains with same PCI device defined in the confs.
	  2) # virsh start domain1
	  3) # virsh start domain2
	  4) # virsh nodedev-reattach $pci_device

	You will see the device will be reattached to host successfully.
	As pciDeviceReattach just check if the device is still used by
	other domain via checking if the device is in list driver->activePciHostdevs,
	however, the device is deleted from the list by step 2).

	This patch is to prohibit the bug by:
	  1) Prohibit a domain starting or device attachment right at
	     preparation period (qemuPrepareHostdevPCIDevices) if the
	     device is in list driver->activePciHostdevs, which means
	     it's used by other domain.

	  2) Introduces a new field for struct _pciDevice, (const char *used_by),
	     it will be set as the domain name at preparation period,
	     (qemuPrepareHostdevPCIDevices). Thus we can prohibit deleting
	     the device from driver->activePciHostdevs if it's still used by
	     other domain when stopping the domain process.

	* src/pci.h (define two internal functions, pciDeviceSetUsedBy and
	    pciDevceGetUsedBy)
	* src/pci.c (new field "const char *used_by" for struct _pciDevice,
	    implementations for the two new functions)
	* src/libvirt_private.syms (Add the two new internal functions)
	* src/qemu_hostdev.h (Modify the definition of functions
	    qemuPrepareHostdevPCIDevices, and qemuDomainReAttachHostdevDevices)
	* src/qemu_hostdev.c (Prohibit preparation and don't delete the
	    device from activePciHostdevs list if it's still used by other domain)
	* src/qemu_hotplug.c (Update function usage, as the definitions are
	    changed)

2011-10-14  Philipp Hahn  <hahn@univention.de>

	Xen: Fake versions in xencapstest
	virInitialize() → xenRegister() → xenhypervisorInit() determines the
	version of the Hypervisor. This breaks xencapstest when building as root
	on a dom0 system, since xenHypervisorBuildCapabilities() adds the "hap"
	and "viridian" features based on the detected version.

	Add an optional parameter to xenhypervisorInit() to disable automatic
	detection of the Hypervisor version. The passed in arguments are used
	instead.

	Xen: move versions to struct
	Calling virInitialize() → xenRegister() → xenhypervisorInit() directly
	opens a connection to the Xen Hypervisor, which breaks some unit tests.

	Move all static variables into a struct to make it easier to override
	them when testing.

2011-10-14  Eric Blake  <eblake@redhat.com>

	esx: drop dead code to silence Coverity
	Coverity detected that the only way to get to the cleanup label
	is if objectSpec had been successfully allocated, so the null
	check was dead code.

	* src/esx/esx_vi.c (esxVI_LookupObjectContentByType): Drop
	redundant null check.

2011-10-14  Jiri Denemark  <jdenemar@redhat.com>

	util: Fix typo in virGetHostname description

2011-10-14  Daniel P. Berrange  <berrange@redhat.com>

	Fix syntax problem in mingw32-libvirt.spec.in
	When defining macros, you can't put comments on the end of the
	line because they will get included in the macro definition

	* mingw32-libvirt.spec.in: Fix comment about hyperv

2011-10-14  Eric Blake  <eblake@redhat.com>

	macvtap: plug memory leak for 802.1Qbh
	Detected by Coverity.  Leak present since commit ca3b22b.

	* src/util/macvtap.c (doPortProfileOp8021Qbh): Release device name.

	qemu: plug memory leak on migration
	Detected by Coverity.  Leak introduced in commit 72de0d2.

	* src/qemu/qemu_migration.c (qemuMigrationCookieGraphicsXMLParse):
	Clean up on success.

	conf: plug memory leak on error
	Detected by Coverity.  Leak present since commit 874e65a; and
	while commit d50bb45 tried to fix the issue, it missed a path.

	* src/conf/domain_conf.c (virDomainDefParseBootXML): Always clean
	up useserial.

2011-10-14  Guido Günther  <agx@sigxcpu.org>

	Use virBufferEscapeShell in virNetSocketNewConnectSSH
	to escape the netcat command since it's passed to the shell. Adjust
	expected test case output accordingly.

	Add virBufferEscapeShell
	Escape strings so they're safe to pass to the shell. It's based on
	virsh's cmdEcho.

	Autodetect if the remote nc command supports the -q option
	Based on a patch by Marc Deslauriers <marc.deslauriers@ubuntu.com>

	RH: https://bugzilla.redhat.com/show_bug.cgi?id=562176
	Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/517478
	Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573172

2011-10-14  Eric Blake  <eblake@redhat.com>

	storage: plug memory leak on error
	Detected by Coverity.  Present since commit 82c1740.

	* src/storage/storage_backend_logical.c
	(virStorageBackendLogicalMakeVol): Fix leak.

2011-10-14  Jiri Denemark  <jdenemar@redhat.com>

	util: Make getaddrinfo failure nonfatal in virGetHostname
	Setting a hostname that cannot be resolved is not the best configuration
	but since virGetHostname only calls getaddrinfo to get host's canonical
	name and we do not fail if the returned canonical name is NULL or
	"localhost", there is no reason why we should fail if getaddrinfo itself
	fails.

	qemu: Make sure BeginJob is always followed by EndJob
	Otherwise we can end up with a dangling job that can only be cleared by
	restarting libvirtd.

	qemu: Log debug messages when changing job
	Log debug messages anytime we call *BeginJob* or *EndJob* so that it's
	easier to spot incorrect usage of domain job APIs.

2011-10-14  Eric Blake  <eblake@redhat.com>

	qemu: fix text block info parsing
	Detected by Coverity.  p (the pointer to the string) is always true;
	when in reality, we wanted to know whether the integer value of the
	just-parsed string is '0' or '1'.  Logic bug since commit b1b5b51.

	* src/qemu/qemu_monitor_text.c (qemuMonitorTextGetBlockInfo): Set
	results to proper value.

	qemu: avoid text monitor null deref
	Detected by Coverity.  If, for some reason, our text monitor input
	does not match our assumptions, we end up incrementing p while it
	is NULL, then dereferencing the pointer 0x1, which will fault.

	* src/qemu/qemu_monitor_text.c
	(qemuMonitorTextGetBlockStatsParamsNumber): Rewrite to avoid
	deref of strchr failure.  Fix indentation.

	qemu: check for json allocation failure
	Detected by Coverity.  Introduced in commit b1b5b51.

	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBlockInfo):
	Avoid null dereference.

	build: add compiler attributes to virUUIDParse
	Coverity complained that most, but not all, clients of virUUIDParse
	were checking for errors.  Silence those coverity warnings by
	explicitly marking the cases where we trust the input, and fixing
	one instance that really should have been checking.  In particular,
	this silences a rather large percentage of the warnings I saw on my
	most recent Coverity analysis run.

	* src/util/uuid.h (virUUIDParse): Enforce rules.
	* src/util/uuid.c (virUUIDParse): Drop impossible check; at least
	Coverity will detect if we break rules and pass NULL.
	* src/xenapi/xenapi_driver.c (xenapiDomainCreateXML)
	(xenapiDomainLookupByID, xenapiDomainLookupByName)
	(xenapiDomainDefineXML): Ignore return when we trust data source.
	* src/vbox/vbox_tmpl.c (nsIDtoChar, vboxIIDToUUID_v3_x)
	(vboxCallbackOnMachineStateChange)
	(vboxCallbackOnMachineRegistered, vboxStoragePoolLookupByName):
	Likewise.
	* src/node_device/node_device_hal.c (gather_system_cap): Likewise.
	* src/xenxs/xen_sxpr.c (xenParseSxpr): Check for errors.

2011-10-14  Marc-André Lureau  <marcandre.lureau@gmail.com>

	virFDStream: close also given errfd (fd leak)
	In virFDStreamOpenFileInternal(), a errfd pipe is opened by
	virCommandRunAsync() and given to virFDStreamOpenInternal().

	It seems virFDStream should close errfd, just like the other
	fd it is given.

	This fixes screenshots leaking FDs:
	http://bugzilla.redhat.com/show_bug.cgi?id=745761

2011-10-14  Eric Blake  <eblake@redhat.com>

	command: avoid fd leak on failure
	virCommandTransferFD promises that the fd is no longer owned by
	the caller.  Normally, we want the fd to remain open until the
	child runs, but in error situations, we must close it earlier.

	* src/util/command.c (virCommandTransferFD): Close fd now if we
	can't track it to close later.
	(virCommandKeepFD): Adjust helper to make this easier.

2011-10-13  Serge E. Hallyn  <serge.hallyn@canonical.com>

	Fix typo in lxc_controller
	s/Mouting/Mounting.

2011-10-13  Eric Blake  <eblake@redhat.com>

	spec: mingw cleanups
	* libvirt.spec.in (%configure): Drop unused %{one} macro.
	* mingw32-libvirt.spec.in (%{rhel}): Compile ESX but not HyperV on
	mingw build for RHEL.
	(%build): Make configure honor spec conditionals.  Reorder to
	match libvirt.spec.
	* autobuild.sh (mingw): Update list to match.
	Suggested by Daniel P. Berrange.

	build: update to latest gnulib
	358 changes; most probably have no impact on libvirt, but we
	might as well stay current.

	* .gnulib: Update to latest.

2011-10-13  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Check for domain being active on successful job acquire
	As this is needed. Although some functions check for domain
	being active before obtaining job, we need to check it after,
	because obtaining job unlocks domain object, during which
	a state of domain can be changed.

	events: Propose a separate lock for event queue
	Currently, push & pop from event queue (both server & client side)
	rely on lock from higher levels, e.g. on driver lock (qemu),
	private_data (remote), ...; This alone is not sufficient as not
	every function that interacts with this queue can/does lock,
	esp. in client where we have a different approach, "passing
	the buck".

	Therefore we need a separate lock just to protect event queue.

	For more info see:
	https://bugzilla.redhat.com/show_bug.cgi?id=743817

	qemu: Implement VIR_DUMP_RESET
	This patch extends qemudDomainCoreDump so it supports new VIR_DUMP_RESET
	flag. If this flag is set, domain is reset on successful dump. However,
	this is needed to be done after we start CPUs.

	virDomainCoreDump: Introduce VIR_DUMP_RESET flag
	This flag is intended to allow user to do so called system reset
	after dump, instead of sending ACPI reboot event.

2011-10-13  Philipp Hahn  <hahn@univention.de>

	example: Support debug output and loop switch
	Add support for enabling debug output via command line option.
	Allow to toggle the loop implementation between pure-Python and
	native-C.

	example: Redirect --help output to stdout/stderr
	When --help is requested, print usage() to stdout.
	When an illegal option is passed, print usage to stderr.

	example: Fix argument handling
	sys.argv contains the original command line arguments, while args only
	contains the arguments not handled by getopt(). Currently this is no
	problem since --help is the only command line option passable, which
	terminates the process, so the code is never reached. Any option added
	in the future will reveal the bug.

2011-10-13  Eric Blake  <eblake@redhat.com>

	snapshot: implement LIST_LEAVES flag in qemu
	With the recent refactoring of qemu snapshot relationships, it
	is now trivial to filter on leaves.

	* src/conf/domain_conf.c (virDomainSnapshotObjListCount)
	(virDomainSnapshotObjListCopyNames): Handle new flag.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotListNames)
	(qemuDomainSnapshotNum, qemuDomainSnapshotListChildrenNames)
	(qemuDomainSnapshotNumChildren): Pass new flag through.

	snapshot: add API for filtering by leaves
	Counterpart to --roots.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SNAPSHOT_LIST_LEAVES):
	New flag.
	* src/libvirt.c (virDomainSnapshotNum, virDomainSnapshotListNames)
	(virDomainSnapshotNumChildren)
	(virDomainSnapshotListChildrenNames): Document it.
	* tools/virsh.c (cmdSnapshotList): Expose it.
	* tools/virsh.pod (snapshot-list): Document --leaves.

2011-10-13  Philipp Hahn  <hahn@univention.de>

	xen: Return tap2 for tap2 disks
	For some versions of Xen the difference between "tap" and "tap2" is
	important. When converting back from xen-sxpr to libvirt-xml, that
	information is lost, which breaks re-defining the domain using that
	data.

	Explicitly return "tap2" for disks defined as "device/tap2".

	xen: fix PyGrub boot device order
	When PyGrub is used as the bootloader in Xen, it gets passed the first
	bootable disk. Xend supports a "bootable"-flag for this, which isn't
	explicitly supported by libvirt.
	When converting libvirt-xml to xen-sxpr the "bootable"-flag gets
	implicitly set by xen.xend.XenConfig.device_add() for the first disk
	(marked as "Compat hack -- mark first disk bootable").
	When converting back xen-sxpr to libvirt-xml, the disks are returned in
	the internal order used by Xend ignoring the "bootable"-flag, which
	loses the original order. When the domain is then re-defined, the order
	of disks is changed, which breaks PyGrub, since a different disk gets
	passed.

	When converting xen-sxpr to libvirt-xml, use the "bootable"-flag to
	determine the first disk.

	This isn't perfect, since several disks can be marked as bootable using
	the Xend-API, but that is not supported by libvirt. In all known cases
	relevant to libvirt exactly one disk is marked as bootable.

	tests: Add support for skipping tests
	AM_TESTS has support for skipping tests, while the C-implementation
	virtTestRun() does not support that feature.

	Print "_" or "SKIP" in verbose mode for tests returning EXIT_AM_SKIP=77.

2011-10-13  Harsh Prateek Bora  <harsh@linux.vnet.ibm.com>

	Introduce <driver> under <filesystem> to support open-by-handle
	VirtFS allows the user to choose between path/handle based fs driver.
	As of now, libvirt hardcoded path based driver only. This patch provides
	a solution to allow user to choose between path/handle based fs driver.

	Sample:

	    <filesystem type='mount'>
	      <driver type='handle'/>
	      <source dir='/folder/to/share1'/>
	      <target dir='mount_tag1'/>
	    </filesystem>

	    <filesystem type='mount'>
	      <driver type='path'/>
	      <source dir='/folder/to/share2'/>
	      <target dir='mount_tag2'/>
	    </filesystem>

2011-10-13  Sage Weil  <sage@newdream.net>

	buf: implement generic virBufferEscape
	Implement a generic helper to escape a given set of characters with a
	leading '\'.  Generalizes virBufferEscapeSexpr().

2011-10-12  Osier Yang  <jyang@redhat.com>

	daemon: Always advertise libvirtd service
	This is a regression introduced by new RPC codes, previously
	we advertise the service via ssh even if the daemon doesn't
	listen on TLS port (TCP is not choosed). Now the service is
	only advertised when it listens on TLS or TCP port. This breaks
	upper layer apps which intends to discover the service, such
	as virt-manager.

2011-10-12  Eric Blake  <eblake@redhat.com>

	snapshot: drop dead parameters
	The previous optimizations lead to some follow-on cleanups.

	* src/conf/domain_conf.c (virDomainSnapshotForEachChild)
	(virDomainSnapshotForEachDescendant): Drop dead parameter.
	(virDomainSnapshotActOnDescendant)
	(virDomainSnapshotObjListNumFrom)
	(virDomainSnapshotObjListGetNamesFrom): Update callers.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotNumChildren)
	(qemuDomainSnapshotListChildrenNames, qemuDomainSnapshotDelete):
	Likewise.
	* src/conf/domain_conf.h: Update prototypes.

	snapshot: take advantage of new relations
	Among other improvements, virDomainSnapshotForEachDescendant is
	changed from iterative O(n^2) to recursive O(n).  A bit better
	than the O(n^3) implementation in virsh snapshot-list!

	* src/conf/domain_conf.c (virDomainSnapshotObjListNum)
	(virDomainSnapshotObjListNumFrom)
	(virDomainSnapshotObjeListGetNames, virDomainSnapshotForEachChild)
	(virDomainSnapshotForEachDescendant): Optimize.
	(virDomainSnapshotActOnDescendant): Tweak.
	(virDomainSnapshotActOnChild, virDomainSnapshotMarkDescendant):
	Delete, now that they are unused.

	snapshot: track qemu snapshot relations
	Maintain the parent/child relationships of all qemu snapshots.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotLoad): Populate
	relationships after loading.
	(qemuDomainSnapshotCreateXML): Set relations on creation; tweak
	redefinition to reuse existing object.
	(qemuDomainSnapshotReparentChildren, qemuDomainSnapshotDelete):
	Clear relations on delete.

	snapshot: framework for more efficient relation traversal
	No one was using virDomainSnapshotHasChildren, but that was an
	O(n) function.  Exposing and tracking a bit more metadata for each
	snapshot will allow the same query to be made with an O(1) query
	of the member field.  For single snapshot operations (create,
	delete), callers can be trusted to maintain the metadata themselves,
	but for reloading, we can't compute parents as we go since there
	is no guarantee that parents were parsed before children, so we also
	provide a function to refresh the relationships, and which can
	be used to detect if the user has ignored our warnings and been
	directly modifying files in /var/lib/libvirt/qemu/snapshot.  This
	patch only adds metadata; later patches will actually use it.

	This layout intentionally hardcodes the size of each snapshot struct,
	by tracking sibling pointers, rather than having to deal with the
	headache of yet more memory management by directly sticking a
	dynamically sized child[] on each parent.

	* src/conf/domain_conf.h (_virDomainSnapshotObj)
	(_virDomainSnapshotObjList): Add members.
	(virDomainSnapshotUpdateRelations, virDomainSnapshotDropParent):
	New prototypes.
	(virDomainSnapshotHasChildren): Delete.
	* src/conf/domain_conf.c (virDomainSnapshotSetRelations)
	(virDomainSnapshotUpdateRelations, virDomainSnapshotDropParent):
	New functions.
	(virDomainSnapshotHasChildren): Drop unused function.
	* src/libvirt_private.syms (domain_conf): Update exports.

	snapshot: use correct qmp monitor command
	To date, JSON disk snapshots worked by accident, as they were always
	using hmp fallback due to a typo in commit e702b5b not picking up
	on the (intentional) difference in command names between the two
	monitor protocols.

	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDiskSnapshot):
	Spell QMP command correctly.
	Reported by Luiz Capitulino.

	snapshot: virsh shorthand for operating on current snap
	Rather than having to do:

	$ virsh snapshot-revert dom $(virsh snapshot-current dom --name)

	I thought it would be nice to do:

	$ virsh snapshot-revert dom --current

	I didn't add 'virsh snapshot-dumpxml --current' since we already have
	'virsh snapshot-current' for the same task.  snapshot-list accepted
	a name but did not require it, and that remains the case, with
	--current serving in place of that name.  For all other commands,
	name used to be required, and can now be replaced by --current;
	I intentionally made it so that omitting both --current and a name
	is an error (having the absence of a name imply --current seems
	just a bit too magic, so --current must be explicit).  I also had
	to keep snapshot-edit backwards-compatible, as the only command
	that already had a --current argument alongside a name, which still
	works to both edit a named snapshot and make it current.

	* tools/virsh.c (vshLookupSnapshot): New helper function.
	(cmdSnapshotEdit, cmdSnapshotList, cmdSnapshotParent)
	(cmdSnapshotDelete, cmdDomainSnapshotRevert): Use it, adding an
	option where needed.
	* tools/virsh.pod (snapshot-delete, snapshot-edit)
	(snapshot-list, snapshot-parent, snapshot-revert): Document
	use of --current.
	(snapshot-dumpxml): Mention alternative.

	build: fix mingw build without sasl
	Detected by autogen.sh on a cross-mingw build:

	Creating library file: .libs/libvirt.dll.a
	Cannot export virNetSASLContextCheckIdentity: symbol not defined
	Cannot export virNetSASLContextNewServer: symbol not defined
	...

	* src/libvirt_private.syms (virnetsaslcontext.h): Move symbols...
	* src/libvirt_sasl.syms: ...to new file.
	* src/Makefile.am (USED_SYM_FILES) [HAVE_SASL]: Use new file.
	(EXTRA_DIST): Ship it.

	build: fix 'make rpm'
	Since commit ddf3bd3, 'make rpm' failed with:

	RPM build errors:
	    File not found: /home/remote/eblake/rpmbuild/BUILDROOT/libvirt-0.9.6-1.fc14.eblake1318366440.x86_64/usr/share/systemtap/tapset/libvirtd.stp

	* libvirt.spec.in (with_dtrace): Match installed .stp files.

	build: fix 'make distcheck'
	I got these distcheck failures with sanlock enabled:

	ERROR: files left in build directory after distclean:
	./tools/virt-sanlock-cleanup
	./src/locking/qemu-sanlock.conf

	* src/Makefile.am (DISTCLEANFILES) [HAVE_SANLOCK]: Clean built
	file.
	* tools/Makefile.am (DISTCLEANFILES): Likewise.

	build: ship helper scripts
	Otherwise, 'make rpm' fails with:

	  GEN    libvirt_qemu.def
	make[2]: *** No rule to make target `dtrace2systemtap.pl', needed by `libvirt_probes.stp'.  Stop.

	* src/Makefile.am (EXTRA_DIST): Add recent script additions.

2011-10-12  Dan Horák  <dan@danny.cz>

	disable xenlight for non-Xen platforms
	when building libvirt in Fedora/s390x I've found that xenlight needs to
	be explicitly disabled in the spec file. Configure properly sets the
	library as non-existent, but the %files section still wants to package
	the 3 /var/*/libvirt/libxl directories. See also
	https://bugzilla.redhat.com/show_bug.cgi?id=745020

2011-10-12  Eric Blake  <eblake@redhat.com>

	build: fix 'make check' linkage with dtrace
	Building on Linux with dtrace enabled was failing 'make check':

	  CCLD   nodeinfotest
	../src/.libs/libvirt_test.a(libvirt_net_rpc_client_la-virnetclient.o): In function `virNetClientNew':
	/home/remote/eblake/libvirt/src/rpc/virnetclient.c:162: undefined reference to `libvirt_rpc_client_new_semaphore'

	On looking further, I see some earlier warnings emitted from libtool:

	*** Warning: Linking the shared library libvirt.la against the non-libtool
	*** objects  probes.o is not portable!

	Since src/probes.o is only built on Linux, and even then, only when
	dtrace is enabled, this failure does not affect other platforms, and
	despite libtool warning that it is not generally portable, it is not
	a problem for our use-case in libvirt.la.  But it turns out that while
	libtool is willing to jam raw .o files into an installed shared
	library (libvirt.la becomes libvirt.so), it is NOT willing to jam
	the same .o file into the convenience library libvirt_test.la.
	Perhaps this is a bug in libtool, but even if we get libtool fixed,
	libvirt must continue to build on platforms with older libtool.  So,
	the fix is the same as we are already using for the libvirt_lxc
	executable - don't rely on the .o file being in the convenience
	library, but instead use LDADD to pull it in directly.

	* tests/Makefile.am (PROBES_O): New macro.
	(LDADDS): Use it to fix link errors.

2011-10-12  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix VPATH build with new probes

2011-10-11  Daniel P. Berrange  <berrange@redhat.com>

	Fix deps for probes.o to ensure correct build ordering

	Update examples for probing with systemtap
	This removes the old example for legacy probes and adds two
	new scripts demonstrating many of the new probe point facilities.

	The rpc-monitor.stp script will print out friendly details of all
	RPC traffic between a libvirt client/server. This is incredibly
	useful in seeing what RPC calls are being made, and also debugging
	problems in the RPC protocol code

	The events.stp script will print out lots of info about the poll
	event loop, which is useful for debugging event handling problems

	* examples/systemtap/events.stp, examples/systemtap/rpc-monitor.stp:
	  New examples
	* examples/systemtap/client.stp: Remove obsolete example

	Rewrite all the DTrace/SystemTAP probing
	The libvirtd daemon had a few crude system tap probes. Some of
	these were broken during the RPC rewrite. The new modular RPC
	code is structured in a way that allows much more effective
	tracing. Instead of trying to hook up the original probes,
	define a new set of probes for the RPC and event code.

	The master probes file is now src/probes.d.  This contains
	probes for virNetServerClientPtr, virNetClientPtr, virSocketPtr
	virNetTLSContextPtr and virNetTLSSessionPtr modules. Also add
	probes for the poll event loop.

	The src/dtrace2systemtap.pl script can convert the probes.d
	file into a libvirt_probes.stp file to make use from systemtap
	much simpler.

	The src/rpc/gensystemtap.pl script can generate a set of
	systemtap functions for translating RPC enum values into
	printable strings. This works for all RPC header enums (program,
	type, status, procedure) and also the authentication enum

	The PROBE macro will automatically generate a VIR_DEBUG
	statement, so any place with a PROBE can remove any existing
	manual DEBUG statements.

	* daemon/libvirtd.stp, daemon/probes.d: Remove obsolete probing
	* daemon/libvirtd.h: Remove probe macros
	* daemon/Makefile.am: Remove all probe buildings/install
	* daemon/remote.c: Update authentication probes
	* src/dtrace2systemtap.pl, src/rpc/gensystemtap.pl: Scripts
	  to generate STP files
	* src/internal.h: Add probe macros
	* src/probes.d: Master list of probes
	* src/rpc/virnetclient.c, src/rpc/virnetserverclient.c,
	  src/rpc/virnetsocket.c, src/rpc/virnettlscontext.c,
	  src/util/event_poll.c: Insert probe points, removing any
	  DEBUG statements that duplicate the info

	Fix missing lock calls on virNetTLSContextRef
	The virNetTLSContextRef API forgot to acquire/release the lock
	while changing ctxt->refs

	* src/rpc/virnettlscontext.c: Add lock calls

	Refactor TLS to facilitate dynamic probing
	Pull the call to gnutls_x509_crt_get_dn up into a higher function
	so that the 'dname' variable will be available for probe points

	* src/rpc/virnettlscontext.c: Pull gnutls_x509_crt_get_dn up
	  one level

	Add virSocketRef API to facilitate dynamic probing
	Instead of directly manipulating sock->refs, add a virSocketRef
	API

	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add virSocketRef

	If receiving a stream error, mark EOF on the stream
	If we receive an error on the stream, set the EOF marker so
	that any further (bogus) incoming data is dropped.

	* src/rpc/virnetclientstream.c: Set EOF on stream

	Make libvirt.so include the RPC server code
	To avoid static linking libvirtd to the RPC server code, which
	then prevents sane introduction of DTrace probes, put it all
	in the libvirt.so, and export it

	* daemon/Makefile.am: Don't link to RPC libraries
	* src/Makefile.am: Link all RPC libraries to libvirt.so
	* src/libvirt_private.syms: Export all RPC functions

2011-10-11  Eric Blake  <eblake@redhat.com>

	snapshot: implement snapshot children listing in esx
	It was fairly trivial to return snapshot listing based on a
	point in the hierarchy, rather than starting at all roots.

	* src/esx/esx_driver.c (esxDomainSnapshotNumChildren)
	(esxDomainSnapshotListChildrenNames): New functions.

	snapshot: implement snapshot children listing in qemu
	Not too hard to wire up.  The trickiest part is realizing that
	listing children of a snapshot cannot use SNAPSHOT_LIST_ROOTS,
	and that we overloaded that bit to also mean SNAPSHOT_LIST_DESCENDANTS;
	we use that bit to decide which iteration to use, but don't want
	the existing counting/listing functions to see that bit.

	* src/conf/domain_conf.h (virDomainSnapshotObjListNumFrom)
	(virDomainSnapshotObjListGetNamesFrom): New prototypes.
	* src/conf/domain_conf.c (virDomainSnapshotObjListNumFrom)
	(virDomainSnapshotObjListGetNamesFrom): New functions.
	* src/libvirt_private.syms (domain_conf.h): Export them.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotNumChildren)
	(qemuDomainSnapshotListChildrenNames): New functions.

	snapshot: remote protocol for snapshot children
	Very mechanical.  I'm so glad we've automated the generation of things,
	compared to what it was in 0.8.x days, where this would be much longer.

	* src/remote/remote_protocol.x
	(REMOTE_PROC_DOMAIN_SNAPSHOT_NUM_CHILDREN)
	(REMOTE_PROC_DOMAIN_SNAPSHOT_LIST_CHILDREN_NAMES): New rpcs.
	(remote_domain_snapshot_num_children_args)
	(remote_domain_snapshot_num_children_ret)
	(remote_domain_snapshot_list_children_names_args)
	(remote_domain_snapshot_list_children_names_ret): New structs.
	* src/remote/remote_driver.c (remote_driver): Use it.
	* src/remote_protocol-structs: Update.

	snapshot: virsh fallback for snapshot-list --descendants --from
	Given a list of snapshots and their parents, finding all descendants
	requires a hairy traversal.  This code is O(n^3); it could maybe be
	made to scale O(n^2) with the use of a hash table, but that costs more
	memory.  Hopefully there aren't too many people with a hierarchy
	so large as to approach REMOTE_DOMAIN_SNAPSHOT_LIST_NAMES_MAX (1024).

	* tools/virsh.c (cmdSnapshotList): Add final fallback.

	snapshot: virsh fallback for snapshot-list --from children
	Iterating over one level of children requires parsing all snapshots
	and their parents; a bit of code shuffling makes it pretty easy
	to do this as well.

	* tools/virsh.c (cmdSnapshotList): Add another fallback.

	snapshot: virsh fallback for snapshot-list --tree --from
	Emulating --from requires grabbing the entire list of snapshots
	and their parents, and recursively iterating over the list from
	the point of interest - but we already do that for --tree.  This
	turns on emulation for that situation.

	* tools/virsh.c (__vshControl): Rename member.
	(vshReconnect, cmdConnect, vshGetSnapshotParent): Update clients.
	(cmdSnapshotList): Add fallback.

	snapshot: virsh snapshot-list and children
	Sometimes, we only care about one branch of the snapshot hierarchy.
	Make it easier to list a single branch, by using the new APIs.

	Technically, I could emulate these new virsh options on old servers
	by doing a complete dump, then scraping xml to filter out just the
	snapshots that I care about, but I didn't want to do that in this patch.

	* tools/virsh.c (cmdSnapshotList): Add --from, --descendants.
	* tools/virsh.pod (snapshot-list): Document them.

	snapshot: new virDomainSnapshotListChildrenNames API
	The previous API addition allowed traversal up the hierarchy;
	this one makes it easier to traverse down the hierarchy.

	In the python bindings, virDomainSnapshotNumChildren can be
	generated, but virDomainSnapshotListChildrenNames had to copy
	from the hand-written example of virDomainSnapshotListNames.

	* include/libvirt/libvirt.h.in (virDomainSnapshotNumChildren)
	(virDomainSnapshotListChildrenNames): New prototypes.
	(VIR_DOMAIN_SNAPSHOT_LIST_DESCENDANTS): New flag alias.
	* src/libvirt.c (virDomainSnapshotNumChildren)
	(virDomainSnapshotListChildrenNames): New functions.
	* src/libvirt_public.syms: Export them.
	* src/driver.h (virDrvDomainSnapshotNumChildren)
	(virDrvDomainSnapshotListChildrenNames): New callbacks.
	* python/generator.py (skip_impl, nameFixup): Update lists.
	* python/libvirt-override-api.xml: Likewise.
	* python/libvirt-override.c
	(libvirt_virDomainSnapshotListChildrenNames): New wrapper function.

	docs: fix html bug
	</space> doesn't exist.  Introduced in commit 4bb4109f.

	* docs/formatdomain.html.in: Use correct end tag.

2011-10-11  Guido Günther  <agx@sigxcpu.org>

	xen_xs: Guard against set but empty kernel argument
	On xen 4.1 I observed configurations that look like:

	(image
	    (hvm
	        (kernel '')
	        (loader '/foo/bar')
	))

	The kernel element is there but unset. This leads to an empty <kernel/>
	element in the XML and even worse makes us skip the boot order parsing
	and therefore not emit a <boot device='$dev>'/> element which breaks CD
	booting.

	xen: add error handling to UUID parsing
	otherwise a missing UUID in a domain config just shows:

	error: An error occurred, but the cause is unknown

	Now we have:

	error: configuration file syntax error: config value uuid was missing

2011-10-11  Eric Blake  <eblake@redhat.com>

	maint: typo fixes
	I noticed a couple typos in recent commits, and fixed the remaining
	instances of them.

	* docs/internals/command.html.in: Fix spelling errors.
	* include/libvirt/libvirt.h.in (virConnectDomainEventCallback):
	Likewise.
	* python/libvirt-override.py (virEventAddHandle): Likewise.
	* src/lxc/lxc_container.c (lxcContainerChild): Likewise.
	* src/util/hash.c (virHashCreateFull): Likewise.
	* src/storage/storage_backend_logical.c
	(virStorageBackendLogicalMakeVol): Likewise.
	* src/esx/esx_driver.c (esxFormatVMXFileName): Likewise.
	* src/vbox/vbox_tmpl.c (vboxIIDIsEqual_v3_x): Likewise.

	snapshot: avoid accidental renames with snapshot-edit
	I was a bit surprised that 'virsh snapshot-edit dom name' silently
	allowed me to clone things, while still telling me the old name,
	especially since other commands like 'virsh edit dom' reject rename
	attempts (*).  This fixes things to be more explicit (**).

	(*) Technically, 'virsh edit dom' relies on virDomainDefineXML
	behavior, which rejects attempts to mix a new name with existing
	uuid or new uuid with existing name, but you can create a new
	domain by changing both uuid and name.  On the other hand, while
	snapshot-edit --clone is a true clone, creating a new domain
	would also have to decide whether to clone snapshot metadata,
	managed save, and any other secondary data related to the domain.
	Domain renames are not trivial either.

	(**) Renaming or creating a clone is still a risky proposition -
	for offline snapshots and system checkpoints, if the new name
	does not match an actual name recorded in the qcow2 internal
	snapshots, then you cannot revert to the new checkpoint.  But it
	is assumed that anyone using the new virsh flags knows what they
	are doing, and can deal with the fallout caused by a rename/clone;
	that is, we can't completely prevent a user from shooting
	themselves in the foot, so much as we are making the default
	action less risky.

	* tools/virsh.c (cmdSnapshotEdit): Add --rename, --clone.
	* tools/virsh.pod (snapshot-edit): Document them.

	snapshot: sort snapshot-list --tree
	Otherwise, the results are not repeatable.

	* tools/virsh.c (cmdSnapshotList): Print tree in predictable order.

2011-10-10  Osier Yang  <jyang@redhat.com>

	storage: Do not use comma as seperator for lvs output
	* src/storage/storage_backend_logical.c:

	If a logical vol is created as striped. (e.g. --stripes 3),
	the "device" field of lvs output will have multiple fileds which are
	seperated by comma. Thus the RE we write in the codes will not
	work well anymore. E.g. (lvs output for a stripped vol, uses "#" as
	seperator here):

	test_stripes##fSLSZH-zAS2-yAIb-n4mV-Al9u-HA3V-oo9K1B#\
	/dev/sdc1(10240),/dev/sdd1(0)#42949672960#4194304

	The RE we use:

	    const char *regexes[] = {
	        "^\\s*(\\S+),(\\S*),(\\S+),(\\S+)\\((\\S+)\\),(\\S+),([0-9]+),?\\s*$"
	    };

	Also the RE doesn't match the "devices" field of striped vol properly,
	it contains multiple "device path" and "offset".

	This patch mainly does:
	    1) Change the seperator into "#"
	    2) Change the RE for "devices" field from "(\\S+)\\((\\S+)\\)"
	       into "(\\S+)".
	    3) Add two new options for lvs command, (segtype, stripes)
	    4) Extend the RE to match the value for the two new fields.
	    5) Parse the "devices" field seperately in virStorageBackendLogicalMakeVol,
	       multiple "extents" info are generated if the vol is striped. The
	       number of "extents" is equal to the stripes number of the striped vol.

	A incidental fix: (virStorageBackendLogicalMakeVol)
	    Free "vol" if it's new created and there is error.

	Demo on striped vol with the patch applied:

	% virsh vol-dumpxml /dev/test_vg/vol_striped2
	<volume>
	  <name>vol_striped2</name>
	  <key>QuWqmn-kIkZ-IATt-67rc-OWEP-1PHX-Cl2ICs</key>
	  <source>
	    <device path='/dev/sda5'>
	      <extent start='79691776' end='88080384'/>
	    </device>
	    <device path='/dev/sda6'>
	      <extent start='62914560' end='71303168'/>
	    </device>
	  </source>
	  <capacity>8388608</capacity>
	  <allocation>8388608</allocation>
	  <target>
	    <path>/dev/test_vg/vol_striped2</path>
	    <permissions>
	      <mode>0660</mode>
	      <owner>0</owner>
	      <group>6</group>
	      <label>system_u:object_r:fixed_disk_device_t:s0</label>
	    </permissions>
	  </target>
	</volume>

	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=727474

2011-10-09  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainAttach: Initialize pidfile variable
	If parsing qemu command line fails (e.g. because of non-existing
	process number supplied), we jump to cleanup label where we free
	pidfile. Therefore it needs to be initialized. Otherwise we free
	random pointer.

2011-10-08  Eric Blake  <eblake@redhat.com>

	qemu: silence Coverity false positive
	Coverity complained that 4 out of 5 callers to virJSONValueObjectGetBoolean
	checked for errors.  But we documented that we don't care in this case.

	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBlockInfo): Use
	ignore_value.

	lxc: fix logic bug
	Detected by Coverity.  We want to increment the size_t counter,
	not the pointer to the counter.  Bug present since 5f5c6fde (0.9.5).

	* src/lxc/lxc_controller.c (lxcSetupLoopDevices): Use correct
	precedence.

2011-10-07  tangchen  <tangchen@cn.fujitsu.com>

	virsh: Update the help information for undefine command.
	virsh undefine command can now undefine an active guest, but the help information is still the old.
	This patch modifies it and make it coincident to the manpage of virsh.

2011-10-07  Daniel P. Berrange  <berrange@redhat.com>

	Don't send back unknown program errors for async messages
	If we send back an unknown program error for async messages,
	we will confuse the client because they only expect replies
	for method calls. Just log & drop any invalid async messages

	* src/rpc/virnetserver.c: Don't send error for async messages

	Fix deadlock when the RPC program is unknown
	Commit 597fe3cee68f561a181967b59a87b4e5c5880c4c accidentally
	introduced a deadlock when reporting an unknown RPC program.
	The virNetServerDispatchNewMessage method is called with
	the client locked, and must therefore not attempt to send
	any RPC messages back to the client. Only once the incoming
	message is passed off to the virNetServerHandleJob worker
	is it safe to start sending messages back

	* src/rpc/virnetserver.c: Delay checking for unknown RPC
	  program until in worker thread

2011-10-07  Eric Blake  <eblake@redhat.com>

	snapshot: simplify redefinition of disk snapshot
	Redefining disk-only snapshot xml should work even if the user
	did not explicitly pass VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY;
	the flag is only required for conditions where the <state>
	subelement is not already present in parsing (that is, defining
	a new snapshot).

	Also, fix the error code of some user-visible errors (the remaining
	VIR_ERR_INTERNAL_ERROR should not be user-visible, since parsing
	of <active> is only done from internal code).

	* src/conf/domain_conf.c (virDomainSnapshotDefParseString): Allow
	disks during redefinition of disk snapshot.

	snapshot: let virsh edit disk snapshots
	It was impossible for 'virsh snapshot-current dom name' to set name
	as the current snapshot, if name is a disk-only snapshot.

	Using strstr rather than full-blown xml parsing is safe, since the
	xml is assumed to be well-formed coming from libvirtd rather than
	arbitrary text coming from the user.

	* tools/virsh.c (cmdSnapshotCurrent, cmdSnapshotEdit): Pass
	disk_only flag when redefining a disk snapshot.

	snapshot: fix virsh error message typo
	* tools/virsh.c (cmdSnapshotList): Spell exclusive correctly.

2011-10-07  Michal Privoznik  <mprivozn@redhat.com>

	remote_driver: Avoid double free in EventControl building
	Don't xdr_free event data as they are freed by our caller
	virNetClientProgramDispatch.

2011-10-07  Eric Blake  <eblake@redhat.com>

	build: fix 'make distcheck' with pdwtags installed
	I am getting this failure with 'make distcheck':

	  GEN    ../../src/remote_protocol-structs
	/bin/sh: ../../src/remote_protocol-structs-t: Permission denied
	make[4]: *** [../../src/remote_protocol-structs] Error 1

	since it attempts a sub-run of a VPATH 'make check' where $(srcdir)
	is intentionally read-only.  I'm not sure which commit introduced
	the problem, although I suspect it was around 62dee6f when I
	refactored protocol struct checking to be more powerful.

	$(@F) is required by POSIX, and although it is not yet portable
	to all make implementations, we already require GNU make.

	* src/Makefile.am (PDWTAGS): Generate temp file into current
	directory, since $(srcdir) is read-only during distcheck.

2011-10-07  Guido Günther  <agx@sigxcpu.org>

	xenParseXM: don't dereference NULL pointer when script is empty

2011-10-07  Laine Stump  <laine@laine.org>

	qemu: add separate rerror_policy for disk errors
	Previously libvirt's disk device XML only had a single attribute,
	error_policy, to control both read and write error policy, but qemu
	has separate options for controlling read and write. In one case
	(enospc) a policy is allowed for write errors but not read errors.

	This patch adds a separate attribute that sets only the read error
	policy. If just error_policy is set, it will apply to both read and
	write error policy (previous behavior), but if the new rerror_policy
	attribute is set, it will override error_policy for read errors only.
	Possible values for rerror_policy are "stop", "report", and "ignore"
	("report" is the qemu-controlled default for rerror_policy when
	error_policy isn't specified).

	For consistency, the value "report" has been added to the possible
	values for error_policy as well.

	qemu: leave rerror policy at default when enospace is requested
	commit 12062ab set rerror=ignore when error_policy="enospace" was
	selected (since the rerror option in qemu doesn't accept "enospc", as
	the werror option does).

	After that patch was already pushed, Paolo Bonzini noticed it and
	commented that leaving rerror at the default ("report") would be a
	better choice. This patch corrects the problem - if error_policy =
	"enospace" is given, rerror is left off the qemu commandline,
	effectively setting it to "report". For other values, rerror is still
	set to match werror.

	Additionally, the parsing of error_policy was changed to no longer
	erroneously allow "default" as a choice - as with most other
	attributes, if you want the default setting, just don't specify an
	error_policy.

	Finally, two ommissions in the first patch were corrected - a
	long-dormant qemuxml2argv test for enospace was enabled, and fixed to
	pass, and the argv2xml parser in qemu_command.c was updated to
	recognize the different spelling on the qemu commandline.

2011-10-07  Eric Blake  <eblake@redhat.com>

	qemu: enable multifunction for older qemu
	Now that RHEL 6.2 Beta is out, it would be nice to test multifunction
	devices on that platform.  This changes things so that the multifunction
	cap bit can be set in two different ways: by version comparison (needed
	for qemu 0.13 which lacked a -device query), and by -device query
	(provided by qemu.git and backported to the RHEL beta build of
	qemu-kvm which still claims to be a modified 0.12, and therefore needed
	for RHEL).

	* src/qemu/qemu_capabilities.c (qemuCapsParseDeviceStr): Allow
	second method of setting multifunction cap bit.
	* tests/qemuhelptest.c (mymain): Test it.
	* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel62-beta: New file.
	* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel62-beta-device: Likewise.

2011-10-06  Guido Günther  <agx@sigxcpu.org>

	Document STREQ_NULLABLE and STRNEQ_NULLABLE

2011-10-06  Daniel P. Berrange  <berrange@redhat.com>

	Make LXC work with new network configuration types
	If using one of the new non-NAT/routed virtual network
	configurations, the LXC driver would not know how to
	setup the VETH devices. Adding in calls to setup the
	"actual" network configuration at VM startup and cleanup
	when shutting down fixes this.

	* src/lxc/lxc_driver.c: Setup/cleanup actual net devs

2011-10-06  Eric Blake  <eblake@redhat.com>

	init: raise default system aio limits
	https://bugzilla.redhat.com/show_bug.cgi?id=740899 documents that
	if qemu uses aio=native for its disks, then it consumes 128 aio
	requests per disk.  On a host with multiple guests, this can quickly
	run out of kernel aio requests with the default aio-max-nr of
	65536.  Kernel developers have confirmed that there is no up-front
	cost to raising this limit (a larger limit merely implies that more
	aio requests can be issued in parallel, which in turn will result
	in more kernel memory allocation, only if the system really does use
	that many requests).  Since the system default limit prevents 256
	disks, which is well within libvirt's current scalability, this
	patch installs a file to raise the limit and document it in case a
	system administrator has further cause to tune the limit.  The
	install only works on platforms new enough to source /etc/sysctl.d/*
	alongside /etc/sysctl.conf (F14 and RHEL 6).

	* daemon/libvirtd.sysctl: New file.
	* daemon/Makefile.am (EXTRA_DIST): Ship it.
	(install-init, uninstall-init): Install it.
	* libvirt.spec.in (%files): Include it in rpm.

	maint: fix minor issues in virterror public header
	Consistent use of tabs, fewer long lines, and a typo fix.

	* include/libvirt/virterror.h: Fix typos, layout.

	snapshot: enforce REVERT_FORCE on qemu
	Implements the documentation for snapshot revert vs. force.

	Part of the patch tightens existing behavior (previously, reverting
	to an old snapshot without <domain> was blindly attempted, now it
	requires force), while part of it relaxes behavior (previously, it
	was not possible to revert an active domain to an ABI-incompatible
	active snapshot, now force allows this transition).

	* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Check for
	risky situations, and allow force to get past them.

	snapshot: use qemu-img on disks in use at time of snapshot
	Once we know which set of disks belong to a snapshot, reverting or
	deleting that snapshot should visit just those disks, rather than
	also visiting disks that were hot-plugged in the meantime or
	skipping disks that were hot-unplugged in the meantime.

	* src/qemu/qemu_domain.c (qemuDomainSnapshotForEachQcow2): Use
	snapshot domain details when available.  Avoid NULL deref.

	snapshot: add REVERT_FORCE to API
	Although reverting to a snapshot is a form of data loss, this is
	normally expected.  However, there are two cases where additional
	surprises (failure to run the reverted state, or a break in
	connectivity to the domain) can come into play.  Requiring extra
	acknowledgment in these cases will make it less likely that
	someone can get into an unrecoverable state due to a default revert.

	Also create a new error code, so users can distinguish when forcing
	would make a difference, rather than having to blindly request force.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SNAPSHOT_REVERT_FORCE):
	New flag.
	* src/libvirt.c (virDomainRevertToSnapshot): Document it.
	* include/libvirt/virterror.h (VIR_ERR_SNAPSHOT_REVERT_RISKY): New
	error value.
	* src/util/virterror.c (virErrorMsg): Implement it.
	* tools/virsh.c (cmdDomainSnapshotRevert): Add --force to virsh.
	* tools/virsh.pod (snapshot-revert): Document it.

2011-10-05  Eric Blake  <eblake@redhat.com>

	snapshot: implement snapshot roots listing in vbox
	Commit 9f5e53e introduced the ability to filter snapshots to
	just roots, but it was never implemented for VBox until now.

	The VBox implementation prohibits deletion of a snapshot with
	multiple children.  Hence, there can only be at most one root,
	which is found by searching for the snapshot with a NULL uuid.

	Prior to 4.0, snapshotGet looked up by UUID, and snapshotFind
	looked up by name; after that point, snapshotGet disappeared
	and snapshotFind handles uuid or name.

	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotNum)
	(vboxDomainSnapshotListNames): Implement limiting list to root.

2011-10-05  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't fail virDomainGetInfo if we can't update balloon info
	Qemu driver tries to update balloon data in virDomainGetInfo and if it
	can't do so because there is another monitor job running, it just
	reports what's known in domain def. However, if there was no job running
	but getting the data from qemu fails, we would fail the whole API. This
	doesn't make sense. Let's make the failure nonfatal.

2011-10-05  Eric Blake  <eblake@redhat.com>

	snapshot: simplify esx snapshot name lookup
	No need to request the parent of a snapshot if we aren't going to use it.

	* src/esx/esx_vi.c (esxVI_GetSnapshotTreeByName): Make parent
	optional.
	* src/esx/esx_driver.c (esxDomainSnapshotCreateXML)
	(esxDomainSnapshotLookupByName, esxDomainRevertToSnapshot)
	(esxDomainSnapshotDelete): Simplify accordingly.

	snapshot: implement snapshot roots listing in esx
	Commit 9f5e53e introduced the ability to filter snapshots to
	just roots, but it was never implemented for ESX until now.

	* src/esx/esx_vi.h (esxVI_GetNumberOfSnapshotTrees)
	(esxVI_GetSnapshotTreeNames): Add parameter.
	* src/esx/esx_vi.c (esxVI_GetNumberOfSnapshotTrees)
	(esxVI_GetSnapshotTreeNames): Allow choice of recursion or not.
	* src/esx/esx_driver.c (esxDomainSnapshotNum)
	(esxDomainSnapshotListNames): Use it to limit to roots.

2011-10-05  Laine Stump  <laine@laine.org>

	qemu: correct misspelled 'enospc' option, and only use for werror
	This resolves:

	     https://bugzilla.redhat.com/show_bug.cgi?id=730909

	When support for setting the qemu disk error policy to "enospc" was
	added, it was inadvertently spelled "enospace". This patch corrects
	that on the qemu commandline (while retaining the "enospace" spelling
	for libvirt's XML).

	Also, while examining the qemu source, I found that "enospc" is not
	allowed for the read error policy, only for write error policy (makes
	sense). Since libvirt currently only has a single error policy
	setting, when "enospace" is selected, the read error policy is set to
	"ignore".

2011-10-05  Eric Blake  <eblake@redhat.com>

	snapshot: better virsh handling of missing current, parent
	Previously, virsh 'snapshot-parent' and 'snapshot-current' were
	completely silent in the case where the code conclusively proved
	there was no parent or current snapshot, but differed in exit
	status; this silence caused some confusion on whether the commands
	worked.  Furthermore, commit d1be48f introduced a regression where
	snapshot-parent would leak output about an unknown function, but
	only on the first attempt, when talking to an older server that
	lacks virDomainSnapshotGetParent.  This changes things to consistenly
	report an error message and exit with status 1 when no snapshot
	exists, and to avoid leaking unknown function warnings when using
	fallbacks.

	* tools/virsh.c (vshGetSnapshotParent): Alter signature, to
	distinguish between real error and missing parent.  Don't pollute
	last_error on success.
	(cmdSnapshotParent): Adjust caller.  Always output message on
	failure.
	(cmdSnapshotList): Adjust caller.
	(cmdSnapshotCurrent): Always output message on failure.

2011-10-05  Guido Günther  <agx@sigxcpu.org>

	Document that ff callbacks need to be invoked from a clean stack.
	Also fix a typo.

2011-10-04  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix migration with dname
	Destination libvirtd remembers the original name in the prepare phase
	and clears it in the finish phase. The original name is used when
	comparing domain name in migration cookie.

2011-10-04  Daniel P. Berrange  <berrange@redhat.com>

	Allow passing of command line args to LXC container
	When booting a virtual machine with a kernel/initrd it is possible
	to pass command line arguments using the <cmdline>...args...</cmdline>
	element in the guest XML. These appear to the kernel / init process
	in /proc/cmdline.

	When booting a container we do not have a custom /proc/cmdline,
	but we can easily set an environment variable for it. Ideally
	we could pass individual arguments to the init process as a
	regular set of 'char *argv[]' parameters, but that would involve
	libvirt parsing the <cmdline> XML text. This can easily be added
	later, even if we add the env variable now

	* docs/drvlxc.html.in: Document env variables passed to LXC
	* src/conf/domain_conf.c: Add <cmdline> to be parsed for
	  guests of type='exe'
	* src/lxc/lxc_container.c: Set LIBVIRT_LXC_CMDLINE env var

	Add support for bandwidth filtering on LXC guests
	Call virBandwidthEnable after creating the LXC veth, so that any
	bandwidth controls get applied

	* src/lxc/lxc_driver.c: Enable bandwidth limiting

2011-10-04  Laine Stump  <laine@laine.org>

	network: fill in bandwidth from portgroup for all forward modes
	This patch is a fix for:

	  https://bugzilla.redhat.com/show_bug.cgi?id=743176

	which was discovered by Dan Berrange while making bandwidth
	configuration work for LXC guests.

	Background: Although virtportprofile data from a network portgroup is
	only applicable for direct mode interfaces, the code that copies
	bandwidth data from the portgroup was also only being executed in the
	case of direct mode interfaces. The result was that interfaces using
	traditional virtual networks (forward mode='nat|route|none'), and
	those using a host bridge for forwarding, would not pick up bandwidth
	data from a portgroup defined in the network.

	This patch moves that code outside the conditional, so that bandwidth
	information is *alway* copied from the appropriate portgroup (unless
	the <interface> definition itself already has bandwidth information,
	which would take precedence over what's in the portgroup anyway).

2011-10-04  Neil Wilson  <neil@brightbox.co.uk>

	bridge_driver.c: Fix autoconf setting
	Code altered so that it is consistent with the associated comment. The
	'autoconf' variable is forced to zero.

2011-10-04  Marc-André Lureau  <marcandre.lureau@gmail.com>

	Set to NULL members that have been freed to prevent crashes
	Do not crash if virStreamFinish is called after error.

	==11000== Invalid read of size 4
	==11000==    at 0x373A8099A0: pthread_mutex_lock (pthread_mutex_lock.c:51)
	==11000==    by 0x4C7CADE: virMutexLock (threads-pthread.c:85)
	==11000==    by 0x4D57C31: virNetClientStreamRaiseError (virnetclientstream.c:203)
	==11000==    by 0x4D385E4: remoteStreamFinish (remote_driver.c:3541)
	==11000==    by 0x4D182F9: virStreamFinish (libvirt.c:14157)
	==11000==    by 0x40FDC4: cmdScreenshot (virsh.c:3075)
	==11000==    by 0x42BA40: vshCommandRun (virsh.c:14922)
	==11000==    by 0x42ECCA: main (virsh.c:16381)
	==11000==  Address 0x59b86c0 is 16 bytes inside a block of size 216 free'd
	==11000==    at 0x4A06928: free (vg_replace_malloc.c:427)
	==11000==    by 0x4C69E2B: virFree (memory.c:310)
	==11000==    by 0x4D57B56: virNetClientStreamFree (virnetclientstream.c:184)
	==11000==    by 0x4D3DB7A: remoteDomainScreenshot (remote_client_bodies.h:1812)
	==11000==    by 0x4CFD245: virDomainScreenshot (libvirt.c:2903)
	==11000==    by 0x40FB73: cmdScreenshot (virsh.c:3029)
	==11000==    by 0x42BA40: vshCommandRun (virsh.c:14922)
	==11000==    by 0x42ECCA: main (virsh.c:16381)

2011-10-03  Eric Blake  <eblake@redhat.com>

	snapshot: implement getparent for vbox
	Built by copying from existing functions.

	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotGetParent): New function.

	snapshot: implement getparent for esx
	Pretty easy to paste together compared to existing functions.

	* src/esx/esx_driver.c (esxDomainSnapshotGetParent): New function.

2011-10-01  Laine Stump  <laine@laine.org>

	qemu: make PCI multifunction support more manual
	When support for was added for PCI multifunction cards (in commit
	9f8baf, first included in libvirt 0.9.3), it was done by always
	turning on the multifunction bit for all PCI devices. Since that time
	it has been realized that this is not an ideal solution, and that the
	multifunction bit must be selectively turned on. For example, see

	  https://bugzilla.redhat.com/show_bug.cgi?id=728174

	and the discussion before and after

	  https://www.redhat.com/archives/libvir-list/2011-September/msg01036.html

	This patch modifies multifunction support so that the multifunction=on
	option is only added to the qemu commandline for a device if its PCI
	<address> definition has the attribute "multifunction='on'", e.g.:

	  <address type='pci' domain='0x0000' bus='0x00'
	           slot='0x04' function='0x0' multifunction='on'/>

	In practice, the multifunction bit should only be turned on if
	function='0' AND other functions will be used in the same slot - it
	usually isn't needed for functions 1-7 (although there are apparently
	some exceptions, e.g. the Intel X53 according to the QEMU source
	code), and should never be set if only function 0 will be used in the
	slot. The test cases have been changed accordingly to illustrate.

	With this patch in place, if a user attempts to assign multiple
	functions in a slot without setting the multifunction bit for function
	0, libvirt will issue an error when the domain is defined, and the
	define operation will fail. In the future, we may decide to detect
	this situation and automatically add multifunction=on to avoid the
	error; even then it will still be useful to have a manual method of
	turning on multifunction since, as stated above, there are some
	devices that excpect it to be turned on for all functions in a slot.

	A side effect of this patch is that attempts to use the same PCI
	address for two different devices will now log an error (previously
	this would cause the domain define operation to fail, but there would
	be no log message generated). Because the function doing this log was
	almost completely rewritten, I didn't think it worthwhile to make a
	separate patch for that fix (the entire patch would immediately be
	obsoleted).

	conf: remove unused VIR_ENUM_DECL
	While adding a new enum, I noticed a VIR_ENUM_DECL for a type that
	doesn't exist. There is also of course no matching VIR_ENUM_IMPL for
	it.

2011-10-01  Marc-André Lureau  <marcandre.lureau@gmail.com>

	virsh: do not unlink NULL file
	error:could not take a screenshot of xp
	==6216== Syscall param unlink(pathname) points to unaddressable byte(s)
	==6216==    at 0x373A0D4937: unlink (syscall-template.S:82)
	==6216==    by 0x40FD73: cmdScreenshot (virsh.c:3070)
	==6216==    by 0x42BA0D: vshCommandRun (virsh.c:14920)
	==6216==    by 0x42EC97: main (virsh.c:16379)
	==6216==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
	==6216==
	error:Requested operation is not valid: domain is not running

2011-10-01  Serge E. Hallyn  <serge.hallyn@canonical.com>

	lvm storage backend: handle command_names=1 in lvm.conf
	If the regexes supported (?:pvs)?, then we could handle this by
	optionally matching but not returning the initial command name.  But it
	doesn't.  So add a new char* argument to
	virStorageBackendRunProgRegex().  If that argument is NULL then we act
	as usual.  Otherwise, if the string at that argument is found at the
	start of a returned line, we drop that before running the regex.

	With this patch, virt-manager shows me lvs with command_names 1 or 0.

	The definitions of PVS_BASE etc may want to be moved into the configure
	scripts (though given how PVS is found, IIUC that could only happen if
	pvs was a link to pvs_real), but in any case no sense dealing with that
	until we're sure this is an ok way to handle it.

2011-09-30  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Check for outstanding async job too
	Currently, qemuDomainGetXMLDesc and qemudDomainGetInfo check for
	outstanding synchronous job before (eventual) monitor entering.
	However, there can be already async job set, e.g. migration.

2011-09-29  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix error message mentioning VNC instead of SPICE

2011-09-29  Xu He Jie  <xuhj@linux.vnet.ibm.com>

	virsh: Add 'reset' command for virsh

	remote: Implement 'reset' for remote driver

	qemu: Implement 'reset' for qemu driver

	api: Add public api for 'reset'
	Add new public api for 'reset'.
	It can reset domain immediately without any guest shutdown.

2011-09-29  Jiri Denemark  <jdenemar@redhat.com>

	logging: Add date to log timestamp

	logging: Do not log timestamp through syslog
	Syslog puts the timestamp to every message anyway so this removes
	redundant data.

2011-09-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	hyperv: Report an error for acceptable URI schemes with a transport
	Before, URIs such as hyperv+ssh:// have been declined by the Hyper-V
	driver resulting in the remote driver trying to connect to an
	non-existing libvirtd.

	Now such URIs trigger an error in the yper-V driver suggesting to
	try again without the transport part in the scheme.

	esx: Report an error for acceptable URI schemes with a transport
	Before, URIs such as esx+ssh:// have been declined by the ESX driver
	resulting in the remote driver trying to connect to an non-existing
	libvirtd.

	Now such URIs trigger an error in the ESX driver suggesting to try
	again without the transport part in the scheme.

2011-09-29  Douglas Schilling Landgraf  <dougsland@redhat.com>

	formatdomain.html.in: fix tickpolicy
	there is no option "none":

	>From libvirt/src/conf/domain_conf.c

	<snip>
	VIR_ENUM_IMPL(virDomainTimerTickpolicy,
	VIR_DOMAIN_TIMER_TICKPOLICY_LAST,
	              "delay",
	              "catchup",
	              "merge",
	              "discard");
	</snip>

	Replacing with delay.

2011-09-29  Daniel Veillard  <veillard@redhat.com>

	virsh: describe attach-interface parameter target
	This patch is based on a improvement suggested by Kazuhiro Kikuchi
	of Fujitsu, it gives a description of the target parameter for that
	command

	* tools/virsh.pod: add description for target parameter of
	  attach-interface

	virsh: update man page for cpu_shares parameter
	The man page suggest that the cpu_shares parameter of schedinfo
	allows values 0-262144, but the kernel remaps values 0 and 1 to
	the minimum 2, just document that behaviour:

	[root@test ~]# cat /cgroup/cpu/libvirt/qemu/cpu.shares
	1024
	[root@test ~]# echo 0 > /cgroup/cpu/libvirt/qemu/cpu.shares
	[root@test ~]# cat /cgroup/cpu/libvirt/qemu/cpu.shares
	2
	[root@test ~]# echo 1 > /cgroup/cpu/libvirt/qemu/cpu.shares
	[root@test ~]# cat /cgroup/cpu/libvirt/qemu/cpu.shares
	2
	[root@test ~]#

	* tools/virsh.pod: update description of the cpu_shares parameter
	  to indicate the values 0 and 1 are automatically changed by the
	  kernel to minimal value 2

2011-09-29  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Check for ejected media during startup and migration
	If the daemon is restarted so we reconnect to monitor, cdrom media
	can be ejected. In that case we don't want to show it in domain xml,
	or require it on migration destination.

	To check for disk status use 'info block' monitor command.

2011-09-29  Alex Jia  <ajia@redhat.com>

	qemu: add return value check
	* src/qemu/qemu_migration.c: if 'vmdef' is NULL, the function
	  virDomainSaveConfig still dereferences it, it doesn't make
	  sense, so should add return value check to make sure 'vmdef'
	  is non-NULL before calling virDomainSaveConfig, in addition,
	  in order to debug later, also should record error information
	  into log.

2011-09-28  Eric Blake  <eblake@redhat.com>

	snapshot: implement getparent in qemu
	First hypervisor implementation of the new API.
	Allows 'virsh snapshot-list --tree' to be more efficient.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotGetParent): New
	function.

	snapshot: add virsh snapshot-list --tree
	Reuse the tree listing of nodedev-list, coupled with the new helper
	function to efficiently grab snapshot parent names, to produce
	tree output for a snapshot hierarchy.  For example:

	$ virsh snapshot-list dom --tree
	root1
	 |
	  +- sibling1
	  +- sibling2
	  |   |
	  |   +- grandchild
	  |
	  +- sibling3

	root2
	 |
	  +- child

	* tools/virsh.c (cmdSnapshotList): Add --tree.
	* tools/virsh.pod (snapshot-list): Document it.

	snapshot: refactor virsh snapshot parent computation
	Make parent computation reusable, using virDomainSnapshotGetParent
	when possible.

	* tools/virsh.c (vshGetSnapshotParent): New helper.
	(cmdSnapshotParent): Use it.

	snapshot: remote protocol for getparent
	Mostly straight-forward, although this is the first API that
	returns a new snapshot based on a snapshot rather than a domain.

	* src/remote/remote_protocol.x
	(REMOTE_PROC_DOMAIN_SNAPSHOT_GET_PARENT): New rpc.
	(remote_domain_snapshot_get_parent_args)
	(remote_domain_snapshot_get_parent_ret): New structs.
	* src/rpc/gendispatch.pl: Adjust generator.
	* src/remote/remote_driver.c (remote_driver): Use it.
	* src/remote_protocol-structs: Update.

	snapshot: new virDomainSnapshotGetParent API
	Although a client can already obtain a snapshot's parent by
	dumping and parsing the xml, then doing a snapshot lookup by
	name, it is more efficient to get the parent in one step, which
	in turn will make operations that must traverse a snapshot
	hierarchy easier to perform.

	* include/libvirt/libvirt.h.in (virDomainSnapshotGetParent):
	Declare.
	* src/libvirt.c (virDomainSnapshotGetParent): New function.
	* src/libvirt_public.syms: Export it.
	* src/driver.h (virDrvDomainSnapshotGetParent): New callback.

	docs: document node device XML
	Coupled with the recent virsh nodedev-* doc patch, this should now
	give a better picture of libvirt node device handling.

	* docs/formatnode.html.in: Fill in page.

	docs: document virsh nodedev-* commands
	This section of the man page was completely missing; I stumbled on
	it when I had no clue that I had to use nodedev-reattach after
	I was done playing with <hostdev> device passthrough to one of my
	guests.

	* tools/virsh.pod (NODEDEV COMMANDS): New section.
	(attach-device, detach-device): Add cross-references.

2011-09-28  Laine Stump  <laine@laine.org>

	security: properly chown/label bidirectional and unidirectional fifos
	This patch fixes the regression with using named pipes for qemu serial
	devices noted in:

	  https://bugzilla.redhat.com/show_bug.cgi?id=740478

	The problem was that, while new code in libvirt looks for a single
	bidirectional fifo of the name given in the config, then relabels that
	and continues without looking for / relabelling the two unidirectional
	fifos named ${name}.in and ${name}.out, qemu looks in the opposite
	order. So if the user had naively created all three fifos, libvirt
	would relabel the bidirectional fifo to allow qemu access, but qemu
	would attempt to use the two unidirectional fifos and fail (because it
	didn't have proper permissions/rights).

	This patch changes the order that libvirt looks for the fifos to match
	what qemu does - first it looks for the dual fifos, then it looks for
	the single bidirectional fifo. If it finds the dual unidirectional
	fifos first, it labels/chowns them and ignores any possible
	bidirectional fifo.

	(Note commit d37c6a3a (which first appeared in libvirt-0.9.2) added
	the code that checked for a bidirectional fifo. Prior to that commit,
	bidirectional fifos for serial devices didn't work because libvirt
	always required the ${name}.(in|out) fifos to exist, and qemu would
	always prefer those.

2011-09-28  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Preserve fakeReboot flag in domain status
	Thus, when libvirtd is restarted, it will know if a domain is supposed
	to be killed or reset when it shuts down.

	qemu: Finish domain shutdown on reconnect
	If a domain started with -no-shutdown shuts down while libvirtd is not
	running, it will be seen as paused when libvirtd reconnects to it. Use
	the paused reason to detect if a domain was stopped because of shutdown
	and finish the process just as if a SHUTDOWN event is delivered from
	qemu.

	qemu: Check domain status details when reconnecting monitor
	Current qemu is able to give us detailed domain status (not just if it
	is running or not) which we can translate into a status reason.

	qemu: Always remove domain object if MigratePrepare fails
	If migration failed in Prepare phase after virDomainAssignDef and before
	a job was started, the domain object was not properly removed.

2011-09-28  Jamie Strandboge  <jamie@canonical.com>

	fix AppArmor driver for pipe character devices
	The AppArmor security driver adds only the path specified in the domain
	XML for character devices of type 'pipe'. It should be using <path>.in
	and <path>.out. We do this by creating a new vah_add_file_chardev() and
	use it for char devices instead of vah_add_file(). Also adjust
	valid_path() to accept S_FIFO (since qemu chardevs of type 'pipe' use
	fifos). This is https://launchpad.net/bugs/832507

2011-09-28  Peter Krempa  <pkrempa@redhat.com>

	virsh: Allow using complete <capabilities> elements with cpu-baseline
	This patch cleans the cpu baseline function using new libvirt helper
	functions and fixes XPath expression that selects <cpu> elements from
	the source file, that can contain concatenated <capabilities> XMLs,
	domain XMLs and bare <cpu> elements. The fixed XPath expression ensures
	not to select NUMA <cpu id=... elements.

	This patch also removes vshRealloc function, that remained unused after
	cleaning up cpu-baseline.

	https://bugzilla.redhat.com/show_bug.cgi?id=731645

	virsh: Allow using domain and capabilities XMLs with cpu-compare
	This patch adds extraction of the <cpu> element from capabilities and
	domain definition XML documents to improve user experience.

	https://bugzilla.redhat.com/show_bug.cgi?id=731151

2011-09-28  Eric Blake  <eblake@redhat.com>

	snapshot: fix man page typos
	pod2man from perl-5.8.8 (RHEL 5) errors out on ill-formed POD:

	*** ERROR: unterminated I<...> at line 1114 in file virsh.pod
	*** ERROR: unterminated I<...> at line 1851 in file virsh.pod

	Newer pod2man appears to be more tolerant (which is a shame,
	because it meant that this error is harder to detect).

	* tools/virsh.pod (undefine, snapshot-current): Add missing >.

2011-09-27  Laine Stump  <laine@laine.org>

	qemu: add ability to set PCI device "rombar" on or off
	This patch was made in response to:

	  https://bugzilla.redhat.com/show_bug.cgi?id=738095

	In short, qemu's default for the rombar setting (which makes the
	firmware ROM of a PCI device visible/not on the guest) was previously
	0 (not visible), but they recently changed the default to 1
	(visible). Unfortunately, there are some PCI devices that fail in the
	guest when rombar is 1, so the setting must be exposed in libvirt to
	prevent a regression in behavior (it will still require explicitly
	setting <rom bar='off'/> in the guest XML).

	rombar is forced on/off by adding:

	  <rom bar='on|off'/>

	inside a <hostdev> element that defines a PCI device. It is currently
	ignored for all other types of devices.

	At the moment there is no clean method to determine whether or not the
	rombar option is supported by QEMU - this patch uses the advice of a
	QEMU developer to assume support for qemu-0.12+. There is currently a
	patch in the works to put this information in the output of "qemu-kvm
	-device pci-assign,?", but of course if we switch to keying off that,
	we would lose support for setting rombar on all the versions of qemu
	between 0.12 and whatever version gets that patch.

2011-09-27  Eric Blake  <eblake@redhat.com>

	spec: F15 still uses cgconfig, RHEL lacks hyperv
	Commit ecd8725c dropped attempts to probe the cgconfig service on
	new enough Fedora where systemd took over that aspect of the system,
	but mistakenly used F14 instead of F15 as the cutoff point.

	https://bugzilla.redhat.com/show_bug.cgi?id=741358

	Also, RHEL does not include HyperV support yet.

	* libvirt.spec.in (with_cgconfig): Check cgconfig service in F15.
	(%{?rhel}): Provide default for with_hyperv.

2011-09-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Relax -no-shutdown check to [0.14.0, 0.15.50)
	SIGTERM handling for -no-shutdown is already fixed in qemu git and
	libvirt can safely use it. The downside is that 0.15.50 version of qemu
	can be any qemu compiled from git, even that without the fix for
	SIGTERM. However, I think this patch is worth it since excluding 0.15.50
	from the check makes testing current qemu with libvirt much easier and
	someone running qemu from git should be able to rebuild fixed qemu from
	git if they hit the problem with a hang on shutdown.

	virsh: Better document --copy-storage migrate options
	Both --copy-storage-{all,inc} options require disk images to be present
	on destination host.

	virsh: Enhance documentation of commands starting jobs
	Some virsh commands start a (long-running) job that can be monitored
	using domjobinfo and aborted with domjobabort. Let's be explicit about
	this in virsh man page.

2011-09-27  Michal Privoznik  <mprivozn@redhat.com>

	virLockManagerNopInit: Rename flags to unused_flags
	As these might be not used and make syntax-check complains about checking
	them via virCheckFlags.

2011-09-27  Peter Krempa  <pkrempa@redhat.com>

	daemon: Don't remove pidfiles in init scripts
	Init scripts removed pid file of the daemon. Removing pid files may be
	harmful as new api for crash-safe pidfiles is used (introduced by
	c8a3a26).

2011-09-27  Michal Privoznik  <mprivozn@redhat.com>

	debug: Annotate some variables as unused
	as they are not used with debugging turned off.

2011-09-27  Osier Yang  <jyang@redhat.com>

	storage: Do not break the whole vol lookup process in the middle
	* src/storage/storage_driver.c: As virStorageVolLookupByPath lookups
	all the pool objs of the drivers, breaking when failing on getting
	the stable path of the pool will just breaks the whole lookup process,
	it can cause the API fails even if the vol exists indeed. It won't get
	any benefit. This patch is to fix it.

2011-09-24  Peter Krempa  <pkrempa@redhat.com>

	maint: update authors

2011-09-23  Oskari Saarenmaa  <os@ohmu.fi>

	Add unsafe cache mode support for disk driver
	QEMU 0.13 introduced cache=unsafe for -drive, this patch exposes
	it in the libvirt layer.

	  * Introduced a new QEMU capability flag ($prefix_CACHE_UNSAFE),
	    as even if $prefix_CACHE_V2 is set, we can't know if unsafe
	    is supported.

	  * Improved the reliability of qemu cache type detection.

2011-09-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix synchronous reading of stream data
	commit 984840a2c292402926ad100aeea33f8859ff31a9 removed the
	notification of waiting calls when VIR_NET_CONTINUE messages
	arrive. This was to fix the case of a virStreamAbort() call
	being prematurely notified of completion.

	The problem is that sometimes there are dummy calls from a
	virStreamRecv() call waiting that *do* need to be notified.

	These dummy calls should have a status VIR_NET_CONTINUE. So
	re-add the notification upon VIR_NET_CONTINUE, but only if
	the waiter also has a status of VIR_NET_CONTINUE.

	* src/rpc/virnetclient.c: Notify waiting call if stream data
	  arrives
	* src/rpc/virnetclientstream.c:  Mark dummy stream read packet
	  with status VIR_NET_CONTINUE

2011-09-23  Michal Privoznik  <mprivozn@redhat.com>

	selinux: Correctly report warning if virt_use_nfs not set
	Previous patch c9b37fee tried to deal with virt_use_nfs. But
	setfilecon() returns EOPNOTSUPP on NFS so we need to move the
	warning to else branch.

2011-09-23  Peter Krempa  <pkrempa@redhat.com>

	virsh: Improve virsh manual for virsh memtune command
	Commit 0a22f54 added --min-guarantee option for the memtune command.
	This option is supported only by the ESX hypervisor. This patch adds a
	statement about this fact, to prevent user confusion.

	This patch also adds explanation how to clear/set to unlimited the
	memory tunables. (documments the -1 value).

2011-09-22  Osier Yang  <jyang@redhat.com>

	virsh: Do not ignore the specified flags for cmdSaveImageDefine
	Introduced by commit 42c52d53c, which added the support for new
	flags, but forgot to update the API use to pass the flags.

2011-09-22  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Transfer inactive XML among cookie
	If a domain has inactive XML we want to transfer it to destination
	when migrating with VIR_MIGRATE_PERSIST_DEST. In order to harm
	the migration protocol as least as possible, a optional cookie was
	chosen.

2011-09-22  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.6

2011-09-22  Eric Blake  <eblake@redhat.com>

	snapshot: also delete empty directory
	The previous patch removed all snapshots, but not the directory
	where the snapshots lived, which is still a form of stale data.

	* src/qemu/qemu_domain.c (qemuDomainRemoveInactive): Wipe any
	snapshot directory.

	snapshot: remove snapshot metadata on transient exit
	Commit 282fe1f0 documented that transient domains will auto-delete
	any snapshot metadata when the last reference to the domain is
	removed, and that management apps are in charge of grabbing any
	snapshot metadata prior to that point.  However, this was not
	actually implemented for qemu until now.

	* src/qemu/qemu_driver.c (qemudDomainCreate)
	(qemuDomainDestroyFlags, qemuDomainSaveInternal)
	(qemudDomainCoreDump, qemuDomainRestoreFlags, qemudDomainDefine)
	(qemuDomainUndefineFlags, qemuDomainMigrateConfirm3)
	(qemuDomainRevertToSnapshot): Clean up snapshot metadata.
	* src/qemu/qemu_migration.c (qemuMigrationPrepareAny)
	(qemuMigrationPerformJob, qemuMigrationPerformPhase)
	(qemuMigrationFinish): Likewise.
	* src/qemu/qemu_process.c (qemuProcessHandleMonitorEOF)
	(qemuProcessReconnect, qemuProcessReconnectHelper)
	(qemuProcessAutoDestroyDom): Likewise.

	snapshot: prepare to remove transient snapshot metadata
	This patch is mostly code motion - moving some functions out
	of qemu_driver and into qemu_domain so they can be reused by
	multiple qemu_* files (since qemu_driver.h must not grow).
	It also adds a new helper function, qemuDomainRemoveInactive,
	which will be used in the next patch.

	* src/qemu/qemu_domain.h (qemuFindQemuImgBinary)
	(qemuDomainSnapshotWriteMetadata, qemuDomainSnapshotForEachQcow2)
	(qemuDomainSnapshotDiscard, qemuDomainSnapshotDiscardAll)
	(qemuDomainRemoveInactive): New prototypes.
	(struct qemu_snap_remove): New struct.
	* src/qemu/qemu_domain.c (qemuDomainRemoveInactive)
	(qemuDomainSnapshotDiscardAllMetadata): New functions.
	(qemuFindQemuImgBinary, qemuDomainSnapshotWriteMetadata)
	(qemuDomainSnapshotForEachQcow2, qemuDomainSnapshotDiscard)
	(qemuDomainSnapshotDiscardAll): Move here...
	* src/qemu/qemu_driver.c (qemuFindQemuImgBinary)
	(qemuDomainSnapshotWriteMetadata, qemuDomainSnapshotForEachQcow2)
	(qemuDomainSnapshotDiscard, qemuDomainSnapshotDiscardAll): ...from
	here.
	(qemuDomainUndefineFlags): Update caller.
	* src/conf/domain_conf.c (virDomainRemoveInactive): Doc fixes.

	snapshot: fix logic bug in qemu undefine
	Commit 19f8c98 introduced VIR_DOMAIN_UNDEFINE_SNAPSHOTS_METADATA,
	with the intent that omitting the flag makes undefine fail, and
	including the flag deletes metadata.  But it used the wrong logic.
	Also, hoist the transient domain sooner, so that we don't
	accidentally remove metadata of a transient domain.

	* src/qemu/qemu_driver.c (qemuDomainUndefineFlags): Check correct
	flag value.

	sanlock: fix memory leak
	Detected by Coverity.  The only way to get to error_unlink is if
	path was successfully assigned, so the if was useless.  Meanwhile,
	there was a return statement that did not free path.

	* src/locking/lock_driver_sanlock.c
	(virLockManagerSanlockSetupLockspace): Fix mem-leak, and drop
	useless if.

	virsh: fix regression in argv parsing
	Prior to commit 85d2810, we had an issue where:

	snapshot-create-as dom name --diskspec spec --diskspec spec

	failed to parse the second spec, because the first spec had marked
	that option as no longer requiring an argument.

	In commit 85d2810, I fixed it by making argv options no longer mark
	the option as seen.  But this in turn breaks mandatory argv options,
	which now complain that the argv option is missing.

	This patch reverts that part of 85d2810, and instead replaces it with
	fixes to no longer clear opts_need_arg of an argv argument.

	* tools/virsh.c (vshCmddefGetOption, vshCmddefGetData)
	(vshCommandParse): Fix option parsing for required argv option.
	(vshCmddefOptParse): Check that argv option is last.
	* tests/virsh-optparse: Enhance test.

2011-09-22  Osier Yang  <jyang@redhat.com>

	virsh: More friendly err if no pool is specified for looking up a vol
	There are 3 ways to lookup a volume, only virStorageVolLookupByName
	needs pool object. So if no --pool is specified, it will tries to
	get the volume via virStorageVolLookupByPath/virStorageVolLookupByKey.

	But if all 3 ways fails, and no --pool is specified, a friendly
	error might help the user get right way quickly.

	storage: Wait udev events are handled before removing lvm vol
	Related #BZ: https://bugzilla.redhat.com/show_bug.cgi?id=702260.

	There are two problems described in the BZ:
	1) "Can't remove open logical volume".
	2) "Unable to deactivate logical volume "foo""

	This patch just intends to fix 2), as 1) is expected if the vol
	is still used by something, and you never known if "lvchange -an"
	will fail or not either (sometime, it will succeed, sometimes not).
	We'd better not look for trouble, :-)

	For 2), that's caused by race between lvremove and udev event handling,
	the only workable way now is to wait the events handling are finished,
	though it might introduce latencies, as "udevadmin settle" exits
	after *all* events are handled, it's the only way we can fix
	the racing in libvirt layer.

	See https://bugzilla.redhat.com/show_bug.cgi?id=570359 for more
	details.

2011-09-22  Alex Jia  <ajia@redhat.com>

	qemu: avoid dereferencing a NULL pointer
	* src/qemu/qemu_process.c: Taking if (qemuDomainObjEndJob(driver, obj) == 0)
	  true branch then 'obj' is NULL, virDomainObjIsActive(obj) and
	  virDomainObjUnref(obj) will dereference NULL pointer.

2011-09-22  Oskari Saarenmaa  <os@ohmu.fi>

	tests: improve test failure diagnosis
	  * qemuhelptest prints test case name on failure.

2011-09-21  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid loop of fake reboots
	Once virDomainReboot is called for a domain, guest OS initiated shutdown
	would always result in reboot instead of shutdown. Only
	virDomainShutdown would actually shutd such domain down. That's because
	we forgot to reset fakeReboot flag once we asked the domain to reboot.

	qemu: Fix shutdown regression with buggy qemu
	The commit that prevents disk corruption on domain shutdown
	(96fc4784177ecb70357518fa863442455e45ad0e) causes regression with QEMU
	0.14.* and 0.15.* because of a regression bug in QEMU that was fixed
	only recently in QEMU git. The affected versions of QEMU do not quit on
	SIGTERM if started with -no-shutdown, which we use to implement fake
	reboot. Since -no-shutdown tells QEMU not to quit automatically on guest
	shutdown, domains started using the affected QEMU cannot be shutdown
	properly and stay in a paused state.

	This patch disables fake reboot feature on such QEMU by not using
	-no-shutdown, which makes shutdown work as expected. However,
	virDomainReboot will not work in this case and it will report "Requested
	operation is not valid: Reboot is not supported with this QEMU binary".

2011-09-21  Osier Yang  <jyang@redhat.com>

	API: prefer to use NULLSTR macro

2011-09-21  Eric Blake  <eblake@redhat.com>

	remote: fix crash on OOM
	Bug introduced in commit 675464b.  On an OOM, this would try to
	dereference a char* and free the contents as a pointer, which is
	doomed to failure.

	Adding a syntax check will prevent mistakes like this in the future.

	* cfg.mk (sc_prohibit_internal_functions): New syntax check.
	(exclude_file_name_regexp--sc_prohibit_internal_functions): Add
	exemptions.
	* daemon/remote.c (remoteRelayDomainEventIOError)
	(remoteRelayDomainEventIOErrorReason)
	(remoteRelayDomainEventGraphics, remoteRelayDomainEventBlockJob):
	Use correct free function.

	xen: use typical allocations
	The next patch will add a syntax check that flags this usage in xen
	as awkward - while it was valid memory management, it was very hard
	to maintain.  Swapping to a more traditional allocation may be a bit
	slower, but easier to understand.

	* src/xen/xend_internal.c (xenDaemonListDomainsOld): Use two-level
	allocation, rather than abusing allocation function.
	(xenDaemonLookupByUUID): Update caller.

2011-09-21  Osier Yang  <jyang@redhat.com>

	virsh: Remove useless codes of cmdVolPath
	Variable "name" is never used in the codes, it's useless.

2011-09-21  Eric Blake  <eblake@redhat.com>

	build: silence warning on 32-bit build
	gcc warns when building libvirt 0.9.5 on a 32-bit machine:

	qemu/qemu_migration.c: In function 'qemuMigrationToFile':
	qemu/qemu_migration.c:2727:38: error: large integer implicitly truncated to unsigned type [-Woverflow]

	* src/qemu/qemu_domain.h (QEMU_DOMAIN_FILE_MIG_BANDWIDTH_MAX): Cap
	to long when building for 32-bit platform.

2011-09-20  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.5
	* configure.ac docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: fetch updated translations from transifex and rebuilt

	Fix crash on events due to allocation errors
	remoteRelayDomainEventBlockJob, remoteRelayDomainEventIOError,
	remoteRelayDomainEventIOErrorReason and remoteRelayDomainEventGraphics
	were using const string directly in rpc structure, before calling
	remoteDispatchDomainEventSend(). But that routine now frees up all
	the pointed allocated memory from the rpc structure and we end up
	with a double free.
	This now strdup() all the strings passed and provide mem_error goto
	labels to be used when an allocation error occurs.
	Note that the cleanup isn't completely finished because all relaying
	function also call make_nonnull_domain() which also allocate a string
	and never handle the error case. This patches doesn't try to address
	this as this is only error correctness a priori and touches far more
	functions in this module:

	* daemon/remote.c: fix string allocations and memory error handling
	  for remoteRelayDomainEventBlockJob, remoteRelayDomainEventIOError,
	  remoteRelayDomainEventIOErrorReason and remoteRelayDomainEventGraphics

2011-09-20  Daniel P. Berrange  <berrange@redhat.com>

	Update to require sanlock 1.8 for license compliance
	Inexplicably the sanlock code all got placed under the GPLv2-only,
	so libvirt's use of sanlock introduces a license incompatibility.
	The sanlock developers have now rearranged the code such that there
	is a 'sanlock_client.so' which is LGPLv2+ while their daemon remains
	GPLv2-only. To use the new client library we need to call the new
	sanlock_init and sanlock_align APIs instead of sanlock_direct_init
	and sanlock_direct_align. These APIs calls are now routed via the
	sanlock daemon, instead of doing direct I/O calls to disk.

	For all this we require sanlock >= 1.8

	* configure.ac: Check for sanlock_client.so instead of sanlock.so
	  and fix various comments
	* libvirt.spec.in: Mandate sanlock >= 1.8
	* src/Makefile.am: Link to -lsanlock_client
	* src/locking/lock_driver_sanlock.c: Use sanlock_init and
	  sanlock_align

2011-09-20  Osier Yang  <jyang@redhat.com>

	conf: Assign newDef of active domain as persistent conf if it is NULL
	Libvirt loads the domain conf from status XML if it's running when
	starting up. The problem is there is no record of the original conf.
	(dom->newDef is NULL here).

	So libvirt won't be able to restore the domain conf to original one
	when destroying/shutdown. E.g.

	1) attach a device without "--persistent"
	2) restart libvirtd
	3) destroy domain
	4) start domain

	One will see the the disk still exists.

	This patch is to fix the peoblem by assigning persistent domain conf
	to dom->newDef if it's NULL and the domain is running.

	storage: Ensure the device path exists before refreshing disk pool
	Doing libvirt_parthelper on an not existed device path will get
	an unfriendly error message. This patch is to prohibit it.

	daemon: Error and exit if specified value for timeout is not valid
	Silently setting "timeout" as -1 if the specified value is invalid
	is a bit confused.

2011-09-20  Peter Krempa  <pkrempa@redhat.com>

	Remove devname identifier from autogenerated RPC code
	Patch 79cf07a missed one instance of "devname" in source for RPC code
	generator.

2011-09-20  Eric Blake  <eblake@redhat.com>

	virsh: tweak previous domblkstat patch
	Translators are likely to botch trailing spacing; by doing the
	formatting outside of the translation, we can generally get
	better alignment.  Also, for consistency, use 'bytes read' to
	match 'bytes written'.

	* tools/virsh.c (domblkstat_output): Drop trailing space. Tweak
	rd_bytes output.
	(cmdDomblkstat, DOMBLKSTAT_LEGACY_PRINT): Update formatting.

2011-09-20  Peter Krempa  <pkrempa@redhat.com>

	virsh: doc: Fix supported driver types for attach-disk command
	Virsh man page lists driver types to be used with attach-device
	command, but does not specify that those are usable only with the XEN
	Hypervisor.

	This patch adds statement, that those options specified are applicable
	only on the Xen hypervisor and adds option usable with qemu emulator.

	This patch also changes type of error returned by QEMU driver if the
	user specifies incompatible driver type from VIR_ERR_INTERNAL_ERROR to
	VIR_ERR_CONFIG_UNSUPPORTED.

2011-09-20  Eric Blake  <eblake@redhat.com>

	maint: Prefer names over email in 'git shortlog'
	Alex recently committed some patches with just an email instead
	of a preferred name; this fixes things so 'git shortlog' gives
	nicer output.

	* .mailmap: Update.

2011-09-20  Peter Krempa  <pkrempa@redhat.com>

	virsh: Add more human-friendly output of domblkstat command
	Users of virsh complain that output of the domblkstat command
	is not intuitive enough. This patch adds explanation of fields
	returned by this command to the help section for domblkstat and
	the man page of virsh. Also a switch --human is added for
	domblkstat that prints the fields with more descriptive
	texts.

	This patch also changes sequence of the output fields and their
	names back to the order and spelling established by previous
	versions of virsh to maintain compatibility with scripts.

	Example of ordered and "translated" output:

	PRE-patch:

	virsh # domblkstat 1 vda
	vda wr_bytes 5170176
	vda wr_operations 511
	vda rd_bytes 82815488
	vda rd_operations 3726

	POST-patch:

	virsh # domblkstat 1 vda
	vda rd_req 3726
	vda rd_bytes 82815488
	vda wr_req 478
	vda wr_bytes 4965376

	Example of human readable output:

	virsh # domblkstat 1 vda --human
	Device: vda
	 number of read operations:      3726
	 number of read bytes:           82815488
	 number of write operations:     478
	 number of bytes written:        4965376

	https://bugzilla.redhat.com/show_bug.cgi?id=731656

2011-09-20  ajia@redhat.com  <ajia@redhat.com>

	vmx: avoid memory leak
	* src/vmx/vmx.c: fix memory leak, 'def' has a initial value 'NULL', so
	  'goto cleanup' is perfected instead of adding a virConfFree before
	  'return NULL'.

	util: avoid memory leak
	Leak in pciGetVirtualFunctionIndex present since commit 17d64ca.

	* src/util/pci.c: fix memory leak.

	remote: avoid memory leak
	Leak present since introduction of remoteDomainBuildEventGraphics
	in commit 987e31e.

	* src/remote/remote_driver.c: fix memory leak.

	qemu: avoid memory leak
	Leak introduced in commit 036ad50, affects only error case.

	* src/qemu/qemu_command.c: fix memory leak.

	daemon: avoid memory leak
	Introduced in commit efa7fc9f.

	* daemon/remote.c: fix memory leak in remoteDispatchDomainBlockStatsFlags

2011-09-17  Eric Blake  <eblake@redhat.com>

	spec: silence warnings when installing in F16
	https://bugzilla.redhat.com/show_bug.cgi?id=738725 documents that
	'yum install libvirt' in Fedora 16 is rather noisy.  This fixes
	the problems.

	* libvirt.spec.in (%post client): Silence chkconfig warning about
	SysV services.
	(%post) [with_cgconfig]: Drop for Fedora 15 and newer, where
	systemd does this automatically.

	snapshot: allow disk snapshots of qcow2 disks
	For all types of disks other than qcow2, we were requesting that
	SELinux labeling visit the new file as if it were qcow2, which
	means labeling would try to find the backing files of an empty file.
	And for a pre-existing qcow2 disk, we were passing NULL, which meant
	that labelling tried to probe the file type (and if probing is
	disabled, per the default qemu.conf, this made snapshots fail).
	What we really want is to make SELinux labeling visit the new
	file as raw; it will later be converted to qcow2 if qemu successfully
	made the snapshot.

	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotCreateSingleDiskActive): Force SELinux labeling
	to avoid probe of new file.

	snapshot: affect persistent xml after disk snapshot
	For external snapshots to be useful on persistent domains, we must
	alter the persistent definition alongside the running definition.
	Thanks to the possibility of disk hotplug as well as of edits that
	only affect the persistent xml, we can't assume that vm->def and
	vm->newDef have the same disk at the same index, so we can only
	update the persistent copy if the device destination matches up.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateDiskActive)
	(qemuDomainSnapshotCreateSingleDiskActive): Also affect newDef, if
	present.

	build: work around lack of MacOS fdatasync
	Mingw lacks fsync, but gnulib provides that.  Meanwhile, gnulib does
	not (yet) provide fdatasync, so this is a quick hack to fake that
	function on MacOS X; we can revert this configure change once gnulib
	gives us a real module.

	We have been implicitly relying on gnulib's largefile module being
	pulled in by other modules, but it's better to make that explicit.

	* bootstrap.conf (gnulib_modules): Add fsync.  Make largefile use
	explicit.
	* configure.ac (AC_CHECK_FUNCS_ONCE): Check for fdatasync, and
	fake it with fsync when not present.

2011-09-17  Daniel P. Berrange  <berrange@redhat.com>

	Prevent crash from dlclose() of libvirt.so
	When libvirt calls virInitialize it creates a thread local
	for the virErrorPtr storage, and registers a callback to
	cleanup memory when a thread exits. When libvirt is dlclose()d
	or otherwise made non-resident, the callback function is
	removed from memory, but the thread local may still exist
	and if a thread later exists, it will invoke the callback
	and SEGV. There may also be other thread locals with callbacks
	pointing to libvirt code, so it is in general never safe to
	unload libvirt.so from memory once initialized.

	To allow dlclose() to succeed, but keep libvirt.so resident
	in memory, link with '-z nodelete'. This issue was first
	found with the libvirt CIM provider, but can potentially
	hit many of the dynamic language bindings which all ultimately
	involve dlopen() in some way, either on libvirt.so itself,
	or on the glue code for the binding which in turns links
	to libvirt

	* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
	  with -z nodelete
	* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
	  tests/shunloadtest.c: A test case to unload libvirt while
	  a thread is still running.

2011-09-17  Alex Jia  <ajia@redhat.com>

	qemu: add return value check
	* src/qemu/qemu_command.c: missing return value check.

2011-09-16  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Introduce shutdown reason for paused state
	Qemu sends STOP event as part of the shutdown process. Detect such STOP
	event and consider shutdown to be reason of emitting such event. That's
	the best we can do until qemu provides us the reason directly in STOP
	event. This allows us to report shutdown reason for paused state so that
	apps can detect domains that failed to finish the shutdown process
	(e.g., because qemu is buggy and doesn't exit on SIGTERM or it is
	blocked in flushing disk buffers).

	qemu: Prevent disk corruption on domain shutdown
	Ever since we introduced fake reboot, we call qemuProcessKill as a
	reaction to SHUTDOWN event. Unfortunately, qemu doesn't guarantee it
	flushed all internal buffers before sending SHUTDOWN, in which case
	killing the process forcibly may result in (virtual) disk corruption.

	By sending just SIGTERM without SIGKILL we give qemu time to to flush
	all buffers and exit. Once qemu exits, we will see an EOF on monitor
	connection and tear down the domain. In case qemu ignores SIGTERM or
	just hangs there, the process stays running but that's not any different
	from a possible hang anytime during the shutdown process so I think it's
	just fine.

	Also qemu (since 0.14 until it's fixed) has a bug in SIGTERM processing
	which causes it not to exit but instead send new SHUTDOWN event and keep
	waiting. I think the best we can do is to ignore duplicate SHUTDOWN
	events to avoid a SHUTDOWN-SIGTERM loop and leave the domain in paused
	state.

	qemu: Properly detect crash of a rebooted domain
	When a domain is rebooted using libvirt API, we use fake reboot
	consisting of shutting down and resetting the domain. Thus we see a
	SHUTDOWN event and set gotShutdown flag. But we never reset it back and
	if the domain crashes after it was rebooted this way, we consider it was
	a normal shutdown and not a crash.

	qemu: Fix shutoff reason when domain crashes
	Commit 4454a9efc728b91e791b1f14c26ea23a19d57f48 changed shutoff reason
	from VIR_DOMAIN_SHUTOFF_CRASHED to VIR_DOMAIN_SHUTOFF_FAILED in case we
	see an unexpected EOF on monitor connection. But FAILED reason is
	dedicated for domains that fail to start. CRASHED reason is the right
	one to use in this situation.

	python: Fix bindings generated in VPATH build

2011-09-16  Eric Blake  <eblake@redhat.com>

	Revert "virsh: Use old API if remote libvirtd does not support new"
	This reverts commit 799912fa05b8c3aa37bd04c57b196755f3f70552; now
	that the rpc regression is fixed, virsh no longer needs the special
	case here.

	rpc: convert unknown procedures to VIR_ERR_NO_SUPPORT
	Libvirt special-cases a specific VIR_ERR_RPC from the remote driver
	back into VIR_ERR_NO_SUPPORT on the client, so that clients can
	handle missing rpc functions the same whether the hypervisor driver
	is local or remote.  However, commit c1b22644 introduced a regression:
	VIR_FROM_THIS changed from VIR_FROM_REMOTE to VIR_FROM_RPC, so the
	special casing no longer works if the server uses the newer error
	domain.

	* src/rpc/virnetclientprogram.c
	(virNetClientProgramDispatchError): Also cater to 0.9.3 and newer.

2011-09-16  Stefan Berger  <stefanb@us.ibm.com>

	Fix buzzilla 738778
	This patch fixes the bug shown in bugzilla 738778. It's not an nwfilter problem but a connection sharing / closure issue.

	https://bugzilla.redhat.com/show_bug.cgi?id=738778

	Depending on the speed / #CPUs of the machine you are using you may not see this bug all the time.

2011-09-16  Alex Jia  <ajia@redhat.com>

	conf: avoid memory leak on virDomainDefParseXML
	* conf/domain_conf.c: allocate memory to def->redirdevs in
	  virDomainDefParseXML such as VIR_ALLOC_N(def->redirdevs, n),
	  however, virDomainDefFree(def) hasn't released these memory.

	* Detected in valgrind run:

	==19820== 209 (16 direct, 193 indirect) bytes in 1 blocks are definitely lost in loss record 25 of 26
	==19820==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==19820==    by 0x4A13AF: virAllocN (memory.c:129)
	==19820==    by 0x4D4A0E: virDomainDefParseXML (domain_conf.c:7258)
	==19820==    by 0x4D4C93: virDomainDefParseNode (domain_conf.c:7512)
	==19820==    by 0x4D562F: virDomainDefParse (domain_conf.c:7465)
	==19820==    by 0x415863: testCompareXMLToXMLFiles (qemuxml2xmltest.c:35)
	==19820==    by 0x415982: testCompareXMLToXMLHelper (qemuxml2xmltest.c:80)
	==19820==    by 0x416D31: virtTestRun (testutils.c:140)
	==19820==    by 0x415604: mymain (qemuxml2xmltest.c:192)
	==19820==    by 0x416437: virtTestMain (testutils.c:689)
	==19820==    by 0x3CA7A1ECDC: (below main) (in /lib64/libc-2.12.so)
	==19820==
	==19820== LEAK SUMMARY:
	==19820==    definitely lost: 16 bytes in 1 blocks
	==19820==    indirectly lost: 193 bytes in 5 blocks
	==19820==      possibly lost: 0 bytes in 0 blocks
	==19820==    still reachable: 1,054 bytes in 21 blocks

	* How to reproduce?
	% valgrind -v --leak-check=full ./tests/qemuxml2xmltest

2011-09-16  Peter Krempa  <pkrempa@redhat.com>

	build: storage: Macro 'MKFS' is undefined on some platforms.
	Mac OS X 10.6. Snow Leopard and probably other do not provide a mkfs
	command to create filesystems. Macro MKFS then remained undefined and
	did not provide any substitute, so that build failed on a missing
	argument.

	build: storage: Conditionaly compiled structure caused build fail on OSX
	Struct virStoragePoolProbeResult was compiled in conditionaly, but
	virStorageBackendFileSystemProbe used it unconditionaly. This patch
	exempts the struct from conditional include.

	Avoid using "devname" as an identifier.
	/usr/lib/stdlib.h in Mac OS X and probably also in BSD's
	exports this symbol :(

	doc: Add statment about permissions needed to do a core dump
	Documentation did not specify, that some permissions are required on
	target path for coredump for the user running the hypervisor.

	Diff to v1:
	- reword statements

2011-09-16  Eric Blake  <eblake@redhat.com>

	snapshot: tweak snapshot-create-as diskspec docs
	With this patch, it is hopefully a bit more obvious that for
	snapshot-create-as, a literal '--diskspec' is mandatory if name
	or description was omitted, but optional if all earlier options
	were provided.

	These all denote two diskspecs and a description:
	virsh snapshot-create-as dom name desc vda vdb
	virsh snapshot-create-as dom name desc --diskspec vda --diskspec vdb
	virsh snapshot-create-as dom name desc --diskspec vda vdb
	virsh snapshot-create-as dom name desc vda --diskspec vdb
	virsh snapshot-create-as dom --diskspec vda --diskspec vdb name desc

	This gives two diskspecs but no description:
	virsh snapshot-create-as dom name --diskspec vda --diskspec vdb

	And this treats 'vda' as the description, with only one diskspec:
	virsh snapshot-create-as dom name vda vdb

	The help output now shows:
	    snapshot-create-as <domain> [<name>] [<description>] [--print-xml] [--no-metadata] [--halt] [--disk-only] [[--diskspec] <string>]...

	I also checked the help output for echo and send-key, which are two
	other variants of argv commands.

	* tools/virsh.pod (snapshot-create-as): Document when a literal
	--diskspec must preceed a diskspec argument.
	* tools/virsh.c (vshCmddefHelp): Update help output for argv when
	naming the option is useful.
	(vshCmddefGetData): Fix logic on when argv was seen.
	* tests/virsh-optparse: Add tests to avoid regressions.

2011-09-16  Cole Robinson  <crobinso@redhat.com>

	python: Fix libvirt.py generation to include virterror info
	Recent generator refactoring broke libvirt.py. With this patch, libvirt.py
	is generated exactly the same as before offending commit 9eba0d25.

2011-09-16  Eric Blake  <eblake@redhat.com>

	qemu_api: doc improvements
	The new doc text had a few readability issues.  Also, the
	monitor command text copied a bit too much from the attach case.

	* src/libvirt-qemu.c (virDomainQemuMonitorCommand)
	(virDomainQemuAttach): Fix typos and grammar.

2011-09-16  Peter Krempa  <pkrempa@redhat.com>

	doc: virsh: Fix command name in man page
	Fix cut&paste error having command named domif-setlink instead of
	domif-getlink.

2011-09-15  Alex Jia  <ajia@redhat.com>

	sanlock: add missing test command in virt-sanlock-cleanup.in
	* tools/virt-sanlock-cleanup.in: fix missing test command when judging
	  second condition.

	https://bugzilla.redhat.com/show_bug.cgi?id=738534

2011-09-15  Michal Privoznik  <mprivozn@redhat.com>

	spec: Require augeas for sanlock
	Even though we BuildRequire augeas in some cases, we need to require
	it even after if we build with sanlock. virt-sanlock-cleanup use it.

2011-09-15  Jim Fehlig  <jfehlig@suse.com>

	Fix build after commit 829bce17
	Pushing under build-breaker rule.

2011-09-15  Jim Fehlig  <jfehlig@novell.com>

	Use max bandwidth from qemuDomainObjPrivate struct when migrating
	Adjust qemuMigrationRun() to use migMaxBandwidth in qemuDomainObjPrivate
	structure when setting qemu migration speed.  Caller-specified 'resource'
	parameter overrides migMaxBandwidth.

	Set qemu migration speed unlimited when migrating to file
	The qemu migration speed default is 32MiB/s as defined in migration.c

	/* Migration speed throttling */
	static int64_t max_throttle = (32 << 20);

	There's no need to throttle migration when targeting a file, so set migration
	speed to unlimited prior to migration, and restore to libvirt default value
	after migration.

	Default units is MB for migrate_set_speed monitor command, so
	(INT64_MAX / (1024 * 1024)) is used for unlimited migration speed.

	Tested with both json and text monitors.

	Save migration speed in qemuDomainMigrateSetMaxSpeed
	Now that migration speed is stored in qemuDomainObjPrivate structure,
	save the new value when invoking qemuDomainMigrateSetMaxSpeed().

	Allow setting migration speed on inactive domain too.

	Impl virDomainMigrateGetMaxSpeed in qemu driver

	Store max migration bandwidth in qemuDomainObjPrivate struct
	The maximum bandwidth that can be consumed when migrating a domain
	is better classified as an operational vs configuration parameter of
	the dommain.  As such, store this parameter in qemuDomainObjPrivate
	structure.

2011-09-15  Marc-André Lureau  <marcandre.lureau@gmail.com>

	conf: add missing break in virDomainAuditRedirdev
	Also initialize to NULL a few variables that might get
	free before being set.

2011-09-15  Eric Blake  <eblake@redhat.com>

	network: add missing exports
	Commit c246b025 added new functions, but forgot to export them,
	resulting in a build failure when using modules.

	* src/libvirt_private.syms (network.h): Export new functions.

2011-09-14  Eric Blake  <eblake@redhat.com>

	snapshot: ABI stability must include memory sizing
	Commit 973fcd8f introduced the ability for qemu to reject snapshot
	reversion on an ABI incompatibility; but the very example that was
	first proposed on-list[1] as a demonstration of an ABI incompatibility,
	namely that of changing the max memory allocation, was not being
	checked for, resulting in a cryptic failure when running with larger
	max mem than what the snapshot was created with:
	error: operation failed: Error -22 while loading VM state

	This commit merely protects the three variables within mem that are
	referenced by qemu_command.c, rather than all 7 (the other 4 variables
	affect cgroup handling, but as far as I can tell, have no visible effect
	to the qemu guest).  This also affects migration and save file handling,
	which are other places where we perform ABI compatibility checks.

	[1] https://www.redhat.com/archives/libvir-list/2010-December/msg00331.html

	* src/conf/domain_conf.c (virDomainDefCheckABIStability): Add
	memory sizing checks.

	maint: ignore generated files
	* .gitignore: Exempt recently added generated files.

2011-09-14  Peter Krempa  <pkrempa@redhat.com>

	xml: Clean up rest of virtual XML document names for XML strings
	Commit 498d783 cleans up some of virtual file names for parsing strings
	in memory. This patch cleans up (hopefuly) the rest forgotten by the
	first patch.

	This patch also changes all of the previously modified "filenames" to
	valid URI's replacing spaces for underscores.

	Changes to v1:
	- Replace all spaces for underscores, so that the strings form valid
	  URI's
	- Replace spaces in places changed by commit 498d783

2011-09-14  Daniel Veillard  <veillard@redhat.com>

	Remove two references to files not generated
	This was breaking "make dist"

2011-09-14  Peter Krempa  <pkrempa@redhat.com>

	make: Fix 'make syntax-check' failing.
	Commit 2a0d75e5 added file python/libvirt-qemu-override.c that contains
	code that does not pass "make syntax-check". This patch adds an
	exception for this file and the check.

	prohibit_always_true_header_tests
	python/libvirt-qemu-override.c:17:#undef HAVE_PTHREAD_H
	maint.mk: do not test the above HAVE_<header>_H symbol(s);
	  with the corresponding gnulib module, they are always true
	make: *** [sc_prohibit_always_true_header_tests] Error 1

2011-09-14  Osier Yang  <jyang@redhat.com>

	qemu_api: Update libvirt spec file

	qemu_api: Update Makefile to generate libvirtmod_qemu lib

	qemu_api: Update Py binding generator to generate files for QEMU APIs
	It will generate:
	  libvirt-qemu.py
	  libvirt-qemu.h
	  libvirt-qemu.c
	  libvirt-qemu-export.c

	qemu_api: Add override XML and C files for QEMU APIs
	There is only one function (virDomainQemuMonitorCommand) need to
	be hand-craft.

	qemu_api: Add comments for API virDomainQemuMonitorCommand
	And fix argument @pid's type of virDomainQemuAttach.

	qemu_api: Update Makefile for subdir docs

	qemu_api: Modify apibuild.py to generate docs for QEMU APIs
	The generated docs are: libvirt-qemu-api.xml, libvirt-qemu-refs.xml

2011-09-14  Peter Krempa  <pkrempa@redhat.com>

	virsh: Use old API if remote libvirtd does not support new
	Commit ffe28ab74b821c916ec4ba8efb5c992454e4bd24 introduced regression
	while communicating with older libvirtd command 'domblkstat' used the new
	API and did not check for VIR_ERR_RPC error code signalling the remote
	server does not support this API and did not fall back to older API.
	Thereafter 'domblkstat' ended with "error: unknown procedure: 243".

2011-09-13  Guannan Ren  <gren@redhat.com>

	snapshot: fix double free of qemuImgBinary
	Regression introduced in commit 3881a470, due to an improper rebase
	of a cleanup written beforehand but only applied after a rebased of
	a refactoring that created a new function in commit 25fb3ef.

	Also avoids passing NULL to printf %s.

	* src/qemu/qemu_driver.c: In qemuDomainSnapshotForEachQcow2()
	it free up the memory of qemu_driver->qemuImgBinary in the
	cleanup tag which leads to the garbage value of qemuImgBinary
	in qemu_driver struct and libvirtd crash when running
	"virsh snapshot-create" command a second time.

2011-09-13  Daniel Veillard  <veillard@redhat.com>

	Do not log invalid operations in libvirtd logs
	  This is a bit painful for example when starting virt-manager
	it tends to clutter libvirtd.log with invalid operation on cpu pinning
	for defined but not running domains. A priori those kind of errors
	don't indicate an error when executing the command but on a precondition
	for running the API, and honnestly while the application should report
	it, logging it as an error in libvirtd.log is not really useful,

	   Related bug: https://bugzilla.redhat.com/show_bug.cgi?id=590807

	* daemon/libvirtd.c: extend daemonErrorLogFilter() to filter out
	   errors of type VIR_ERR_OPERATION_INVALID

2011-09-09  Michal Privoznik  <mprivozn@redhat.com>

	virnetsocket: Pass KRB5CCNAME env variable
	So we can allow GSSAPI authentication for ssh.

	selinux: Detect virt_use_nfs boolean set
	If we fail setting label on a file and this file is on NFS share,
	it is wise to advise user to set virt_use_nfs selinux boolean
	variable.

2011-09-09  Philipp Hahn  <hahn@univention.de>

	Fix URL-escaping for domainDefine
	'+' in strings get translated to ' ' when editing domains.
	While xenDaemonDomainCreateXML() did URL-escape the sexpr,
	xenDaemonDomainDefineXML() did not.

	Remove the explicit urlencode() in xenDaemonDomainCreateXML() and add
	the direct encoding calls to xend_op_ext() because it calls xend_post()
	which uses "Content-Type: application/x-www-form-urlencoded". According
	to <http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4.1> this
	requires all parameters to be url-encoded as specified in rfc1738.

	Notice: virBufferAsprintf(..., "%s=%s", ...) is again replaced by three
	calls to virBufferURIEncodeString() and virBufferAddChar() because '='
	is a "reserved" character, which would get escaped by
	virBufferURIEncodeString(), which - by the way - escapes anything not
	c_isalnum().

2011-09-09  Peter Krempa  <pkrempa@redhat.com>

	xml: Change virtual file names of xml documents parsed in memory
	While parsing XML strings from memory, the previous convention in
	libvirt was to set the virtual file name to "domain.xml" or something
	similar. This could potentialy trick the user into looking for a file
	named domain.xml on the disk in an attempt to fix the error.

	This patch changes these filenames to something that can't be as easily
	confused for a valid filename.

	Examples of error messages:
	---------------------------
	Error while loading file from disk:

	15:07:59.015: 527: error : catchXMLError:709 : /path/to/domain.xml:1: StartTag: invalid element name
	<domain type='kvm'><
	--------------------^

	Error while parsing definition in memory:

	15:08:43.581: 525: error : catchXMLError:709 : (domain definition):2: error parsing attribute name
	  <name>vm1</name>
	--^

2011-09-08  Eric Blake  <eblake@redhat.com>

	snapshot: fix regression with system checkpoints
	Regression introduced in commit d6f6b2d194c.  Running
	'virsh snapshot-create dom' would mistakenly report that
	disks can only be specified for disk snapshots.

	* src/conf/domain_conf.c (virDomainSnapshotDefParseString): Only
	give error about no disk support when <disk> was found.

	maint: update to latest gnulib
	* .gnulib: Update to latest.

	snapshot: use new API for less work
	This has the added benefit of making 'snapshot-create dom --no-metadata'
	now able to tell you the name of the just-generated snapshot.

	* tools/virsh.c (vshSnapshotCreate, cmdSnapshotCurrent): Don't get
	XML just for name.

	snapshot: new APIs for inspecting snapshot object
	These functions access internals of the opaque object, and do
	not need any rpc counterpart.  It could be argued that we should
	have provided these when snapshot objects were first introduced,
	since all the other vir*Ptr objects have at least a GetName accessor.

	* include/libvirt/libvirt.h.in (virDomainSnapshotGetName)
	(virDomainSnapshotGetDomain, virDomainSnapshotGetConnect): Declare.
	* src/libvirt.c (virDomainSnapshotGetName)
	(virDomainSnapshotGetDomain, virDomainSnapshotGetConnect): New
	functions.
	* src/libvirt_public.syms: Export them.

2011-09-08  Soren Hansen  <soren@linux2go.dk>

	Don't treat pci_system_init failure as fatal if no PCI bus is present
	Xen PV domU's have no PCI bus. node_device_udev.c calls pci_system_init
	which looks for /sys/bus/pci. If it does not find /sys/bus/pci (which it
	won't in a Xen PV domU) it returns unsuccesfully (ENOENT), which libvirt
	considers fatal. This makes libvirt unusable in this environment, even
	though there are plenty of valid virtualisation options that work
	there (LXC, UML, and QEmu spring to mind)

	https://bugzilla.redhat.com/show_bug.cgi?id=709471

2011-09-08  Alex Jia  <ajia@redhat.com>

	doc: fix incorrect option in send-key
	* tools/virsh.pod: fix a option typo of send-key section.

	virsh: fix typo in opts_send_key
	* tools/virsh.c: millseconds should be milliseconds in opts_send_key.

	rpc: avoid memory leak on virNetTLSContextValidCertificate
	* src/rpc/virnettlscontext.c: fix memory leak on
	  virNetTLSContextValidCertificate.

	* Detected in valgrind run:

	==25667==
	==25667== 6,085 (44 direct, 6,041 indirect) bytes in 1 blocks are definitely
	lost in loss record 326 of 351
	==25667==    at 0x4005447: calloc (vg_replace_malloc.c:467)
	==25667==    by 0x4F2791F3: _asn1_add_node_only (structure.c:53)
	==25667==    by 0x4F27997A: _asn1_copy_structure3 (structure.c:421)
	==25667==    by 0x4F276A50: _asn1_append_sequence_set (element.c:144)
	==25667==    by 0x4F2743FF: asn1_der_decoding (decoding.c:1194)
	==25667==    by 0x4F22B9CC: gnutls_x509_crt_import (x509.c:229)
	==25667==    by 0x805274B: virNetTLSContextCheckCertificate
	(virnettlscontext.c:1009)
	==25667==    by 0x804DE32: testTLSSessionInit (virnettlscontexttest.c:693)
	==25667==    by 0x804F14D: virtTestRun (testutils.c:140)
	==25667==
	==25667== 23,188 (88 direct, 23,100 indirect) bytes in 11 blocks are definitely
	lost in loss record 346 of 351
	==25667==    at 0x4005447: calloc (vg_replace_malloc.c:467)
	==25667==    by 0x4F22B841: gnutls_x509_crt_init (x509.c:50)
	==25667==    by 0x805272B: virNetTLSContextCheckCertificate
	(virnettlscontext.c:1003)
	==25667==    by 0x804DDD1: testTLSSessionInit (virnettlscontexttest.c:673)
	==25667==    by 0x804F14D: virtTestRun (testutils.c:140)

	* How to reproduce?
	% cd libvirt && ./configure && make && make -C tests valgrind
	or
	% valgrind -v --leak-check=full ./tests/virnettlscontexttest

	tests: avoid memory leak on testTLSSessionInit
	* tests/virnettlscontexttest: fix memory leak on virnettlscontext test case.

	* Detected in valgrind run:

	==25667==
	==25667== 86,651 (34,680 direct, 51,971 indirect) bytes in 10 blocks are
	definitely lost in loss record 350 of 351
	==25667==    at 0x4005447: calloc (vg_replace_malloc.c:467)
	==25667==    by 0x4F1F515D: gnutls_init (gnutls_state.c:270)
	==25667==    by 0x8053432: virNetTLSSessionNew (virnettlscontext.c:1181)
	==25667==    by 0x804DD24: testTLSSessionInit (virnettlscontexttest.c:624)
	==25667==    by 0x804F14D: virtTestRun (testutils.c:140)
	==25667==
	==25667== 100,578 (38,148 direct, 62,430 indirect) bytes in 11 blocks are
	definitely lost in loss record 351 of 351
	==25667==    at 0x4005447: calloc (vg_replace_malloc.c:467)
	==25667==    by 0x4F1F515D: gnutls_init (gnutls_state.c:270)
	==25667==    by 0x8053432: virNetTLSSessionNew (virnettlscontext.c:1181)
	==25667==    by 0x804DD3C: testTLSSessionInit (virnettlscontexttest.c:625)
	==25667==    by 0x804F14D: virtTestRun (testutils.c:140)

	* How to reproduce?
	% cd libvirt && ./configure && make && make -C tests valgrind
	or
	% valgrind -v --leak-check=full ./tests/virnettlscontexttest

	libxl: avoid a dereference of a null pointer
	Variable 'l_disk' initialized to a null pointer value, control jumps to 'case
	VIR_DOMAIN_DISK_DEVICE_DISK and then taking false branch, Within the expansion
	of the macro 'libxlError': Field access results in a dereference of a null
	pointer (loaded from variable 'l_disk').

	* src/libxl/libxl_driver.c: Field access results in a dereference of a null
	  pointer (loaded from variable 'l_disk')

2011-09-08  Eric Blake  <eblake@redhat.com>

	blockinfo: fix qemu regression in handling disk name
	Regression introduced in commit 89b6284fd, due to an incorrect
	conversion to the new means of converting disk names back to
	the correct object.

	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Avoid NULL deref.

2011-09-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix managed object lookup with optional occurrence
	Exit early if managed object is not found, instead of dereferencing
	a NULL pointer and triggering a segfault.

2011-09-07  Michal Privoznik  <mprivozn@redhat.com>

	Threadpool: Initialize new dynamic workers
	Although we were initializing worker threads during pool creating,
	we missed this during virThreadPoolSendJob. This bug led to segmenation
	fault as worker thread free() given argument.

2011-09-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	mingw: Don't use interface as an identifier
	Because it's a define used in MSCOM and its usage as
	identifier results in a compile error.

2011-09-06  Peter Krempa  <pkrempa@redhat.com>

	link-state: virsh: Add wrapper commands for changing link state
	Two new commands are added to virsh that wrap usage of
	virDomainUpdateDeviceFlags for changing link state of domain's network
	interfaces. These wrappers extract network devices's xml configuration
	and modify the link state for easy manipulation from an user's perspective.

	 - domif-setlink - set link state of a domains virtual network interface
	 - domif-getlink - get link state

	* tools/virsh.c   - Add functionality to virsh
	* tools/virsh.pod - Manpage documentation

	link-state: qemu: Add net intf modification to virUpdateDeviceFlags
	This patch enables modifying network device configuration using the
	virUpdateDeviceFlags API method. Matching of devices is accomplished
	using MAC addresses.

	While updating live configuration of a running domain, the user is
	allowed only to change link state of the interface. Additional
	modifications may be added later. For now the code checks for
	unsupported changes and thereafter changes the link state, if
	applicable.

	When updating persistent configuration of guest's network interface the
	whole configuration (except for the MAC address) may be modified and
	is stored for the next startup.

	* src/qemu/qemu_driver.c   - Add dispatching of virUpdateDevice for
	                             network devices update (live/config)
	* src/qemu/qemu_hotplug.c  - add setting of initial link state on live
	                             device addition
	                           - add function to change network device
	                             configuration. By now it supports only
	                             changing of link state
	* src/qemu/qemu_hotplug.h  - Headers to above functions
	* src/qemu/qemu_process.c  - set link states before virtual machine
	                             start. Qemu does not support setting of
	                             this on the command line.

	link-state: qemu: Add monitor handling for link state modification
	This patch adds handlers for modification of guest's interface
	link state. Both HMP and QMP commands are supported, but as the
	link state functionality is from the beginning supported in QMP
	the HMP code will probably never be used.

	link-state: conf: Add element to XML for controling link state
	A new element is introduced to XML that allows to control
	state of virtual network interfaces in hypervisors.

	Live modification of the link state allows networking tools
	propagate topology changes to guest OS or testing of
	scenarios in complex (virtual) networks.

	This patch adds elements to XML grammars and parsing and generating
	code.

	link-state: util: Add equality comparison functions for structures
	This patch adds functions to compare structures containing network
	device configuration for equality. They serve for the purpose of
	disallowing unsupported changes to live network devices.

	XML: Improve XML parsing error messages
	This patch modifies error handling function for the XML parser provided
	by libxml2.

	Originaly only a line number and error message were logged. With this
	new error handler function, the user is provided with a more complex
	description of the parsing error.

	Context of the error is printed in libXML2 style and filename of the
	file, that caused the error is printed. Example of an parse error:

	13:41:36.262: 16032: error : catchXMLError:706 :
	/etc/libvirt/qemu/rh_bad.xml:58: Opening and ending tag mismatch: name
	line 2 and domain
	</domain>
	---------^

	Context of the error gives the user hints that may help to quickly
	locate a corrupt xml file.

	fixes BZs:
	----------
	Bug 708735 - [RFE] Show column and line on XML parsing error
	https://bugzilla.redhat.com/show_bug.cgi?id=708735

	Bug 726771 - libvirt does not specify problem file if persistent xml is
	invalid
	https://bugzilla.redhat.com/show_bug.cgi?id=726771

2011-09-06  Marc-André Lureau  <marcandre.lureau@redhat.com>

	redirdev: allows to specify device address
	It is important to be able to attach USB redirected devices to a
	particular controller (one that supports USB2 for instance).
	Without this patch, only the default bus was used.

	     <redirdev bus='usb' type='spicevmc'>
	       <address type='usb' bus='0' port='4'/>
	     </redirdev>

2011-09-06  Daniel Veillard  <veillard@redhat.com>

	latency: fix make check for remote protocol structs and numbers

2011-09-06  Osier Yang  <jyang@redhat.com>

	latency: Update virsh command domblkstat to use new API
	The modified function fallbacks to use virDomainBlockStats if
	virDomainBlockStatsFlags is not supported by the hypervisor driver.
	If the new API is supported, it will be invoked instead of the
	old API.

	latency: Expose the new API for Python binding

	latency: Implemente internal API for qemu driver

	latency: Update monitor functions for new latency fields
	The mainly changes are:

	1) Update qemuMonitorGetBlockStatsInfo and it's children (Text/JSON)
	   functions to return the value of new latency fields.
	2) Add new function qemuMonitorGetBlockStatsParamsNumber, which is
	   to count how many parameters the underlying QEMU supports.
	3) Update virDomainBlockStats in src/qemu/qemu_driver.c to be
	   compatible with the changes by 1).

	latency: Wire up the remote protocol

	latency: Implemente the public API

	latency: Define the internal driver callback

	latency: Define new public API and structure

2011-09-06  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Deal with stucked qemu on daemon startup
	If libvirt daemon gets restarted and there is (at least) one
	unresponsive qemu, the startup procedure hangs up. This patch creates
	one thread per vm in which we try to reconnect to monitor. Therefore,
	blocking in one thread will not affect other APIs.

	qemu: Introduce job queue size limit
	This patch creates an optional BeginJob queue size limit. When
	active, all other attempts above level will fail. To set this
	feature assign desired value to max_queued variable in qemu.conf.
	Setting it to 0 turns it off.

	daemon: Create priority workers pool
	This patch annotates APIs with low or high priority.
	In low set MUST be all APIs which might eventually access monitor
	(and thus block indefinitely). Other APIs may be marked as high
	priority. However, some must be (e.g. domainDestroy).

	For high priority calls (HPC), there are some high priority workers
	(HPW) created in the pool. HPW can execute only HPC, although normal
	worker can process any call regardless priority. Therefore, only those
	APIs which are guaranteed to end in reasonable small amount of time
	can be marked as HPC.

	The size of this HPC pool is static, because HPC are expected to end
	quickly, therefore jobs assigned to this pool will be served quickly.
	It can be configured in libvirtd.conf via prio_workers variable.
	Default is set to 5.

	To mark API with low or high priority, append priority:{low|high} to
	it's comment in src/remote/remote_protocol.x. This is similar to
	autogen|skipgen. If not marked, the generator assumes low as default.

2011-09-05  Eric Blake  <eblake@redhat.com>

	snapshot: use SELinux and lock manager with external snapshots
	With this, it is now possible to create external snapshots even
	when SELinux is enforcing, and to protect the new file with a
	lock manager.

	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotCreateSingleDiskActive): Create and register
	new file with proper permissions and locks.
	(qemuDomainSnapshotCreateDiskActive): Update caller.

	snapshot: wire up live qemu disk snapshots
	Lots of earlier patches led up to this point - the qemu snapshot_blkdev
	monitor command can now be controlled by libvirt!  Well, insofar as
	SELinux doesn't prevent qemu from open(O_CREAT) on the files.  There's
	still some followup work before things work with SELinux enforcing,
	but this patch is big enough to post now.

	There's still room for other improvements, too (for example, taking a
	disk snapshot of an inactive domain, by using qemu-img for both internal
	and external snapshots; wiring up delete and revert control, including
	additional flags from my RFC; supporting active QED disk snapshots;
	supporting per-storage-volume snapshots such as LVM or btrfs snapshots;
	etc.).  But this patch is the one that proves the new XML works!

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Wire in
	active disk snapshots.
	(qemuDomainSnapshotDiskPrepare)
	(qemuDomainSnapshotCreateDiskActive)
	(qemuDomainSnapshotCreateSingleDiskActive): New functions.

	snapshot: wire up new qemu monitor command
	No one uses this yet, but it will be important once
	virDomainSnapshotCreateXML learns a VIR_DOMAIN_SNAPSHOT_DISK_ONLY
	flag, and the xml allows passing in the new file names.

	* src/qemu/qemu_monitor.h (qemuMonitorDiskSnapshot): New prototype.
	* src/qemu/qemu_monitor_text.h (qemuMonitorTextDiskSnapshot):
	Likewise.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDiskSnapshot):
	Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorDiskSnapshot): New
	function.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDiskSnapshot):
	Likewise.

	snapshot: make it possible to audit external snapshot
	Snapshots alter the set of disk image files opened by qemu, so
	they must be audited.  But they don't involve a full disk definition
	structure, just the new filename.  Make the next patch easier by
	refactoring the audit routines to just operate on file name.

	* src/conf/domain_audit.h (virDomainAuditDisk): Update prototype.
	* src/conf/domain_audit.c (virDomainAuditDisk): Act on strings,
	not definition structures.
	(virDomainAuditStart): Update caller.
	* src/qemu/qemu_hotplug.c (qemuDomainChangeEjectableMedia)
	(qemuDomainAttachPciDiskDevice, qemuDomainAttachSCSIDisk)
	(qemuDomainAttachUsbMassstorageDevice)
	(qemuDomainDetachPciDiskDevice, qemuDomainDetachDiskDevice):
	Likewise.

	snapshot: reject unimplemented disk snapshot features
	My RFC for snapshot support [1] proposes several rules for when it is
	safe to delete or revert to an external snapshot, predicated on
	the existence of new API flags.  These will be incrementally added
	in future patches, but until then, blindly mishandling a disk
	snapshot risks corrupting internal state, so it is better to
	outright reject the attempts until the other pieces are in place,
	thus incrementally relaxing the restrictions added in this patch.

	[1] https://www.redhat.com/archives/libvir-list/2011-August/msg00361.html

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCountExternal): New
	function.
	(qemuDomainUndefineFlags, qemuDomainSnapshotDelete): Use it to add
	safety valve.
	(qemuDomainRevertToSnapshot, qemuDomainSnapshotCreateXML): Add safety
	valve.

	snapshot: wire up disk-only flag to snapshot-create
	Expose the disk-only flag through virsh.  Additionally, make
	virsh snapshot-create-as take an arbitrary number of diskspecs,
	which can be used to build up the xml for <domainsnapshot>.

	* tools/virsh.c (cmdSnapshotCreate): Add --disk-only.
	(cmdSnapshotCreateAs): Likewise, and add argv diskspec.
	(vshParseSnapshotDiskspec): New helper function.
	(vshCmddefGetOption): Allow naming of argv field.
	* tools/virsh.pod (snapshot-create, snapshot-create-as): Document
	them.
	* tests/virsh-optparse: Test snapshot-create-as parsing.

	snapshot: add flag for requesting disk snapshot
	Prior to this patch, <domainsnapshot>/<disks> was ignored.  This
	changes it to be an error unless an explicit disk snapshot is
	requested (a future patch may relax things if it turns out to
	be useful to have a <disks> specification alongside a system
	checkpoint).

	* include/libvirt/libvirt.h.in
	(VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY): New flag.
	* src/libvirt.c (virDomainSnapshotCreateXML): Document it.
	* src/esx/esx_driver.c (esxDomainSnapshotCreateXML): Disk
	snapshots not supported yet.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Likewise.

	snapshot: add virsh domblklist command
	This adds a convenience function to virsh that parses out block
	information from the domain xml, making it much easier to see
	what strings can be used in all other contexts that demand a
	specific block name, especially when given the previous patch
	that allows using either target or unique source name.

	As an example on a domain with one disk and an empty cdrom drive:

	Target     Source
	-------------------------------------------
	vda        /var/lib/libvirt/images/fedora_12.img
	hdc        -

	* tools/virsh.c (cmdDomblklist): New function.
	* tools/virsh.pod (domblklist): Document it.

	snapshot: also support disks by path
	I got confused when 'virsh domblkinfo dom disk' required the
	path to a disk (which can be ambiguous, since a single file
	can back multiple disks), rather than the unambiguous target
	device name that I was using in disk snapshots.  So, in true
	developer fashion, I went for the best of both worlds - all
	interfaces that operate on a disk (aka block) now accept
	either the target name or the unambiguous path to the backing
	file used by the disk.

	* src/conf/domain_conf.h (virDomainDiskIndexByName): Add
	parameter.
	(virDomainDiskPathByName): New prototype.
	* src/libvirt_private.syms (domain_conf.h): Export it.
	* src/conf/domain_conf.c (virDomainDiskIndexByName): Also allow
	searching by path, and decide whether ambiguity is okay.
	(virDomainDiskPathByName): New function.
	(virDomainDiskRemoveByName, virDomainSnapshotAlignDisks): Update
	callers.
	* src/qemu/qemu_driver.c (qemudDomainBlockPeek)
	(qemuDomainAttachDeviceConfig, qemuDomainUpdateDeviceConfig)
	(qemuDomainGetBlockInfo, qemuDiskPathToAlias): Likewise.
	* src/qemu/qemu_process.c (qemuProcessFindDomainDiskByPath):
	Likewise.
	* src/libxl/libxl_driver.c (libxlDomainAttachDeviceDiskLive)
	(libxlDomainDetachDeviceDiskLive, libxlDomainAttachDeviceConfig)
	(libxlDomainUpdateDeviceConfig): Likewise.
	* src/uml/uml_driver.c (umlDomainBlockPeek): Likewise.
	* src/xen/xend_internal.c (xenDaemonDomainBlockPeek): Likewise.
	* docs/formatsnapshot.html.in: Update documentation.
	* tools/virsh.pod (domblkstat, domblkinfo): Likewise.
	* docs/schemas/domaincommon.rng (diskTarget): Tighten pattern on
	disk targets.
	* docs/schemas/domainsnapshot.rng (disksnapshot): Update to match.
	* tests/domainsnapshotxml2xmlin/disk_snapshot.xml: Update test.

	snapshot: add <disks> to snapshot xml
	Adds an optional element to <domainsnapshot>, which will be used
	to give user control over external snapshot filenames on input,
	and specify generated filenames on output.

	For now, no driver accepts this element; that will come later.

	<domainsnapshot>
	  ...
	  <disks>
	    <disk name='vda' snapshot='no'/>
	    <disk name='vdb' snapshot='internal'/>
	    <disk name='vdc' snapshot='external'>
	      <driver type='qcow2'/>
	      <source file='/path/to/new'/>
	    </disk>
	  </disks>
	  <domain>
	    ...
	    <devices>
	      <disk ...>
	        <driver name='qemu' type='raw'/>
	        <target dev='vdc'/>
	        <source file='/path/to/old'/>
	      </disk>
	    </devices>
	  </domain>
	</domainsnapshot>

	* src/conf/domain_conf.h (_virDomainSnapshotDiskDef): New type.
	(_virDomainSnapshotDef): Add new elements.
	(virDomainSnapshotAlignDisks): New prototype.
	* src/conf/domain_conf.c (virDomainSnapshotDiskDefClear)
	(virDomainSnapshotDiskDefParseXML, disksorter)
	(virDomainSnapshotAlignDisks): New functions.
	(virDomainSnapshotDefParseString): Parse new fields.
	(virDomainSnapshotDefFree): Clean them up.
	(virDomainSnapshotDefFormat): Output them.
	* src/libvirt_private.syms (domain_conf.h): Export new function.
	* docs/schemas/domainsnapshot.rng (domainsnapshot, disksnapshot):
	Add more xml.
	* docs/formatsnapshot.html.in: Document it.
	* tests/domainsnapshotxml2xmlin/disk_snapshot.xml: New test.
	* tests/domainsnapshotxml2xmlout/disk_snapshot.xml: Update.

	snapshot: support extra state in snapshots
	In order to distinguish disk snapshots from system checkpoints, a
	new state value that is only valid for snapshots is helpful.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_LAST): New placeholder.
	* src/conf/domain_conf.h (virDomainSnapshotState): New enum mapping.
	(VIR_DOMAIN_DISK_SNAPSHOT): New internal enum value.
	* src/conf/domain_conf.c (virDomainState): Use placeholder.
	(virDomainSnapshotState): Extend mapping by one for use in snapshot.
	(virDomainSnapshotDefParseString, virDomainSnapshotDefFormat):
	Handle new state.
	(virDomainObjSetState, virDomainStateReasonToString)
	(virDomainStateReasonFromString): Avoid compiler warnings.
	* tools/virsh.c (vshDomainState, vshDomainStateReasonToString):
	Likewise.
	* src/libvirt_private.syms (domain_conf.h): Export new functions.
	* docs/schemas/domainsnapshot.rng: Tighten state definition.
	* docs/formatsnapshot.html.in: Document it.
	* tests/domainsnapshotxml2xmlout/disk_snapshot.xml: New test.

	snapshot: expose halt-after-creation in virsh
	Easy enough to emulate even with older servers.

	* tools/virsh.c (cmdSnapshotCreate, cmdSnapshotCreateAs): Add
	--halt flag.
	(vshSnapshotCreate): Emulate halt when flag is unsupported.
	* tools/virsh.pod (snapshot-create, snapshot-create-as): Document
	it.

	snapshot: allow halting after snapshot
	Since a snapshot is fully recoverable, it is useful to have a
	snapshot as a means of hibernating a guest, then reverting to
	the snapshot to wake the guest up.  This mode of usage is
	similar to 'virsh save/virsh restore', except that virsh
	save uses an external file while virsh snapshot keeps the
	vm state internal to a qcow2 file.  However, it only works on
	persistent domains.

	In the usage pattern of snapshot/revert for hibernating a guest,
	there is no need to keep the guest running between the two points
	in time, especially since that would generate runtime state that
	would just be discarded.  Add a flag to make it possible to
	stop the domain after the snapshot has completed.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SNAPSHOT_CREATE_HALT):
	New flag.
	* src/libvirt.c (virDomainSnapshotCreateXML): Document it.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML)
	(qemuDomainSnapshotCreateActive): Implement it.

	snapshot: expose new delete flag in virsh
	It would technically be possible to have virsh compute the list
	of descendants of a given snapshot, then delete those one at
	a time.  But it's complex, and not worth writing for a first
	cut at implementing the new flags.

	* tools/virsh.c (cmdSnapshotDelete): Add --children-only,
	--metadata.
	* tools/virsh.pod (snapshot-delete): Document them.

	snapshot: introduce new deletion flag
	Reverting to a state prior to an external snapshot risks
	corrupting any other branches in the snapshot hierarchy that
	were using the snapshot as a read-only backing file.  So
	disk snapshot code will default to preventing reverting to
	a snapshot that has any children, meaning that deleting just
	the children of a snapshot becomes a useful operation in
	preparing that snapshot for being a future reversion target.
	The code for the new flag is simple - it's one less deletion,
	plus a tweak to keep the current snapshot correct.

	* include/libvirt/libvirt.h.in
	(VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN_ONLY): New flag.
	* src/libvirt.c (virDomainSnapshotDelete): Document it, and
	enforce mutual exclusion.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotDelete): Implement
	it.

	snapshot: reject transient disks where code is not ready
	The previous patch introduced new config, but if a hypervisor does
	not support that new config, someone can write XML that does not
	behave as documented.  This prevents some of those cases by
	explicitly rejecting transient disks for several hypervisors.

	Disk snapshots will require a new flag to actually affect a snapshot
	creation, so there's not much to reject there.

	* src/qemu/qemu_command.c (qemuBuildDriveStr): Reject transient
	disks for now.
	* src/libxl/libxl_conf.c (libxlMakeDisk): Likewise.
	* src/xenxs/xen_sxpr.c (xenFormatSxprDisk): Likewise.
	* src/xenxs/xen_xm.c (xenFormatXMDisk): Likewise.

	snapshot: additions to domain xml for disks
	As discussed here:
	https://www.redhat.com/archives/libvir-list/2011-August/msg00361.html
	https://www.redhat.com/archives/libvir-list/2011-August/msg00552.html

	Adds snapshot attribute and transient sub-element:

	<devices>
	  <disk type=... snapshot='no|internal|external'>
	    ...
	    <transient/>
	  </disk>
	</devices>

	* docs/schemas/domaincommon.rng (snapshot): New define.
	(disk): Add snapshot and persistent attributes.
	* docs/formatdomain.html.in: Document them.
	* src/conf/domain_conf.h (virDomainDiskSnapshot): New enum.
	(_virDomainDiskDef): New fields.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-transient.xml: New
	test of rng, no args counterpart until qemu support is complete.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-snapshot.args: New
	file, snapshot attribute does not affect args.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-snapshot.xml: Likewise.
	* tests/qemuxml2argvtest.c (mymain): Run new test.

2011-09-05  Lei Li  <lilei@linux.vnet.ibm.com>

	Check for source conflicts in storage pools
	Fix bug #611823 storage driver should prohibit pools with duplicate
	underlying storage.

	Add internal API virStoragePoolSourceFindDuplicate() to do uniqueness
	check based on source location infomation for pool type.

	* AUTHORS: add Lei Li

2011-09-05  Marc-André Lureau  <marcandre.lureau@redhat.com>

	Add a usb1 & usb2 qemuxml2argv test

	Default USB device is on slot 1 function 2
	Fix qemuAssignDevicePCISlots() and the associated regression tests

	PIIX3 USB controller is on function 2
	Current code reserves slot 1 function 2 even if there is a user
	defined PIIX3 USB controller there.

2011-09-05  Philipp Hahn  <hahn@univention.de>

	Fix localtime handling for Xen-PV domains
	At least Xen-3.4.3 translates the /vm/localtime SXPR value to
	/domain/platform/localtime and /domain/image/{linux,hvm}/localtime when
	the domain is defined.  When reading back that information libvirt only
	handles HVM domains, but not PV domains: This results in libvirtd always
	returning
	    <clock offset="utc"/>
	while Xend used (localtime 1).

	For PV domains use /domain/image/linux/localtime.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: store qemu domain details in xml
	When reverting to a snapshot, the inactive domain configuration
	has to be rolled back to what it was at the time of the snapshot.
	Additionally, if the VM is active and the snapshot was active,
	this now adds a failure if the two configurations are ABI
	incompatible, rather than risking qemu confusion.

	A future patch will add a VIR_DOMAIN_SNAPSHOT_FORCE flag, which
	will be required for two risky code paths - reverting to an
	older snapshot that lacked full domain information, and reverting
	from running to a live snapshot that requires starting a new qemu
	process.  Any reverting that stops a running vm is also a form
	of data loss (discarding the current running state to go back in
	time), but as that is what reversion usually implies, it is
	probably not worth requiring a force flag.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Copy out
	domain.
	(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot): Perform
	ABI compatibility checks.

	snapshot: update rng to support full domain in xml
	This patch will probably cause merge conflicts to those trying
	to do backports.  The end goal is simple - domaincommon.rng
	should be the state of domain.rng pre-patch, with a few lines
	tweaked in the header, while domain.rng post-patch is now just
	a shell that includes domaincommon.rng and sets the <start>.

	* docs/schemas/domain.rng: Move guts...
	* docs/schemas/domaincommon.rng: ...to new file.
	* docs/schemas/domainsnapshot.rng: Allow new xml.
	* docs/schemas/Makefile.am (schema_DATA): Distribute new file.
	* tests/domainsnapshotxml2xmlout/full_domain.xml: New test.
	* libvirt.spec.in (%files client): Ship new file.  Sort lines.
	* mingw32-libvirt.spec.in: Likewise.

	snapshot: correctly escape generated xml
	Commit 69278878 fixed one direction of arbitrarily-named snapshots,
	but not the round trip path.  While auditing domain_conf, I found
	a couple other instances that weren't escaping arbitrary strings.

	* src/conf/domain_conf.c (virDomainFSDefFormat)
	(virDomainGraphicsListenDefFormat, virDomainSnapshotDefFormat):
	Escape arbitrary strings.

	snapshot: allow full domain xml in snapshot
	Just like VM saved state images (virsh save), snapshots MUST
	track the inactive domain xml to detect any ABI incompatibilities.

	The indentation is not perfect, but functionality comes before form.

	Later patches will actually supply a full domain; for now, this
	wires up the storage to support one, but doesn't ever generate one
	in dumpxml output.

	Happily, libvirt.c was already rejecting use of VIR_DOMAIN_XML_SECURE
	from read-only connections, even though before this patch, there was
	no information to be secured by the use of that flag.

	And while we're at it, mark the libvirt snapshot metadata files
	as internal-use only.

	* src/libvirt.c (virDomainSnapshotGetXMLDesc): Document flag.
	* src/conf/domain_conf.h (_virDomainSnapshotDef): Add member.
	(virDomainSnapshotDefParseString, virDomainSnapshotDefFormat):
	Update signature.
	* src/conf/domain_conf.c (virDomainSnapshotDefFree): Clean up.
	(virDomainSnapshotDefParseString): Optionally parse domain.
	(virDomainSnapshotDefFormat): Output full domain.
	* src/esx/esx_driver.c (esxDomainSnapshotCreateXML)
	(esxDomainSnapshotGetXMLDesc): Update callers.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML)
	(vboxDomainSnapshotGetXMLDesc): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML)
	(qemuDomainSnapshotLoad, qemuDomainSnapshotGetXMLDesc)
	(qemuDomainSnapshotWriteMetadata): Likewise.
	* docs/formatsnapshot.html.in: Rework doc example.
	Based on a patch by Philipp Hahn.

	snapshot: refactor domain xml output
	Minor semantic change - allow domain xml to be generated in place
	within a larger buffer, rather than having to go through a
	temporary string.

	* src/conf/domain_conf.c (virDomainDefFormatInternal): Add
	parameter.
	(virDomainDefFormat, virDomainObjFormat): Update callers.

	snapshot: prevent migration from stranding snapshot data
	Migration is another case of stranding metadata.  And since
	snapshot metadata is arbitrarily large, there's no way to
	shoehorn it into the migration cookie of migration v3.

	This patch consolidates two existing locations for migration
	validation into one helper function, then enhances that function
	to also do the new checks.  If we could always trust the source
	to validate migration, then the destination would not have to
	do anything; but since older servers that did not do checking
	can migrate to newer destinations, we have to repeat some of
	the same checks on the destination; meanwhile, we want to
	detect failures as soon as possible.  With migration v2, this
	means that validation will reject things at Prepare on the
	destination if the XML exposes the problem, otherwise at Perform
	on the source; with migration v3, this means that validation
	will reject things at Begin on the source, or if the source
	is old and the XML exposes the problem, then at Prepare on the
	destination.

	This patch is necessarily over-strict.  Once a later patch
	properly handles auto-cleanup of snapshot metadata on the
	death of a transient domain, then the only time we actually
	need snapshots to prevent migration is when using the
	--undefinesource flag on a persistent source domain.

	It is possible to recreate snapshot metadata on the destination
	with VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE and
	VIR_DOMAIN_SNAPSHOT_CREATE_CURRENT.  But for now, that is limited,
	since if we delete the snapshot metadata prior to migration,
	then we won't know the name of the current snapshot to pass
	along; and if we delete the snapshot metadata after migration
	and use the v3 migration cookie to pass along the name of the
	current snapshot, then we need a way to bypass the fact that
	this patch refuses migration with snapshot metadata present.

	So eventually, we may have to introduce migration protocol v4
	that allows feature negotiation and an arbitrary number of
	handshake exchanges, so as to pass as many rpc calls as needed
	to transfer all the snapshot xml hierarchy.

	But all of that is thoughts for the future; for now, the best
	course of action is to quit early, rather than get into a
	funky state of stale metadata; then relax restrictions later.

	* src/qemu/qemu_migration.h (qemuMigrationIsAllowed): Make static.
	* src/qemu/qemu_migration.c (qemuMigrationIsAllowed): Alter
	signature, and allow checks for both outgoing and incoming.
	(qemuMigrationBegin, qemuMigrationPrepareAny)
	(qemuMigrationPerformJob): Update callers.

	snapshot: support new undefine flags in qemu
	A nice benefit of deleting all snapshots at undefine time is that
	you don't have to do any reparenting or subtree identification - since
	everything goes, this is an O(n) process, whereas using multiple
	virDomainSnapshotDelete calls would be O(n^2) or worse.  But it is
	only doable for snapshot metadata, where we are in control of the
	data being deleted; for the actual snapshots, there's too much
	likelihood of something going wrong, and requiring even more API
	calls to figure out what failed in the meantime, so callers are
	better off deleting the snapshot data themselves one snapshot at
	a time where they can deal with failures as they happen.

	* src/qemu/qemu_driver.c (qemuDomainUndefineFlags): Honor new flags.

	snapshot: cache qemu-img location
	As more clients start to want to know this information, doing
	a PATH stat walk and malloc for every client adds up.

	We are only caching the location, not the capabilities, so even
	if qemu-img is updated in the meantime, it will still probably
	live in the same location.  So there is no need to worry about
	clearing this particular cache.

	* src/qemu/qemu_conf.h (qemud_driver): Add member.
	* src/qemu/qemu_driver.c (qemudShutdown): Cleanup.
	(qemuFindQemuImgBinary): Add an argument, and cache result.
	(qemuDomainSnapshotForEachQcow2, qemuDomainSnapshotDiscard)
	(qemuDomainSnapshotCreateInactive, qemuDomainSnapshotRevertInactive)
	(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot): Update
	callers.

	snapshot: refactor some qemu code
	Prepare for code sharing.  No semantic change.

	* src/qemu/qemu_driver.c (qemuFindQemuImgBinary)
	(qemuDomainSnapshotWriteMetadata)
	(qemuDomainSnapshotDiscard)
	(qemuDomainSnapshotForEachQcow2): Float up.
	(qemuDomainSnapshotDiscardDescendant): Likewise, and rename...
	(qemuDomainSnapshotDiscardAll): ...for generic use.
	(qemuDomainSnapshotDelete): Update caller.

	snapshot: teach virsh about new undefine flags
	Similar to 'undefine --managed-save' (commit 83e849c1), we must
	assume that the old API is unsafe; however, we cannot emulate
	metadata-only deletion on older servers.  Additionally, we have
	the wrinkle that while virDomainUndefineFlags and managed save
	cleanup were introduced in 0.9.4, it wasn't until 0.9.5 that
	snapshots block undefine of a domain.  Do the best we can given
	the server we are talking to.

	* tools/virsh.c (cmdUndefine): Add --snapshots-metadata flag.
	* tools/virsh.pod (undefine, destroy, shutdown): Document effect
	of snapshots.

	snapshot: prevent stranding snapshot data on domain destruction
	Just as leaving managed save metadata behind can cause problems
	when creating a new domain that happens to collide with the name
	of the just-deleted domain, the same is true of leaving any
	snapshot metadata behind.  For safety sake, extend the semantic
	change of commit b26a9fa9 to also cover snapshot metadata as a
	reason to reject undefining an inactive domain.  A future patch
	will make sure that shutdown of a transient domain automatically
	deletes snapshot metadata (whether by destroy, shutdown, or
	guest-initiated action).  Management apps of transient domains
	should take care to capture xml of snapshots, if it is necessary
	to recreate the snapshot metadata on a later transient domain
	with the same name and uuid.

	This also documents a new flag that hypervisors can choose to
	support as a shortcut for taking care of the metadata as part of
	the undefine process; however, nontrivial driver support for these
	flags will be deferred to future patches.

	Note that ESX and VBox can never be transient; therefore, they
	do not have to worry about automatic cleanup after shutdown
	(the persistent domain still remains); likewise they never
	store snapshot metadata, so the undefine flag is trivial.
	The nontrivial work remaining is thus in the qemu driver.

	* include/libvirt/libvirt.h.in
	(VIR_DOMAIN_UNDEFINE_SNAPSHOTS_METADATA): New flag.
	* src/libvirt.c (virDomainUndefine, virDomainUndefineFlags):
	Document new limitations and flag.
	* src/esx/esx_driver.c (esxDomainUndefineFlags): Trivial
	implementation.
	* src/vbox/vbox_tmpl.c (vboxDomainUndefineFlags): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainUndefineFlags): Enforce
	the limitations.

	snapshot: add qemu snapshot redefine support
	Redefining a qemu snapshot requires a bit of a tweak to the common
	snapshot parsing code, but the end result is quite nice.

	Be careful that redefinitions do not introduce circular parent
	chains.  Also, we don't want to allow conversion between online
	and offline existing snapshots.  We could probably do some more
	validation for snapshots that don't already exist to make sure
	they are even feasible, by parsing qemu-img output, but that
	can come later.

	* src/conf/domain_conf.h (virDomainSnapshotParseFlags): New
	internal flags.
	* src/conf/domain_conf.c (virDomainSnapshotDefParseString): Alter
	signature to take internal flags.
	* src/esx/esx_driver.c (esxDomainSnapshotCreateXML): Update caller.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Support
	new public flags.

	snapshot: add qemu snapshot creation without metadata
	Supporting NO_METADATA on snapshot creation is interesting - we must
	still return a valid opaque snapshot object, but the user can't get
	anything out of it (unless we add a virDomainSnapshotGetName()),
	since it is no longer registered with the domain.

	Also, virsh now tries to query for secure xml, in anticipation of
	when we store <domain> xml inside <domainsnapshot>; for now, we
	can trivially support it, since we have nothing secure.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Support
	new flag.
	(qemuDomainSnapshotGetXMLDesc): Trivially support VIR_DOMAIN_XML_SECURE.

	snapshot: improve virsh snapshot-create, add snapshot-edit
	Wire up the new snapshot creation flags in virsh.  For convenience,
	teach 'snapshot-current' how to make an existing snapshot become
	current (can be used after upgrading to newer libvirt to recover
	from the fact that the older libvirt lost track of the current
	snapshot after a restart).  The snapshot-create-as command is
	intentionally not taught --redefine or --current, as this would
	imply adding a lot of other options for everything else that can
	appear in the <domainsnapshot> xml, but which is normally read-only.
	Besides, redefining will usually be done on files created by
	snapshot-dumpxml, rather than something built up by hand on the
	command line.  And now that we can redefine, we can edit.

	* tools/virsh.c (cmdSnapshotCreate): Add --redefine, --current,
	and --no-metadata.
	(cmdSnapshotCreateAs): Add --no-metadata.
	(cmdSnapshotCurrent): Add snapshotname to alter current snapshot.
	(cmdSnapshotEdit): New command.
	* tools/virsh.pod (snapshot-create, snapshot-create-as)
	(snapshot-current, snapshot-edit):  Document these.

	snapshot: refactor virsh snapshot creation
	The next patch will make snapshot creation more complex, so it's
	better to avoid repetition of the complexity.

	* tools/virsh.c (vshSnapshotCreate): New helper function.
	(cmdSnapshotCreate, cmdSnapshotCreateAs): Use it.

	snapshot: allow recreation of metadata
	The first two flags are essential for being able to replicate
	snapshot hierarchies across multiple hosts, which will come in
	handy for supervised migrations.  It also allows a management app
	to take a snapshot of a transient domain, save the metadata, stop
	the domain, recreate a new transient domain by the same name,
	redefine the snapshot, then revert to it.

	This is not quite as convenient as leaving the metadata behind
	after a domain is no longer around, but doing that has a few
	problems: 1. the libvirt API can only delete snapshot metadata
	if there is a valid domain handle to use to get to that snapshot
	object - if stale data is left behind without a domain, there is
	no way to request that the data be cleaned up. 2. creating a new
	domain with the same name but different uuid than the older
	domain where a snapshot existed cannot use the older snapshot
	data; this risks confusing libvirt, and forbidding the stale
	data is similar to the recent patch to forbid stale managed save.

	The first two flags might be useful on hypervisors with no metadata,
	but only for modifying the notion of the current snapshot;
	however, I don't know how to do that for ESX or VBox.

	The third flag is a convenience option, to combine a creation with
	a delete metadata into one step.  It is trivial for hypervisors
	with no metadata.

	The qemu changes will be involved enough to warrant a separate patch.

	* include/libvirt/libvirt.h.in
	(VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE)
	(VIR_DOMAIN_SNAPSHOT_CREATE_CURRENT)
	(VIR_DOMAIN_SNAPSHOT_CREATE_NO_METADATA): New flags.
	* src/libvirt.c (virDomainSnapshotCreateXML): Document them, and
	enforce mutual exclusion.
	* src/esx/esx_driver.c (esxDomainSnapshotCreateXML): Trivial
	implementation.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML): Likewise.
	* docs/formatsnapshot.html.in: Document re-creation.

	snapshot: identify qemu snapshot roots
	Filtering for roots is pretty easy to do.

	* src/conf/domain_conf.h (virDomainSnapshotObjListGetNames)
	(virDomainSnapshotObjListNum): Update prototype.
	* src/conf/domain_conf.c (virDomainSnapshotObjListCopyNames)
	(virDomainSnapshotObjListGetNames, virDomainSnapshotObjListCount)
	(virDomainSnapshotObjListNum): Support filtering.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotNum)
	(qemuDomainSnapshotListNames): Update callers.

	snapshot: reflect new dumpxml and list options in virsh
	New flag bits are worth exposing via virsh.  In the case of
	snapshot-list --roots, it's possible to emulate this even when
	talking to an older server that lacks the bit; whereas
	--metadata requires a newer server.

	Although we don't use --security-info yet, the flag is already
	documented for other dumpxml operations, and turning it on now
	will make it useful when a future patch actually has to honor it.

	* tools/virsh.c (cmdSnapshotDumpXML, cmdSnapshotCurrent): Add
	--security-info.
	(cmdSnapshotList): Add --roots, --metadata.
	* tools/virsh.pod (snapshot-dumpxml, snapshot-current)
	(snapshot-list): Document these.

	snapshot: identify which snapshots have metadata
	To make it easier to know when undefine will fail because of existing
	snapshot metadata, we need to know how many snapshots have metadata.

	Also, it is handy to filter the list of snapshots to just those that
	have no parents; document that flag now, but implement it in later patches.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SNAPSHOT_LIST_ROOTS)
	(VIR_DOMAIN_SNAPSHOT_LIST_METADATA): New flags.
	* src/libvirt.c (virDomainSnapshotNum)
	(virDomainSnapshotListNames): Document them.
	* src/esx/esx_driver.c (esxDomainSnapshotNum)
	(esxDomainSnapshotListNames): Implement trivial flag.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotNum)
	(vboxDomainSnapshotListNames): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotNum)
	(qemuDomainSnapshotListNames): Likewise.

	snapshot: let qemu discard only snapshot metadata
	Adding this was trivial compared to the previous patch for fixing
	qemu snapshot deletion in the first place.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotDiscard): Add
	parameter.
	(qemuDomainSnapshotDiscardDescendant, qemuDomainSnapshotDelete):
	Update callers.

	snapshot: allow deletion of just snapshot metadata
	A future patch will make it impossible to remove a domain if it
	would leave behind any libvirt-tracked metadata about snapshots,
	since stale metadata interferes with a new domain by the same name.
	But requiring snaphot contents to be deleted before removing a
	domain is harsh; with qemu, qemu-img can still make use of the
	contents after the libvirt domain is gone.  Therefore, we need
	an option to get rid of libvirt tracking information, but not
	the actual contents.  For hypervisors that do not track any
	metadata in libvirt, the implementation is trivial; all remaining
	hypervisors (really, just qemu) will be dealt with separately.

	* include/libvirt/libvirt.h.in
	(VIR_DOMAIN_SNAPSHOT_DELETE_METADATA_ONLY): New flag.
	* src/libvirt.c (virDomainSnapshotDelete): Document it.
	* src/esx/esx_driver.c (esxDomainSnapshotDelete): Trivially
	supported when there is no libvirt metadata.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotDelete): Likewise.

	snapshot: simplify acting on just children
	Similar to the last patch in isolating the filtering from the
	client actions, so that clients don't have to reinvent the
	filtering.

	* src/conf/domain_conf.h (virDomainSnapshotForEachChild): New
	prototype.
	* src/libvirt_private.syms (domain_conf.h): Export it.
	* src/conf/domain_conf.c (virDomainSnapshotActOnChild)
	(virDomainSnapshotForEachChild): New functions.
	(virDomainSnapshotCountChildren): Delete.
	(virDomainSnapshotHasChildren): Simplify.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotReparentChildren)
	(qemuDomainSnapshotDelete): Likewise.

	snapshot: track current domain across deletion of children
	Deleting a snapshot and all its descendants had problems with
	tracking the current snapshot.  The deletion does not necessarily
	proceed in depth-first order, so a parent could be deleted
	before a child, wreaking havoc on passing the notion of the
	current snapshot to the parent.  Furthermore, even if traversal
	were depth-first, doing multiple file writes to pass current up
	the chain one snapshot at a time is wasteful, comparing to a
	single update to the current snapshot at the end of the algorithm.

	* src/qemu/qemu_driver.c (snap_remove): Add field.
	(qemuDomainSnapshotDiscard): Add parameter.
	(qemuDomainSnapshotDiscardDescendant): Adjust accordingly.
	(qemuDomainSnapshotDelete): Properly reset current.

	snapshot: avoid crash when deleting qemu snapshots
	This one's nasty.  Ever since we fixed virHashForEach to prevent
	nested hash iterations for safety reasons (commit fba550f6),
	virDomainSnapshotDelete with VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN
	has been broken for qemu: it deletes children, while leaving
	grandchildren intact but pointing to a no-longer-present parent.
	But even before then, the code would often appear to succeed to
	clean up grandchildren, but risked memory corruption if you have
	a large and deep hierarchy of snapshots.

	For acting on just children, a single virHashForEach is sufficient.
	But for acting on an entire subtree, it requires iteration; and
	since we declared recursion as invalid, we have to switch to a
	while loop.  Doing this correctly requires quite a bit of overhaul,
	so I added a new helper function to isolate the algorithm from the
	actions, so that callers do not have to reinvent the iteration.

	Note that this _still_ does not handle CHILDREN correctly if one
	of the children is the current snapshot; that will be next.

	* src/conf/domain_conf.h (_virDomainSnapshotDef): Add mark.
	(virDomainSnapshotForEachDescendant): New prototype.
	* src/libvirt_private.syms (domain_conf.h): Export it.
	* src/conf/domain_conf.c (virDomainSnapshotMarkDescendant)
	(virDomainSnapshotActOnDescendant)
	(virDomainSnapshotForEachDescendant): New functions.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotDiscardChildren):
	Replace...
	(qemuDomainSnapshotDiscardDescenent): ...with callback that
	doesn't nest hash traversal.
	(qemuDomainSnapshotDelete): Use new function.

	snapshot: speed up snapshot location
	Each snapshot lookup was iterating over the entire hash table, O(n),
	instead of honing in directly on the hash key, amortized O(1).

	Besides, fixing this means that virDomainSnapshotFindByName can now
	be used inside another virHashForeach iteration (without this patch,
	attempts to lookup a snapshot by name during a hash iteration will
	fail due to nested iteration).

	* src/conf/domain_conf.c (virDomainSnapshotFindByName): Simplify.
	(virDomainSnapshotObjListSearchName): Delete unused function.

	snapshot: add snapshot-list --parent to virsh
	Even though I recently added 'virsh snapshot-parent', doing it one
	snapshot at a time is painful, so make it possible to expand the
	snapshot-list table at once.

	* tools/virsh.c (cmdSnapshotList): Add --parent.
	* tools/virsh.pod (snapshot-list): Document it.

	snapshot: fine-tune qemu snapshot revert states
	For a system checkpoint of a running or paused domain, it's fairly
	easy to honor new flags for altering which state to use after the
	revert.  For an inactive snapshot, the revert has to be done while
	there is no qemu process, so do back-to-back transitions; this also
	lets us revert to inactive snapshots even for transient domains.

	* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Support new
	flags.

	snapshot: properly revert qemu to offline snapshots
	Commit 5e47785 broke reverts to offline system checkpoint snapshots
	with older qemu, since there is no longer any code path to use
	qemu -loadvm on next boot.  Meanwhile, reverts to offline system
	checkpoints have been broken for newer qemu, both before and
	after that commit, since -loadvm no longer works to revert to
	disk state without accompanying vm state.  Fix both of these by
	using qemu-img to revert disk state.

	Meanwhile, consolidate the (now 3) clients of a qemu-img iteration
	over all disks of a VM into one function, so that any future
	algorithmic fixes to the FIXMEs in that function after partial
	loop iterations are dealt with at once.  That does mean that this
	patch doesn't handle partial reverts very well, but we're not
	making the situation any worse in this patch.

	* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Use
	qemu-img rather than 'qemu -loadvm' to revert to offline snapshot.
	(qemuDomainSnapshotRevertInactive): New helper.
	(qemuDomainSnapshotCreateInactive): Factor guts...
	(qemuDomainSnapshotForEachQcow2): ...into new helper.
	(qemuDomainSnapshotDiscard): Use it.

	snapshot: improve reverting to qemu paused snapshots
	If you take a checkpoint snapshot of a running domain, then pause
	qemu, then restore the snapshot, the result should be a running
	domain, but the code was leaving things paused.  Furthermore, if
	you take a checkpoint of a paused domain, then run, then restore,
	there was a brief but non-deterministic window of time where the
	domain was running rather than paused.  Fix both of these
	discrepancies by always pausing before restoring.

	Also, check that the VM is active every time lock is dropped
	between two monitor calls.

	Finally, straighten out the events that get emitted on each
	transition.

	* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Always
	pause before reversion, and improve events.

	snapshot: fine-tune qemu saved images starting paused
	Implement the new running/paused overrides for saved state management.

	Unfortunately, for virDomainSaveImageDefineXML, the saved state
	updates are write-only - I don't know of any way to expose a way
	to query the current run/pause setting of an existing save image
	file to the user without adding a new API or modifying the domain
	xml of virDomainSaveImageGetXMLDesc to include a new element to
	reflect the state bit encoded into the save image.  However, I
	don't think this is a show-stopper, since the API is designed to
	leave the state bit alone unless an explicit flag is used to
	change it.

	* src/qemu/qemu_driver.c (qemuDomainSaveInternal)
	(qemuDomainSaveImageOpen): Adjust signature.
	(qemuDomainSaveFlags, qemuDomainManagedSave)
	(qemuDomainRestoreFlags, qemuDomainSaveImageGetXMLDesc)
	(qemuDomainSaveImageDefineXML, qemuDomainObjRestore): Adjust
	callers.

	snapshot: expose --running and --paused in virsh
	Pretty straight-forward exposure of new flags.  For most commands,
	we let the API reject mutually exclusive flags; but for save-image-edit,
	we do the sanity check ourselves to avoid looping on flag failure if
	the edit cycle is ever enhanced to allow the user to retry an edit
	to fix up an xml validation error.

	* tools/virsh.c (cmdManagedSave, cmdRestore, cmdSave)
	(cmdSaveImageDefine, cmdSaveImageEdit): Add new flags.
	* tools/virsh.pod (managedsave, restore, save, save-image-define)
	(save-image-edit): Document them.

	snapshot: fine-tune ability to start paused
	While it is nice that snapshots and saved images remember whether
	the domain was running or paused, sometimes the restoration phase
	wants to guarantee a particular state (paused to allow hot-plugging,
	or running without needing to call resume).  This introduces new
	flags to allow the control, and a later patch will implement the
	flags for qemu.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SAVE_RUNNING)
	(VIR_DOMAIN_SAVE_PAUSED, VIR_DOMAIN_SNAPSHOT_REVERT_RUNNING)
	(VIR_DOMAIN_SNAPSHOT_REVERT_PAUSED): New flags.
	* src/libvirt.c (virDomainSaveFlags, virDomainRestoreFlags)
	(virDomainManagedSave, virDomainSaveImageDefineXML)
	(virDomainRevertToSnapshot): Document their use, and enforce
	mutual exclusion.

	snapshot: better events when starting paused
	There are two classes of management apps that track events - one
	that only cares about on/off (and only needs to track EVENT_STARTED
	and EVENT_STOPPED), and one that cares about paused/running (also
	tracks EVENT_SUSPENDED/EVENT_RESUMED).  To keep both classes happy,
	any transition that can go from inactive to paused must emit two
	back-to-back events - one for started and one for suspended (since
	later resuming of the domain will only send RESUMED, but the first
	class isn't tracking that).

	This also fixes a bug where virDomainCreateWithFlags with the
	VIR_DOMAIN_START_PAUSED flag failed to start paused when restoring
	from a managed save image.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_EVENT_SUSPENDED_RESTORED)
	(VIR_DOMAIN_EVENT_SUSPENDED_FROM_SNAPSHOT)
	(VIR_DOMAIN_EVENT_RESUMED_FROM_SNAPSHOT): New sub-events.
	* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Use them.
	(qemuDomainSaveImageStartVM): Likewise, and add parameter.
	(qemudDomainCreate, qemuDomainObjStart): Send suspended event when
	starting paused.
	(qemuDomainObjRestore): Add parameter.
	(qemuDomainObjStart, qemuDomainRestoreFlags): Update callers.
	* examples/domain-events/events-c/event-test.c
	(eventDetailToString): Map new detail strings.

2011-09-02  Marc-André Lureau  <marcandre.lureau@redhat.com>

	Learn to use spicevmc as a redirection type for usb-redir

	Add "redirdev" redirection device
	- create a new "redirdev" element for this purpose

	qemu: Don't append 0 at usb id, so that it is compatible with legacy -usb
	QEMU uses USB bus name "usb.0" when using the legacy -usb argument.
	If we want to allow USB devices to specify their addresses with legacy
	-usb, we should either in case of legacy bus name drop the 0 from the
	address bus, or just drop the 0 from device id. This patch does the
	later.

	Another solution would be to permit addressing on non-legacy USB
	controllers only.

	qemu: don't reserve slot 1 if a PIIX3 USB controller is defined there
	Applies only to piix3 and check if piix3 controller is on correct
	address, or report error

	Modify USB port to be defined as a port path
	So that devices can be attached to hubs. Example, to attach to first
	port of a usb-hub on port 1.

	      <hub type='usb'>
	         <address type='usb' bus='0' port='1'/>
	      </hub>

	      <input type='mouse' type='usb'>
	         <address type='usb' bus='0' port='1.1'/>
	      </hub>

	also add a test entry

	Add USB hub device
	domain parsing and serialization code, qemu driver backend and
	a couple of test

	Add USB companion controllers support
	Companion controllers take an extra 'master' attribute to associate
	them.

	Also add tests for this

	USB devices gain a new USB address child element
	Expand the domain and the QEmu driver code
	Adds a couple of tests

	test: USB controller can have a PCI address child element
	add a few tests for the new constructs

	Add a new controller type 'usb' with optionnal 'model'
	The model by default is piix3-uchi.

	Example:
	<controller type='usb' index='0' model='ich9-ehci'/>

	Add USB controller models
	List is: piix3-uhci piix4-uhci ehci ich9-ehci1 ich9-uhci1 ich9-uhci2
	ich9-uhci3 vt82c686b-uhci pci-ohci

	Rename virDomainControllerModel to virDomainControllerModelSCSI
	Since we are about to add USB controller support let's remove the
	ambiguity

	Add various USB devices QEMU_CAPS

2011-09-02  Eric Blake  <eblake@redhat.com>

	snapshot: fix corner case on OOM during creation
	Commit 6766ff10 introduced a corner case bug with snapshot creation:
	if a snapshot is created, but then we hit OOM while trying to
	create the return value of the function, then we have polluted the
	internal directory with the snapshot metadata with no way to clean
	it up from the running libvirtd.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Don't
	write metadata file on OOM condition.

	tests: add missing files
	Created by copying from qemuxml2argv-disk-drive-v2-wb.*, then
	s/writeback/directsync/.  Hopefully this matches Osier's intentions.

	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-cache-directsync.args:
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-cache-directsync.xml:
	Add missing files needed by 'make check'.

2011-09-02  Osier Yang  <jyang@redhat.com>

	Add directsync cache mode support for disk driver
	Newer QEMU introduced cache=directsync for -drive, this patchset
	is to expose it in libvirt layer.

	  * Introduced a new QEMU capability flag ($prefix_CACHE_DIRECTSYNC),
	    As even $prefix_CACHE_V2 is set, we can't known if directsync
	    is supported.

	storage: Add virsh support for fs pool formating

	storage: Add fs pool formatting
	This patch adds the ability to make the filesystem for a filesystem
	pool during a pool build.

	The patch adds two new flags, no overwrite and overwrite, to control
	when mkfs gets executed.  By default, the patch preserves the
	current behavior, i.e., if no flags are specified, pool build on a
	filesystem pool only makes the directory on which the filesystem
	will be mounted.

	If the no overwrite flag is specified, the target device is checked
	to determine if a filesystem of the type specified in the pool is
	present.  If a filesystem of that type is already present, mkfs is
	not executed and the build call returns an error.  Otherwise, mkfs
	is executed and any data present on the device is overwritten.

	If the overwrite flag is specified, mkfs is always executed, and any
	existing data on the target device is overwritten unconditionally.

	storage: Add mkfs and libblkid to build system

	API: Init conn in case of it might be used uninitialized
	There is a goto before "conn" is initialized.

2011-09-02  Eric Blake  <eblake@redhat.com>

	qemu: detect incomplete save files
	Several users have reported problems with 'virsh start' failing because
	it was encountering a managed save situation where the managed save file
	was incomplete.  Be more robust to this by using two different magic
	numbers, so that newer libvirt can gracefully handle an incomplete file
	differently than a complete one, while older libvirt will at least fail
	up front rather than trying to load only to have qemu fail at the end.

	Managed save is a convenience - it exists to preserve as much state
	as possible; if the state was not preserved, it is reasonable to just
	log that fact, then proceed with a fresh boot.  On the other hand,
	user saves are under user control, so we must fail, but by making
	the failure message distinct, the user can better decide how to handle
	the situation of an incomplete save file.

	* src/qemu/qemu_driver.c (QEMUD_SAVE_PARTIAL): New define.
	(qemuDomainSaveInternal): Use it to mark incomplete images.
	(qemuDomainSaveImageOpen, qemuDomainObjRestore): Add parameter
	that controls what to do with partial images.
	(qemuDomainRestoreFlags, qemuDomainSaveImageGetXMLDesc)
	(qemuDomainSaveImageDefineXML, qemuDomainObjStart): Update callers.
	Based on an initial idea by Osier Yang.

	qemu: refactor file opening
	In a SELinux or root-squashing NFS environment, libvirt has to go
	through some hoops to create a new file that qemu can then open()
	by name.  Snapshots are a case where we want to guarantee an empty
	file that qemu can open; also, reopening a save file to convert it
	from being marked partial to complete requires a reopen to avoid
	O_DIRECT headaches.  Refactor some existing code to make it easier
	to reuse in later patches.

	* src/qemu/qemu_migration.h (qemuMigrationToFile): Drop parameter.
	* src/qemu/qemu_migration.c (qemuMigrationToFile): Let cgroup do
	the stat, rather than asking caller to do it and pass info down.
	* src/qemu/qemu_driver.c (qemuOpenFile): New function, pulled from...
	(qemuDomainSaveInternal): ...here.
	(doCoreDump, qemuDomainSaveImageOpen): Use it here as well.

2011-09-02  Wen Congyang  <wency@cn.fujitsu.com>

	reserve slot 1 on pci bus0
	After supporting multi function pci device, we only reserve function 1 on slot 1.
	The user can use the other function on slot 1 in the xml config file. We should
	detect this wrong usage.

2011-09-02  Xu He Jie  <xuhj@linux.vnet.ibm.com>

	libvirtd: create run dir when running at non-root user
	When libvirtd is running at non-root user, it won't create ${HOME}/.libvirt.

	It will show error message:
	17:44:16.838: 7035: error : virPidFileAcquirePath:322 : Failed to open pid file

2011-09-02  Scott Moser  <smoser@ubuntu.com>

	lxc: do not require 'ifconfig' or 'ipconfig' in container
	Currently, the lxc implementation invokes 'ip' and 'ifconfig' commands
	inside a container using 'virRun'.  That has the side effect of requiring
	those commands to be present and to function in a manner consistent with
	the usage.  Some small roots (such as ttylinux) may not have 'ip' or
	'ifconfig'.

	This patch replaces the use of these commands with usage of
	netdevice.  The result is that lxc containers do not have to implement
	those commands, and lxc in libvirt is only dependent on the netdevice
	interface.

	I've tested this patch locally against the ubuntu libvirt version enough
	to verify its generally sane.  I attempted to build upstream today, but
	failed with:
	  /usr/bin/ld:
	    ../src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_domain.o):
	   undefined reference to symbol 'xmlXPathRegisterNs@@LIBXML2_2.4.30

	Thats probably a local issue only, but I wanted to get this patch up and
	see what others thought of it.  This is ubuntu bug
	https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/828211 .

2011-09-02  Serge Hallyn  <serge.hallyn@canonical.com>

	Create ptmx as a device
	Hi,

	I'm seeing an issue with udev and libvirt-lxc.  Libvirt-lxc creates
	/dev/ptmx as a symlink to /dev/pts/ptmx.  When udev starts up, it
	checks the device type, sees ptmx is 'not right', and replaces it
	with a 'proper' ptmx.

	In lxc, /dev/ptmx is bind-mounted from /dev/pts/ptmx instead of being
	symlinked, so udev sees the right device type and leaves it alone.

	A patch like the following seems to work for me.  Would there be
	any objections to this?

	>From 4c5035de52de7e06a0de9c5d0bab8c87a806cba7 Mon Sep 17 00:00:00 2001
	From: Ubuntu <ubuntu@domU-12-31-39-14-F0-B3.compute-1.internal>
	Date: Wed, 31 Aug 2011 18:15:54 +0000
	Subject: [PATCH 1/1] make ptmx a bind mount rather than symlink

	udev on some systems checks the device type of /dev/ptmx, and replaces it if
	not as expected.  The symlink created by libvirt-lxc therefore gets replaced.
	By creating it as a bind mount, the device type is correct and udev leaves it
	alone.

2011-09-02  Adam Litke  <agl@us.ibm.com>

	BlockPull: Set initial bandwidth limit if specified
	The libvirt BlockPull API supports the use of an initial bandwidth limit but the
	qemu block_stream API does not.  To get the desired behavior we use the two APIs
	strung together: first BlockPull, then BlockJobSetSpeed.  We can do this at the
	driver level to avoid duplicated code in each monitor path.

	BlockJob: Bandwidth parameter is in MB when using text monitor
	Due to an unfortunate precedent in qemu, the units for the bandwidth parameter
	to block_job_set_speed are different between the text monitor and the qmp
	monitor.  While the qmp monitor uses bytes/s, the text monitor expects MB/s.

	Correct the units for the text interface.

2011-09-02  Jim Fehlig  <jfehlig@suse.com>

	Increase size of buffer for xend response
	On systems with many pcpus, the sexpr returned by xend can be quite
	large for dom0 when it is configured to have #vcpus = #pcpus (default).
	E.g. on a 80 pcpu system, where dom0 had 80 vcpus, the sexpr details
	for dom0 was 73817 bytes!  Increase maximum buffer size to 256k.

	Don't overwrite errors from xend_{get,req}
	xenDaemonDomainFetch() was overwriting errors reported by
	xend_get() and xend_req().  E.g. without patch

	error: failed Xen syscall xenDaemonDomainFetch failed to find this domain

	with patch

	error: internal error Xend returned HTTP Content-Length of 73817, which exceeds
	maximum of 65536

	Change my email domain
	I'd like to change my primary email address to jfehlig@suse.com.
	This patch changes it in AUTHORS and .mailmap.

2011-09-02  Eric Blake  <eblake@redhat.com>

	virsh: improve send-key documentation
	The 'virsh man' description of send-key was incomplete and used the
	old style (literal 'optional name' instead of '[name]' metasyntax).
	Meanwhile, none of the other virsh help texts include examples, so
	I moved it out of virsh help and into the man page.

	* tools/virsh.pod (send-key): Give better details.
	* tools/virsh.c (info_send_key): Drop example from here.

	virsh: support 'virsh start --force-boot' on older servers
	Managed save was added in 0.8.0, virDomainCreateWithFlags in 0.8.2,
	and FORCE_BOOT in 0.9.5.  The virsh flag is more useful if we
	emulate it for all older servers (note that if a hypervisor fails
	the query for a managed save image, then it does not have one to
	be removed, so the flag can be safely ignored).

	* tools/virsh.c (cmdStart): Add emulation for new flag.

2011-09-02  Alex Jia  <ajia@redhat.com>

	virsh: avoid memory leak on cmdVolCreateAs
	* tools/virsh.c: fix memory leak on cmdVolCreateAs function.

	* Detected in valgrind run:

	==4746==
	==4746== 48 (40 direct, 8 indirect) bytes in 1 blocks are definitely lost in loss record 26 of 52
	==4746==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==4746==    by 0x4C76E51: virAlloc (memory.c:101)
	==4746==    by 0x4CD9418: virGetStoragePool (datatypes.c:592)
	==4746==    by 0x4D21367: remoteStoragePoolLookupByName (remote_driver.c:4126)
	==4746==    by 0x4CE42B0: virStoragePoolLookupByName (libvirt.c:10232)
	==4746==    by 0x40C276: vshCommandOptPoolBy (virsh.c:13660)
	==4746==    by 0x40CA37: cmdVolCreateAs (virsh.c:8094)
	==4746==    by 0x412AF2: vshCommandRun (virsh.c:13770)
	==4746==    by 0x422F11: main (virsh.c:15127)
	==4746==
	==4746== 1,011 bytes in 1 blocks are definitely lost in loss record 45 of 52
	==4746==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==4746==    by 0x4A06167: realloc (vg_replace_malloc.c:525)
	==4746==    by 0x4C76ECB: virReallocN (memory.c:161)
	==4746==    by 0x4C60319: virBufferGrow (buf.c:72)
	==4746==    by 0x4C606AA: virBufferAdd (buf.c:106)
	==4746==    by 0x40CB37: cmdVolCreateAs (virsh.c:8118)
	==4746==    by 0x412AF2: vshCommandRun (virsh.c:13770)
	==4746==    by 0x422F11: main (virsh.c:15127)
	==4746==
	==4746== LEAK SUMMARY:
	==4746==    definitely lost: 1,051 bytes in 2 blocks
	==4746==    indirectly lost: 8 bytes in 1 blocks
	==4746==      possibly lost: 0 bytes in 0 blocks
	==4746==    still reachable: 390,767 bytes in 1,373 blocks
	==4746==         suppressed: 0 bytes in 0 blocks

	* How to reproduce?

	% valgrind -v --leak-check=full virsh vol-create-as default foo.img 10M \
	  --allocation 0 --format qcow2 --backing-vol bar.img

	Notes: bar.img doesn't exist.

2011-09-02  Eric Blake  <eblake@redhat.com>

	build: fix 'make check' with pdwtags
	Problem introduced by commit b12354b.

	* src/remote_protocol-structs: Remove spurious blank line.

2011-09-02  Jim Fehlig  <jfehlig@novell.com>

	virsh: Expose virDomainMigrateGetMaxSpeed API

	Add public API for getting migration speed
	Includes impl of python binding since the generator was not
	able to cope.

	Note: Requires gendispatch.pl patch from Matthias Bolte

	https://www.redhat.com/archives/libvir-list/2011-August/msg01367.html

2011-09-01  Eric Blake  <eblake@redhat.com>

	virsh: prefer unsigned flags
	virsh had some leftover 'int flags', and even an 'int flag'
	declaration, compared to our preferred style of 'unsigned int flags'.

	* tools/virsh.c (cmdUndefine, cmdSave, cmdSaveImageDumpxml)
	(cmdSaveImageEdit, cmdManagedSave, cmdRestore, cmdDump)
	(cmdVcpuPin, cmdSetvcpus, cmdSetmem, cmdSetmaxmem, cmdDumpXML)
	(cmdDomXMLFromNative, cmdDomXMLToNative, doMigrate)
	(cmdInterfaceEdit, cmdInterfaceDumpXML, cmdEdit): Match coding
	style for flags.
	(struct vshComdOptDef): Rename field member.
	(vshCmddefOptParse, vshCmddefHelp): Adjust clients.

2011-09-01  Daniel P. Berrange  <berrange@redhat.com>

	Fix tracking of RPC messages wrt streams
	Commit 2c85644b0b51fbe5b6244e6773531af29933a727 attempted to
	fix a problem with tracking RPC messages from streams by doing

	-            if (msg->header.type == VIR_NET_REPLY) {
	+            if (msg->header.type == VIR_NET_REPLY ||
	+                (msg->header.type == VIR_NET_STREAM &&
	+                 msg->header.status != VIR_NET_CONTINUE)) {
	                 client->nrequests--;

	In other words any stream packet, with status NET_OK or NET_ERROR
	would cause nrequests to be decremented. This is great if the
	packet from from a synchronous virStreamFinish or virStreamAbort
	API call, but wildly wrong if from a server initiated abort.
	The latter resulted in 'nrequests' being decremented below zero.
	This then causes all I/O for that client to be stopped.

	Instead of trying to infer whether we need to decrement the
	nrequests field, from the message type/status, introduce an
	explicit 'bool tracked' field to mark whether the virNetMessagePtr
	object is subject to tracking.

	Also add a virNetMessageClear function to allow a message
	contents to be cleared out, without adversely impacting the
	'tracked' field as a naive memset() would do

	* src/rpc/virnetmessage.c, src/rpc/virnetmessage.h: Add
	  a 'bool tracked' field and virNetMessageClear() API
	* daemon/remote.c, daemon/stream.c, src/rpc/virnetclientprogram.c,
	  src/rpc/virnetclientstream.c, src/rpc/virnetserverclient.c,
	  src/rpc/virnetserverprogram.c: Switch over to use
	  virNetMessageClear() and pass in the 'bool tracked' value
	  when creating messages.

	Avoid use-after-free on streams, due to message callbacks
	When sending outbound stream RPC messages, a callback is
	used to re-enable stream data transmission. If the stream
	aborts while one of these messages is outstanding, the
	stream may have been free'd by the time it is invoked. This
	results in a use-after-free error

	* daemon/stream.c: Ref-count streams to avoid use-after-free

	Fix parted sector size assumption
	Parted does not report disk size in 512 byte units, but
	rather the disks' logical sector size, which with modern
	drives might be 4k.

	* src/storage/parthelper.c: Remove hardcoded 512 byte sector
	  size

2011-09-01  Osier Yang  <jyang@redhat.com>

	qemu: Fix a regression of domain save
	* src/qemu/qemu_driver.c - qemuDomainSaveInternal: Return directly
	will keep the domain object locked, introduced by 173015bec6a.

	Revert "test: Cleanup improper VIR_ERR_NO_SUPPORT use"
	This reverts commit 172214bd304ff958160307be2efd6614e9868946.

	storage: Fix incorrect error codes
	Commit 0376f4a69b intended to fix incorrect use of VIR_ERR_NO_SUPPORT,
	but replacing it with VIR_ERR_OPERATION_INVALID is not proper either.

	remote: Fix incorrect error codes
	Introduced by d4b53ef6c. For "no internalFlags support", the
	error code is changed into INTERNAL_ERROR.

	nodeinfo: Fix incorrect error codes
	Introduced by 5e495c8b, except the ones for checking if numa
	is supported by host, all the NO_SUPPORT are changed back. For
	the ones about numa checking, change them into INTERNAL_ERROR.

	lxc: Fix incorrect changes on error codes.
	Fix incorrect changes introduced by commit 6ac47762bb9.

	conf: Substitute OPERATION_INVALID with INTERNAL_ERROR

2011-09-01  Daniel P. Berrange  <berrange@redhat.com>

	Stop libxl driver polluting logs on non-Xen hosts
	If the libxl driver is compiled in, then everytime libvirtd
	starts up on a non-Xen Dom0 host, it logs a error message.
	Since this is an expected condition, we should not log at
	'error' level, only 'info'.

	* src/libxl/libxl_driver.c: Lower log level for certain
	  expected errors during driver init

	Fix memory leak parsing 'relabel' attribute in domain security XML
	* src/conf/domain_conf.c: Free the 'relabel' attribute

	Fix memory leak dispatching domain events
	When dispatching domain events we will create an XDR struct
	containing the event info. Some of this data may be allocated
	on the heap and so must be freed. The graphics event dispatcher
	had a broken attempt to free one field, but missed others. All
	the events have a dom->name string that needs freeing. The code
	should have used the xdr_free() procedure for doing all this

	* daemon/remote.c: Use xdr_free after dispatching events

	Don't leak memory if a cgroup is mounted multiple times
	It is possible (expected/likely in Fedora 15) for a cgroup controller
	to be mounted in multiple locations at the same time, due to bind
	mounts. Currently we leak memory if this happens, because we overwrite
	the previous 'mountPoint' string. Instead just accept the first match
	we find.

	* src/util/cgroup.c: Only accept first match for a cgroup
	  controller mount

2011-08-31  Eric Blake  <eblake@redhat.com>

	security: fix build
	Regression introduced in commit 183383889.

	* src/libvirt_private.syms (security_manager.h): Drop deleted
	symbol. Detected by build-bot.

2011-08-31  Guannan Ren  <gren@redhat.com>

	stream: remove redundant reference to client while sending stream data
	    *daemon/stream.c: remove virNetServerClientRef()

2011-08-31  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus virSecurityManagerSetProcessFDLabel method
	The virSecurityManagerSetProcessFDLabel method was introduced
	after a mis-understanding from a conversation about SELinux
	socket labelling. The virSecurityManagerSetSocketLabel method
	should have been used for all such scenarios.

	* src/security/security_apparmor.c, src/security/security_apparmor.c,
	  src/security/security_driver.h, src/security/security_manager.c,
	  src/security/security_manager.h, src/security/security_selinux.c,
	  src/security/security_stack.c: Remove SetProcessFDLabel driver

	Fix sanlock socket security labelling
	It is not possible to change the label of a TCP socket once it
	has been opened. When creating a TCP socket care must be taken
	to ensure the socket creation label is set & then cleared.
	Remove the bogus call to virSecurityManagerSetProcessFDLabel
	from the lock driver guest setup code and instead make use of
	virSecurityManagerSetSocketLabel

	Fix incorrect path length check in sanlock lockspace setup
	The code for creating a sanlock lockspace accidentally used
	SANLK_NAME_LEN instead of SANLK_PATH_LEN for a size check.
	This meant disk paths were limited to 48 bytes !

	* src/locking/lock_driver_sanlock.c: Fix disk path length
	  check

2011-08-31  Eric Blake  <eblake@redhat.com>

	snapshot: forbid snapshot on autodestroy domain
	There is no reason to forbid pausing an autodestroy domain
	(not to mention that 'virsh start --paused --autodestroy'
	succeeds in creating a paused autodestroy domain).

	Meanwhile, qemu was failing to enforce the API documentation that
	autodestroy domains cannot be saved.  And while the original
	documentation only mentioned save/restore, snapshots are another
	form of saving that are close enough in semantics as to make no
	sense on one-shot domains.

	* src/qemu/qemu_driver.c (qemudDomainSuspend): Drop bogus check.
	(qemuDomainSaveInternal, qemuDomainSnapshotCreateXML): Forbid
	saves of autodestroy domains.
	* src/libvirt.c (virDomainCreateWithFlags, virDomainCreateXML):
	Document snapshot interaction.

2011-08-31  Philipp Hahn  <hahn@univention.de>

	Fix error detection in device change
	According to qemu-kvm/qerror.c all messages start with a capital
	"Device ", but the current code only scans for the lower case "device ".
	This results in "virDomainUpdateDeviceFlags()" to not detect locked
	CD-ROMs and reporting success even in the case of a failure:
		# virsh qemu-monitor-command "$VM" change\ drive-ide0-0-0\ \"/var/lib/libvirt/images/ucs_2.4-0-sec4-20110714145916-dvd-amd64.iso\"
		Device 'drive-ide0-0-0' is locked
		# virsh update-device "$VM" /dev/stdin <<<"<disk type='file' device='cdrom'><driver name='qemu' type='raw'/><source file='/var/lib/libvirt/images/ucs_2.4-0-sec4-20110714145916-dvd-amd64.iso'/><target dev='hda' bus='ide'/><readonly/><alias name='ide0-0-0'/><address type='drive' controller='0' bus='0' unit='0'/></disk>"
		Device updated successfully

2011-08-30  Eric Blake  <eblake@redhat.com>

	start: allow discarding managed save
	There have been several instances of people having problems with
	a broken managed save file, and not aware that they could use
	'virsh managedsave-remove dom' to fix things.  Making it possible
	to do this as part of starting a domain makes the same functionality
	easier to find, and one less API call.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_START_FORCE_BOOT): New
	flag.
	* src/libvirt.c (virDomainCreateWithFlags): Document it.
	* src/qemu/qemu_driver.c (qemuDomainObjStart): Alter signature.
	(qemuAutostartDomain, qemuDomainStartWithFlags): Update callers.
	* tools/virsh.c (cmdStart): Expose it in virsh.
	* tools/virsh.pod (start): Document it.

	build: simplify use of verify
	Back in 2008 when this line of util.h was written, gnulib's verify
	module didn't allow the use of multiple verify() in one file
	in combination with our choice of gcc -W options.  But that has
	since been fixed in gnulib, and newer gnulib even maps verify()
	to the C1x feature of _Static_assert, which gives even nicer
	diagnostics with a new enough compiler, so we might as well go
	with the simpler verify().

	* src/util/util.h (VIR_ENUM_IMPL): Use simpler verify, now that
	gnulib module is smarter.

	qemu: properly label outgoing pipe for tunneled migration
	Commit 3261761 made it possible to use pipes instead of sockets
	for outgoing tunneled migration; however, it caused a regression
	because the pipe was never given a SELinux label.

	* src/qemu/qemu_migration.c (doTunnelMigrate): Label outgoing pipe.

2011-08-30  Guannan Ren  <gren@redhat.com>

	rpc: fix a typo in debugging log in virNetServerProgramSendStreamData
	The bufferOffset has been initialized to zero in virNetMessageEncodePayloadRaw(),
	so, we use bufferLength to represent the length of message which is going to be
	sent to client side.

2011-08-27  Eric Blake  <eblake@redhat.com>

	maint: fix spelling errors on lose
	* docs/drvqemu.html.in: Fix typo.
	* src/libvirt.c (virDomainCreateXML, virDomainCreateWithFlags):
	Likewise.

2011-08-27  Jim Fehlig  <jfehlig@novell.com>

	Fix generator to cope with call-by-ref long types
	From: Matthias Bolte <matthias.bolte@googlemail.com>
	Tested-by: Jim Fehlig <jfehlig@novell.com>

	Matthias provided this patch to fix an issue I encountered in the
	generator with APIs containing call-by-ref long type, e.g.

	int virDomainMigrateGetMaxSpeed(virDomainPtr domain,
	                                unsigned long *bandwidth,
	                                unsigned int flags);

2011-08-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	hyperv: Add basic documentation

	hyperv: Add basic driver for Microsoft Hyper-V
	Domain listing, basic information retrieval and domain life cycle
	management is implemented. But currently the domain XML output
	lacks the complete devices section.

	The driver uses OpenWSMAN to directly communicate with a Hyper-V
	server over its WS-Management interface exposed via Microsoft WinRM.

	The driver is based on the work of Michael Sievers. This started in
	the same master program project group at the University of Paderborn
	as the ESX driver.

	See Michael's blog for details: http://hyperv4libvirt.wordpress.com/

	hyperv: Add OpenWSMAN based client for the Hyper-V WMI API
	Add a generator script to generate the structs and serialization
	information for OpenWSMAN.

	openwsman.h collects workarounds for problems in OpenWSMAN <= 2.2.6.
	There are also disabled sections that would use ws_serializer_free_mem
	but can't because it's broken in OpenWSMAN <= 2.2.6. Patches to fix
	this have been posted upstream.

	hyperv: Add driver skeleton

	hyperv: Add configure check for OpenWSMAN

2011-08-26  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	schedinfo: update man page about virsh schedinfo command
	This patch updates the man page about virsh schedinfo command.

	 - fix typo: 1844674407370955 -> 18446744073709551
	 - describe the value 0 of vcpu_period and vcpu_quota parameters

2011-08-26  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	Fix persistent migration config save
	When a user migrates a domain by command as

	libvirt saves vm's domain XML config in destination host after migration.
	But it saves vm->def. Then, the saved XML contains some garbage.

	  <domain type='kvm' id='50'>
	                     ^^^^^^^^
	  ...
	   <console type='pty' tty='/dev/pts/5'>
	                       ^^^^^^^^^^^^^^^^^

	Avoid saving unnecessary things by saving persistent vm definition.

2011-08-26  Jiri Denemark  <jdenemar@redhat.com>

	rpc: Don't close connection if program is unknown
	In case we add a new program in the future (we did that in the past and
	we are going to do it again soon) current daemon will behave badly with
	new client that wants to use the new program. Before the RPC rewrite we
	used to just send an error reply to any request with unknown program.
	With the RPC rewrite in 0.9.3 the daemon just closes the connection
	through which such request was sent. This patch fixes this regression.

2011-08-26  Michal Privoznik  <mprivozn@redhat.com>

	remote: Refuse connecting to remote socket
	If users wants to connect to remote unix socket, e.g.
	'qemu+unix://<remote>/system' currently the <remote> part is ignored,
	ending up connecting to localhost. Connecting to remote socket is not
	supported and user should have used TLS/TCP/SSH instead.

	virterror: Fix error message for VIR_ERR_INVALID_ARG
	When a detail message is presented, nobody expects prefix 'invalid
	argument in' but something more general, like 'invalid argument:'.

2011-08-26  Daniel P. Berrange  <berrange@redhat.com>

	Detect errors from the 'sendkey' command
	On success, the 'sendkey' command does not return any data, so
	any data in the reply should be considered to be an error
	message

	* src/qemu/qemu_monitor_text.c: Treat non-"" reply data as an
	  error message for 'sendkey' command

	Fix keymap used to talk with QEMU
	The QEMU 'sendkey' command expects keys to be encoded in the same
	way as the RFB extended keycode set. Specifically it wants extended
	keys to have the high bit of the first byte set, while the Linux
	XT KBD driver codeset uses the low bit of the second byte. To deal
	with this we introduce a new keymap 'RFB' and use that in the QEMU
	driver

	* include/libvirt/libvirt.h.in: Add VIR_KEYCODE_SET_RFB
	* src/qemu/qemu_driver.c: Use RFB keycode set instead of XT KBD
	* src/util/virkeycode-mapgen.py: Auto-generate the RFB keycode
	  set from the XT KBD set
	* src/util/virkeycode.c: Add RFB keycode entry to table. Add a
	  verify check on cardinality of the codeOffset table

2011-08-26  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Clarify documentation of -d option
	The default is 4, not 0.

	qemu: Correctly label migration TCP socket

	security: Introduce SetSocketLabel
	This API labels all sockets created until ClearSocketLabel is called in
	a way that a vm can access them (i.e., they are labeled with svirt_t
	based label in SELinux).

	security: Rename SetSocketLabel APIs to SetDaemonSocketLabel
	The APIs are designed to label a socket in a way that the libvirt daemon
	itself is able to access it (i.e., in SELinux the label is virtd_t based
	as opposed to svirt_* we use for labeling resources that need to be
	accessed by a vm). The new name reflects this.

	Ignore unused streams in virStreamAbort
	When virStreamAbort is called on a stream that has not been used yet,
	quite confusing error is returned: "this function is not supported by
	the connection driver". Let's just ignore such streams as there's
	nothing to abort anyway.

	Do not try to cancel non-existent migration on source
	If migration failed on source daemon, the migration is automatically
	canceled by the daemon itself. Thus we don't need to call
	virDomainMigrateConfirm3(cancelled=1). Calling it doesn't cause any harm
	but the resulting error message printed in logs may confuse people.

2011-08-26  Eric Blake  <eblake@redhat.com>

	snapshot: track current snapshot across restarts
	Audit all changes to the qemu vm->current_snapshot, and make them
	update the saved xml file for both the previous and the new
	snapshot, so that there is always at most one snapshot with
	<active>1</active> in the xml, and that snapshot is used as the
	current snapshot even across libvirtd restarts.

	This patch does not fix the case of virDomainSnapshotDelete(,CHILDREN)
	where one of the children is the current snapshot; that will be later.

	* src/conf/domain_conf.h (_virDomainSnapshotDef): Alter member
	type and name.
	* src/conf/domain_conf.c (virDomainSnapshotDefParseString)
	(virDomainSnapshotDefFormat): Update clients.
	* docs/schemas/domainsnapshot.rng: Tighten rng.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotLoad): Reload current
	snapshot.
	(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot)
	(qemuDomainSnapshotDiscard): Track current snapshot.

	snapshot: only pass snapshot to qemu command line when reverting
	Changing the current vm, and writing that change to the file
	system, all before a new qemu starts, is risky; it's hard to
	roll back if starting the new qemu fails for some reason.
	Instead of abusing vm->current_snapshot and making the command
	line generator decide whether the current snapshot warrants
	using -loadvm, it is better to just directly pass a snapshot all
	the way through the call chain if it is to be loaded.

	This frees up the last use of snapshot->def->active for qemu's
	use, so the next patch can repurpose that field for tracking
	which snapshot is current.

	* src/qemu/qemu_command.c (qemuBuildCommandLine): Don't use active
	field of snapshot.
	* src/qemu/qemu_process.c (qemuProcessStart): Add a parameter.
	* src/qemu/qemu_process.h (qemuProcessStart): Update prototype.
	* src/qemu/qemu_migration.c (qemuMigrationPrepareAny): Update
	callers.
	* src/qemu/qemu_driver.c (qemudDomainCreate)
	(qemuDomainSaveImageStartVM, qemuDomainObjStart)
	(qemuDomainRevertToSnapshot): Likewise.
	(qemuDomainSnapshotSetCurrentActive)
	(qemuDomainSnapshotSetCurrentInactive): Delete unused functions.

	snapshot: don't leak resources on qemu snapshot failure
	https://bugzilla.redhat.com/show_bug.cgi?id=727709
	mentions that if qemu fails to create the snapshot (such as what
	happens on Fedora 15 qemu, which has qmp but where savevm is only
	in hmp, and where libvirt is old enough to not try the hmp fallback),
	then 'virsh snapshot-list dom' will show a garbage snapshot entry,
	and the libvirt internal directory for storing snapshot metadata
	will have a bogus file.

	This fixes the fallout bug of polluting the snapshot-list with
	garbage on failure (the root cause of the F15 bug of not having
	fallback to hmp has already been fixed in newer libvirt releases).

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Allocate
	memory before making snapshot, and cleanup on failure.  Don't
	dereference NULL if transient domain exited during snapshot creation.

2011-08-26  Alex Jia  <ajia@redhat.com>

	libvirt: avoid dead store in virDomainMigrateVersion3
	* src/qemu/qemu_migration.c: avoid dead 'ret' assignment and silence
	  clang warning.

	Detected by ccc-analyzer:

	libvirt.c:4277:5: warning: Value stored to 'ret' is never read
	    ret = domain->conn->driver->domainMigrateConfirm3
	    ^     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	qemu: avoid dead store in doPeer2PeerMigrate3
	* src/qemu/qemu_migration.c: avoid dead 'ret' assignment and silence
	  clang warning.

	Detected by ccc-analyzer:

	  CC     libvirt_driver_qemu_la-qemu_migration.lo
	qemu/qemu_migration.c:2046:5: warning: Value stored to 'ret' is never read
	    ret = qemuMigrationConfirm(driver, sconn, vm,
	    ^     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2011-08-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix command test wrt gnutls initialize & fix debugging
	The VIR_TEST_DEBUG and VIR_TEST_VERBOSE env vars did not work
	because we replaced 'environ' with 'newenv'. Simply calling
	virTestGetDebug/Verbose() before replacing the 'environ' ensures
	we have processed the env variables.

	The gnutls initialization code opens /dev/urandom and keeps that
	FD around for later use. We have code which kills off FDs 3-5
	to avoid interfereing with our test case. Move the virInitialize
	call before this point, so it kills off the gnutls /dev/urandom
	FD which is irrelevant for testing purposes

	* tests/commandtest.c: Fix test debugging & make it robust against
	  opened FDs

2011-08-25  Michal Privoznik  <mprivozn@redhat.com>

	daemon: Move TLS initialization to virInitialize
	My previous patch 74c75671331d284e1f777f9692b72e9737520bf0
	introduced a regression by removing TLS initialization from client.

2011-08-25  Laine Stump  <laine@laine.org>

	util: only fchown newly created files in virFileOpenAs
	virFileOpenAs takes desired uid:gid as arguments, and not only uses
	them for a fork/setuid/setgid when retrying failed open operations,
	but additionally always forces the opened file to be owned by the
	given uid:gid.

	One example of the problems this causes is that, when restoring a
	domain from a file that is owned by the qemu user, opening the file
	chowns it to root. if dynamic_ownership=1 this is coincidentally
	expected, but if dynamic_ownership=0, no existing file should ever
	have its ownership changed.

	This patch adds an extra check before calling fchown() - it only does
	it if O_CREAT was passed to virFileOpenAs() in the openflags.

2011-08-25  Shradha Shah  <sshah@solarflare.com>

	qemu: fix off-by-one in pci slot reservation

2011-08-25  Steve Hodgson  <shodgson@solarflare.com>

	maint: attribute second author of previous patch

2011-08-25  Shradha Shah  <sshah@solarflare.com>

	pci: fix pciDeviceListSteal on multiple devices
	pciDeviceListSteal(pcidevs, dev) removes dev from pcidevs reducing
	the length of pcidevs, so moving onto what was the next dev is wrong.

	Instead callers should pop entry 0 repeatedly until pcidevs is empty.

2011-08-24  Eric Blake  <eblake@redhat.com>

	libvirt: log all flags parameters
	I was testing a virsh patch, and wanted to see if I had passed the
	flags I thought.  But with LIBVIRT_DEBUG in the environment, I just
	saw:

	14:24:52.359: 15022: debug : virDomainSnapshotNum:15586 : dom=0xc9c180, (VM: name=rhel_6-64, uuid=48f8e8e7-e14f-0e14-02f0-ce71997bdcab),

	including a trailing space.  This fixes the issues.

	* src/libvirt.c: Log flag parameters, even if currently unused.
	(VIR_DOMAIN_DEBUG_0): Drop trailing comma in log.
	(VIR_DOMAIN_DEBUG_1): Split guts into...
	(VIR_DOMAIN_DEBUG_2): ...new macro.

	virsh: add list --managed-save
	Knowing whether 'virsh start' will resume a saved image or do
	a fresh boot is useful enough to expose via 'virsh list'.

	Also, translate the state column.

	* tools/virsh.c (cmdList): add --managed-save flag
	* tools/virsh.pod (list): Document it.
	Based on a suggestion by Miklos Vajna.

2011-08-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Use $(PYTHON) instead of the shebang to run the generator

2011-08-24  Osier Yang  <jyang@redhat.com>

	qemu: Report error if qemu monitor command not found for BlockJob
	* src/qemu/qemu_monitor_json.c: Handle error "CommandNotFound" and
	  report the error.

	* src/qemu/qemu_monitor_text.c: If a sub info command is not found,
	  it prints the output of "help info", for other commands,
	  "unknown command" is printed.

	Without this patch, libvirt always report:

	  An error occurred, but the cause is unknown

	This patch was adapted from a patch by Osier Yang <jyang@redhat.com> to
	break out detection of unrecognized text monitor commands into a separate
	function.

2011-08-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Refactor a repeated string in the generator

2011-08-24  Eric Blake  <eblake@redhat.com>

	maint: fix comment typos
	* src/qemu/qemu_driver.c (qemuDomainSaveInternal): Fix typo.
	* src/conf/domain_event.c (virDomainEventDispatchMatchCallback):
	Likewise.
	* daemon/libvirtd.c (daemonRunStateInit): Likewise.
	* src/lxc/lxc_container.c (lxcContainerChildMountSort): Likewise.
	* src/util/virterror.c (virCopyError, virRaiseErrorFull): Likewise.
	* src/xenxs/xen_sxpr.c (xenParseSxprSound): Likewise.

2011-08-23  Osier Yang  <jyang@redhat.com>

	virsh: Substitute goto label out with cleanup
	Introduced by 241cbc13a, pushed under urgent rule.

	virsh: Do not try to free domain if it is NULL
	Without these patch, there will be error like below if domain
	is NULL.

	error: invalid domain pointer in virDomainFree

	Which is useless.

	xen: Cleanup improper VIR_ERR_NO_SUPPORT use

	test: Cleanup improper VIR_ERR_NO_SUPPORT use

	storage: Cleanup improper VIR_ERR_NO_SUPPORT use

	remote: Cleanup improper VIR_ERR_NO_SUPPORT use

	qemu: Cleanup improper VIR_ERR_NO_SUPPORT use
	* src/qemu/qemu_command.c: s/VIR_ERR_NO_SUPPORT/VIR_ERR_CONFIG_UNSUPPORTED/

	* src/qemu/qemu_driver.c: s/VIR_ERR_NO_SUPPORT/VIR_ERR_OPERATION_INVALID/

	* src/qemu/qemu_process.c: s/VIR_ERR_NO_SUPPORT/VIR_ERR_OPERATION_INVALID/

	nodeinfo: Cleanup improper VIR_ERR_NO_SUPPORT use

	lxc: Cleanup improper VIR_ERR_NO_SUPPORT use
	s/VIR_ERR_NO_SUPPORT/VIR_ERR_OPERATION_INVALID/

	Special case is changes on lxcDomainInterfaceStats, if it's not
	implemented on the platform, prints error like:

	    lxcError(VIR_ERR_OPERATION_INVALID, "%s",
	             _("interface stats not implemented on this platform"));

	As the function is supported by driver actually, error like
	VIR_ERR_NO_SUPPORT is confused.

	conf: Cleanup improper use of VIR_ERR_NO_SUPPORT in node_device_conf

	qemu: Substitute VIR_ERR_NO_SUPPORT with VIR_ERR_OPERATION_INVALID
	* src/qemu/qemu_monitor_text.c: Error like "this function is not
	supported by the connection driver" is confused obviously.

	virsh: Print error if specified bandwidth is invalid for blockjob
	It's strange that the command fails but without any error if one
	specifies as not a number.

2011-08-22  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	send-key: fix scan keycode map
	Now, bad key-code in send-key can cause segmentation fault in libvirt.
	(example)
	 % virsh send-key --codeset win32 12
	   error: End of file while reading data: Input/output error

	This is caused by overrun at scanning keycode array.

	Fix it.

2011-08-22  Eric Blake  <eblake@redhat.com>

	build: work around older systemtap header
	Systemtap 1.2 <sys/sdt.h> tried to expand STAP_PROBE3 into an
	initialization:
	  volatile __typeof__(arg) foo = arg;
	but that fails if arg was declared as 'char arg[100]'.
	Rather than make all callers to PROBE deal with the stupidity
	of <sys/sdt.h>, we instead make PROBE cast away the problem.
	Some of this preprocessor abuse copies ideas in src/libvirt.c.

	* daemon/libvirtd.h (PROBE): Add casts to all arguments, using...
	(VIR_ADD_CASTS, VIR_ADD_CAST, VIR_ADD_CAST2, VIR_ADD_CAST3)
	(VIR_ADD_CAST_EXPAND, VIR_ADD_CAST_PASTE, VIR_COUNT_ARGS)
	(VIR_ARG5, PROBE_EXPAND): New macros.
	Reported by Wen Congyang.

2011-08-19  Eric Blake  <eblake@redhat.com>

	virsh: properly interleave shared stdout and stderr
	Without this patch, invoking 'virsh >file 2>&1' results in
	error messages appearing before normal output, even if they
	occurred later in time than the normal output (since stderr
	is unbuffered, but stdout waits until a full buffer).

	* tools/virsh.c (print_job_progress, vshError): Flush between
	stream transitions.
	* tests/undefine: Test it.

	maint: simplify lots of libxml2 clients
	Repetitive patterns should be factored.  The sign of a good
	factorization is a change that kills 5x more lines than it adds :)

	* src/conf/domain_conf.c (virDomainDeviceDefParse)
	(virDomainSnapshotDefParseString): Use new convenience macros.
	* src/conf/storage_conf.c (virStoragePoolDefParseSourceString):
	Likewise.
	* src/cpu/cpu.c (cpuCompareXML, cpuBaselineXML): Likewise.
	* src/esx/esx_vi.c (esxVI_Context_Execute): Likewise.
	* src/qemu/qemu_migration.c (qemuMigrationCookieXMLParseStr):
	Likewise.
	* src/security/virt-aa-helper.c (caps_mockup): Likewise.
	* src/test/test_driver.c (testOpenFromFile): Likewise.
	* tests/cputest.c (cpuTestLoadXML, cpuTestLoadMultiXML):
	Likewise.
	* tools/virsh.c (cmdFreecell, makeCloneXML, cmdVNCDisplay)
	(cmdTTYConsole, cmdDetachInterface, cmdDetachDisk)
	(cmdSnapshotCreate, cmdSnapshotCreateAs, cmdSnapshotCurrent)
	(cmdSnapshotList, cmdSnapshotParent): Likewise.

	xml: add another convenience function
	Often, we want to use XPath functions on the just-parsed document;
	fold this into the parser function for convenience.

	* src/util/xml.h (virXMLParseHelper): Add argument.
	(virXMLParseStrHelper, virXMLParseFileHelper): Delete.
	(virXMLParseCtxt, virXMLParseStringCtxt, virXMLParseFileCtxt): New
	macros.
	* src/libvirt_private.syms (xml.h): Remove deleted functions.
	* src/util/xml.c (virXMLParseHelper): Add argument.
	(virXMLParseStrHelper, virXMLParseFileHelper): Delete.

	maint: treat more libxml2 functions as free-like
	* cfg.mk (useless_free_options): Add xmlFreeDoc, xmlBufferFree.
	* src/esx/esx_vi.c (ESX_VI__TEMPLATE__FREE): Fix offenders.
	* tools/virsh.c (cmdFreecell, cmdVNCDisplay, cmdTTYConsole)
	(cmdDetachInterface, cmdDetachDisk, cmdSnapshotCreate)
	(cmdSnapshotCreateAs, cmdSnapshotList, cmdSnapshotParent):
	Likewise.

	test: rewrite test to match change in behavior
	Test failure exposed in commit 7d3390f.

	* tests/undefine: Fix to match updated test driver semantics.

	build: fix typo in recent test patch
	* src/test/test_driver.c (testDomainUndefineFlags): Use right
	variable name.

	Revert "xen: Allow to undefine a running domain (xm_internal)"
	ACK was given too soon.  According to the code, the xm driver is
	only used for inactive domains, and has no notion of an active
	domain, thus, it cannot support undefine of a running domain.
	The real fix for xen needs to be in the unified driver and/or
	the xend level.

	This reverts commit 49186deda62161599877b0de6f7f4345c50d842a.

2011-08-19  Osier Yang  <jyang@redhat.com>

	xen: Allow to undefine a running domain (xm_internal)

	vmware: Allow to undefine a running domain

	uml: Allow to undefine a running domain

	test: Allow to undefine a running domain

	qemu: Allow to undefine a running domain

	openvz: Allow to undefine a running domain

	lxc: Allow to undefine a running domain

	libxl: Allow to undefine a running domain.
	Undefining a running domain will convert it to trasient, but keep
	the domain still running.

	qemu: Get memory balloon info correctly for text monitor
	* src/qemu/qemu_monitor_text.c: BALLOON_PREFIX was defined as
	"balloon: actual=", which cause "actual=" is stripped early before
	the real parsing. This patch changes BALLOON_PREFIX into "balloon: ",
	and modifies related functions, also renames
	"qemuMonitorParseExtraBalloonInfo" to "qemuMonitorParseBalloonInfo",
	as after the changing, it parses all the info returned by "info balloon".

2011-08-19  Eric Blake  <eblake@redhat.com>

	build: fix compilation on mingw64
	* .gnulib: Update to latest, for getcwd fixes.
	* bootstrap: Resync to gnulib.

2011-08-19  Michal Privoznik  <mprivozn@redhat.com>

	storage: Flush host cache after write
	Although we are flushing cache after some critical writes (e.g.
	volume creation), after some others we do not (e.g. volume cloning).
	This patch fix this issue. That is for volume cloning, writing
	header of logical volume, and storage wipe.

	daemon: initialize GnuTLS
	When spice_tls is set but listen_tls is not, we don't initialize
	GnuTLS library. So any later gnutls call (e.g. during migration,
	where we initialize a certificate) will access uninitialized GnuTLS
	internal structs and throws an error.

	Although, we might now initialize GnuTLS twice, it is safe according
	to the documentation:

	    This function can be called many times,
	    but will only do something the first time.

	This patch creates 2 functions: virNetTLSInit and virNetTLSDeinit
	with respect to written above.

2011-08-19  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	schedinfo: add missing documentation
	This patch adds the missing documentation about the scheduler parameter
	"vcpu_period" and "vcpu_quota".

2011-08-19  Eric Blake  <eblake@redhat.com>

	maint: ignore generated file
	I did 'git add .' while in the middle of 'make syntax-check', and
	it picked up a temporary file that should not be committed.

	* .gitignore: Ignore sc_* from syntax check.

2011-08-18  Eric Blake  <eblake@redhat.com>

	build: fix virnetsocket on mingw
	Regression introduced in commit 5d30db0.

	* src/rpc/virnetsocket.c (virNetSocketNewListenUNIX) [WIN32]: Use
	correct signature.

	build: fix virpidfile on mingw
	Regression introduced in commit b7e5ca4.

	Mingw lacks kill(), but we were only using it for a sanity check;
	so we can go with one less check.

	Also, on OOM error, this function should outright fail rather than
	claim that the pid file was successfully read.

	* src/util/virpidfile.c (virPidFileReadPathIfAlive): Skip kill
	call where unsupported, and report error on OOM.

2011-08-18  Daniel P. Berrange  <berrange@redhat.com>

	Ensure async packets never get marked for sync replies
	If a client had initiated a stream abort, it will have a call
	waiting for a reply in the queue. If more data continues to
	arrive on the stream, the abort command could mistakenly get
	signalled as complete. Remove the code from async data processing
	that looked for waiting calls. Add a sanity check to ensure no
	async call can ever be marked as needing a reply

	* src/rpc/virnetclient.c: Ensure async data packets can't
	  trigger a reply

	Don't attempt to read from a stream if it is closed
	The I/O event callback processes incoming packets first, and then
	does outgoing packets. If the incoming packet caused the stream to
	close, then the attempt to process outgoing data resulted in an
	error. This caused libvirt to then send an error back to the client,
	but the stream had already been stopped. This confused the client
	since it sees 2 error events.

	* daemon/stream.c: Don't attempt read if stream is closed

2011-08-17  Tom Vijlbrief  <tom.vijlbrief@xs4all.nl>

	qemu: disk migration verbose progress
	A virsh command like:

	migrate --live --copy-storage-all Guest qemu+ssh://user@host/system
	--persistent --verbose

	shows

	Migration: [  0 %]

	during the storage copy and does not start counting
	until the ram transfer starts

	Fix this by scraping optional disk transfer status, and adding it
	into the progress meter.

2011-08-17  Eric Blake  <eblake@redhat.com>

	virsh: concatenate qemu-monitor-command arguments
	Call me lazy, but:

	virsh qemu-monitor-command dom --hmp info status

	is nicer than:

	virsh qemu-monitor-command dom --hmp 'info status'

	* tools/virsh.c (cmdQemuMonitorCommand): Allow multiple arguments,
	for convenience.

2011-08-17  Osier Yang  <jyang@redhat.com>

	qemu: Init reattaching related members of pciDevice before reattach
	Otherwise the device will still be bound to pci-stub driver even
	it's set as "managed=yes" when do detaching. Of course, it won't
	triger any driver reprobing too.

2011-08-17  Eric Blake  <eblake@redhat.com>

	virsh: tweak misleading wording
	Fixes confusing docs introduced in commit 98369d3.

	* tools/virsh.c (cmdSnapshotParent): Operates on named snapshot,
	not current.

2011-08-17  Daniel P. Berrange  <berrange@redhat.com>

	Tweak debugging message in RPC client code
	Make it clearer that a log message is for an outgoing message

	Fix race condition in abort of stream
	If a stream gets a server initiated abort, the client may still
	send an abort request before it receives the server side abort.
	This causes the server to send back another abort for the
	stream. Since the protocol defines that abort is the last thing
	to be sent, the client gets confused by this second abort from
	the server. If the stream is already shutdown, just drop any
	client requested abort, rather than sending back another message.
	This fixes the regression from previous versions.

	Tested as follows

	In one virsh session

	  virsh # start foo
	  virsh # console foo

	In other virsh session

	  virsh # destroy foo

	The first virsh session should be able to continue issuing
	commands without error. Prior to this patch it saw

	  virsh # list
	  error: Failed to list active domains
	  error: An error occurred, but the cause is unknown

	  virsh # list
	  error: Failed to list active domains
	  error: no call waiting for reply with prog 536903814 vers 1 serial 9

	* src/rpc/virnetserverprogram.c: Drop abort requests
	  for streams which no longer exist

	Ensure client streams are closed when marking a client for close
	Every active stream results in a reference being held on the
	virNetServerClientPtr object. This meant that if a client quit
	with any streams active, although all I/O was stopped the
	virNetServerClientPtr object would leak. This causes libvirtd
	to leak any file handles associated with open streams when a
	client quit

	To fix this, when we call virNetServerClientClose there is a
	callback invoked which lets the daemon release the streams
	and thus the extra references

	* daemon/remote.c: Add a hook to close all streams
	* daemon/stream.c, daemon/stream.h: Add API for releasing
	  all streams
	* src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h:
	  Allow registration of a hook to trigger when closing client

	Ensure stream is aborted when exiting console
	After running 'virsh console' in interactive mode, there was a
	missing call to virStreamAbort, which meant the server kept the
	stream resources open

	* tools/console.c: Abort stream when exiting

2011-08-17  Stefan Berger  <stefanb@us.ibm.com>

	maint: fix some compilation issues on non-linux platforms (part 2)
	Get rid of the #if __linux__ check in virPidFileReadPathIfAlive that
	was preventing a check of a symbolic link in /proc/<pid>/exe on
	non-linux platforms against an expected executable. Replace
	this with a run-time check testing whether the /proc/<pid>/exe is a
	symbolic link and if so call the function doing the comparison
	against the expected file the link is supposed to point to.

	maint: fix some compilation issues on non-linux platforms
	This patch fixes *some* compilation issues on non-Linux platforms (cygwin).

2011-08-17  Peter Krempa  <pkrempa@redhat.com>

	daemon: Add early libvirtd start verbose errors.
	Early errors during start of libvirtd didn't have
	an error reporting mechanism and caused libvirtd
	to exit silently (only the return value indicated
	an error).

	Libvirt logging is initialized very early using
	enviroment variables and the internal error reporting
	API is used to report early errors.

	 v2 changes:
	 - print errors unconditionaly before logging starts
	 - fix message to US spelling
	 v2.5 changes:
	 - initialize logging from enviroment
	 - log all early errors using VIR_ERROR
	 v3 changes:
	 - move virSetLogFromEnv() after virInitialize()

	fixes: https://bugzilla.redhat.com/show_bug.cgi?id=728654

2011-08-17  Stefan Berger  <stefanb@us.ibm.com>

	maint: add missing symbols
	Add missing symbols to libvirt_private.syms.

2011-08-16  Roopa Prabhu  <roprabhu@cisco.com>

	macvtap: Fix getPhysfn to get the PF of a direct attach network interface
	This patch renames getPhysfn to getPhysfnDev and adds code to get the
	Physical function and Virtual Function index of the direct attach linkdev (if
	the direct attach interface is a SRIOV VF). The idea is to send the port
	profile message to a PF if the direct attach interface is a SRIOV VF.

	interface: Add functions to get sriov PF/VF relationship of a net interface
	This patch adds the following functions to get PF/VF relationship of an SRIOV
	network interface:
	ifaceIsVirtualFunction: Function to check if a network interface is a SRIOV VF
	ifaceGetVirtualFunctionIndex: Function to get VF index if a network interface is a SRIOV VF
	ifaceGetPhysicalFunction: Function to get the PF net interface name of a SRIOV VF net interface

	pci: Add helper functions for sriov devices
	This patch adds the following helper functions:
	pciDeviceIsVirtualFunction: Function to check if a pci device is a sriov VF
	pciGetVirtualFunctionIndex: Function to get the VF index of a sriov VF
	pciDeviceNetName: Function to get the network device name of a pci device
	pciConfigAddressCompare: Function to compare pci config addresses

	pci: Move some pci sriov helper code out of node device driver to util/pci
	This patch moves some of the sriov related pci code from node_device driver
	to src/util/pci.[ch]. Some functions had to go thru name and argument list
	change to accommodate the move.

2011-08-16  Eric Blake  <eblake@redhat.com>

	maint: ignore generated file
	* .gitignore: Ignore qemu-sanlock.conf.

2011-08-15  Laine Stump  <laine@laine.org>

	qemu: support event_idx parameter for virtio disk and net devices
	In some versions of qemu, both virtio-blk-pci and virtio-net-pci
	devices can have an event_idx setting that determines some details of
	event processing. When it is enabled, it "reduces the number of
	interrupts and exits for the guest". qemu will automatically enable
	this feature when it is available, but there may be cases where this
	new feature could actually make performance worse (NB: no such case
	has been found so far).

	As a safety switch in case such a situation is encountered in the
	field, this patch adds a new attribute "event_idx" to the <driver>
	element of both disk and interface devices. event_idx can be set to
	"on" (to force event_idx on in case qemu has it disabled by default)
	or "off" (for force event_idx off). In the case that event_idx support
	isn't present in qemu, the attribute is ignored (this on the advice of
	the qemu developer).

	docs/formatdomain.html.in: document the new flag (marking it as
	   "don't mess with this!"
	docs/schemas/domain.rng: add event_idx in appropriate places
	src/conf/domain_conf.[ch]: add event_idx to parser and formatter
	src/libvirt_private.syms: export
	   virDomainVirtioEventIdx(From|To)String
	src/qemu/qemu_capabilities.[ch]: detect and report event_idx in
	   disk/net
	src/qemu/qemu_command.c: add event_idx parameter to qemu commandline
	    when appropriate.
	tests/qemuxml2argvdata/qemuxml2argv-event_idx.args,
	tests/qemuxml2argvdata/qemuxml2argv-event_idx.xml,
	tests/qemuxml2argvtest.c,
	tests/qemuxml2xmltest.c: test cases for event_idx.

2011-08-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: error message should show uri instead of (null)
	Fix pointer for error message uri if domain migration fails.

	BZ# 730244

2011-08-15  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Use fd: protocol for migration
	By opening a connection to remote qemu process ourselves and passing the
	socket to qemu we get much better errors than just "migration failed"
	when the connection is opened by qemu.

	qemu: Use virNetSocket for tunneled migration

	qemu: Refactor do{Tunnel,Native}Migrate functions
	The core of these two functions is very similar and most of it is even
	exactly the same. Factor out the core functionality into a separate
	function to remove code duplication and make further changes easier.

	Support changing UNIX socket owner in virNetSocketNewListenUNIX
	This patch allows owner's UID to be changed as well.

	Add backlog parameter to virNetSocketListen
	So that callers can change the default value.

2011-08-15  Daniel P. Berrange  <berrange@redhat.com>

	Add API for duplicating a socket/client file descriptor
	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add
	  virNetSocketDupFD()
	* src/rpc/virnetclient.c, src/rpc/virnetclient.h: Add
	  virNetClientDupFD() and virNetClientGetFD()

2011-08-15  Douglas Schilling Landgraf  <dougsland@redhat.com>

	libvirtd.init.in: stop/restart() - wrong return value in case of failure
	The function stop() was always returning 0 (OK) from killproc() even
	in case of error.

2011-08-15  Osier Yang  <jyang@redhat.com>

	daemon: Fix regression of libvirtd reloading support
	This is introduced by commit df0b57a95a, which forgot to
	add signal handler for SIGHUP.

	A simple reproduce method:

	1) Create a domain XML under /etc/libvirt/qemu
	2) % kill -SIGHUP $(pidof libvirtd)
	3) % virsh list --all (the new created domain XML is not listed)

2011-08-13  Eric Blake  <eblake@redhat.com>

	maint: let emacs avoid tabs in rng files
	* .dir-locals.el: Add nxml-mode preferences.

2011-08-13  Philipp Hahn  <hahn@univention.de>

	Swap virDomain / virFomainSnapshot declaration
	In preparation for storing the domain description with the snapshot,
	swap the order of declaration.

2011-08-13  Eric Blake  <eblake@redhat.com>

	build: fix recent build failures
	With gcc 4.5.1:

	util/virpidfile.c: In function 'virPidFileAcquirePath':
	util/virpidfile.c:308:66: error: nested extern declaration of '_gl_verify_function2' [-Wnested-externs]

	Then in tests/commandtest.c, the new virPidFile APIs need to be used.

	* src/util/virpidfile.c (virPidFileAcquirePath): Move verify to
	top level.
	* tests/commandtest.c: Use new pid APIs.

2011-08-13  Daniel P. Berrange  <berrange@redhat.com>

	Convert libvirtd to use crash-safe pidfile APIs
	Remove the current libvirtd pidfile handling code, in favour of
	calling out to the new APIs. This ensures libvirtd's pidfile
	handling is crashsafe

	This also means that the non-root libvirtd instances (for handling
	qemu:///session URIs) can now safely use pidfiles without racing

	* daemon/libvirtd.c: Switch to use virPidFileAcquire and
	  virPidFileRelease

	Add some APIs which use locking for crashsafe pidfile handling
	In daemons using pidfiles to protect against concurrent
	execution there is a possibility that a crash may leave a stale
	pidfile on disk, which then prevents later restart of the daemon.

	To avoid this problem, introduce a pair of APIs which make
	use of virFileLock to ensure crash-safe & race condition-safe
	pidfile acquisition & releae

	* src/libvirt_private.syms, src/util/virpidfile.c,
	  src/util/virpidfile.h: Add virPidFileAcquire and virPidFileRelease

	Introduce functions for checking whether a pidfile is valid
	In some cases the caller of virPidFileRead might like extra checks
	to determine whether the pid just read is really the one they are
	expecting. This adds virPidFileReadIfAlive which will check whether
	the pid is still alive with kill(0, -1), and (on linux only) will
	look at /proc/$PID/path

	* libvirt_private.syms, util/virpidfile.c, util/virpidfile.h: Add
	  virPidFileReadIfValid and virPidFileReadPathIfValid
	* network/bridge_driver.c: Use new APIs to check PID validity

	Move pidfile functions into util/virpidfile.{c,h}
	The functions for manipulating pidfiles are in util/util.{c,h}.
	We will shortly be adding some further pidfile related functions.
	To avoid further growing util.c, this moves the pidfile related
	functions into a dedicated virpidfile.{c,h}. The functions are
	also all renamed to have 'virPidFile' as their name prefix

	* util/util.h, util/util.c: Remove all pidfile code
	* util/virpidfile.c, util/virpidfile.h: Add new APIs for pidfile
	  handling.
	* lxc/lxc_controller.c, lxc/lxc_driver.c, network/bridge_driver.c,
	  qemu/qemu_process.c: Add virpidfile.h include and adapt for API
	  renames

	Add virFileLock and virFileUnlock APIs
	Add some simple wrappers around the fcntl() discretionary file
	locking capability.

	* src/util/util.c, src/util/util.h, src/libvirt_private.syms: Add
	  virFileLock and virFileUnlock APIs

2011-08-13  Eric Blake  <eblake@redhat.com>

	virsh: fix dead store
	Two copy-and-paste bugs in a row.  :(

	* tools/virsh.c (cmdUndefine): Also avoid dead store.

	virsh: fix logic bug
	Bug introduced in commit 9a0ec36.

	* tools/virsh.c (cmdUndefine): Add missing line.

2011-08-12  Eric Blake  <eblake@redhat.com>

	vbox, xenapi: add virDomainUndefineFlags
	We forgot to add virDomainUndefineFlags for a couple of hypervisors.
	This wires up trivial versions (since neither hypervisor supports
	managed save yet, they do not need to support any flags).

	* src/vbox/vbox_tmpl.c (vboxDomainCreateXML): Update caller.
	(vboxDomainUndefine): Move guts...
	(vboxDomainUndefineFlags): ...to new function.
	* src/xenapi/xenapi_driver.c (xenapiDomainUndefine)
	(xenapiDomainUndefineFlags): Likewise.

	virsh: don't reject undefine on active domain
	The public API documents that undefine may be used to transition a
	running persistent domain into a transient one.  Many drivers still
	do not support this usage, but virsh shouldn't be getting in the
	way of those that do support it.

	This also drops a redundant conditional; vshCommandOptString
	guaranteed that name was non-NULL.

	* tools/virsh.c (cmdUndefine): Allow undefine on active domains;
	the drivers may still reject it, but it is a valid API usage.
	* tests/undefine (error): Fix the test to match.

2011-08-12  Philipp Hahn  <hahn@univention.de>

	Improve tokenizing of linkable terms
	Currently only tabs and blanks are used for tokenizing the description,
	which breaks when a term is at the end of a line or has () appended to
	it.
	1. Use also other white space characters such as new-lines and carriage
	   return for splitting.
	2. Remove some common non-word characters from the token before lookup.

2011-08-12  Daniel P. Berrange  <berrange@redhat.com>

	Add some docs about the RPC protocol and APIs
	* remote.html.in: Remove obsolete notes about internals of the
	  RPC protocol
	* internals/rpc.html.in: Extensive docs on RPC protocol/API
	* sitemap.html.in: Add new page

2011-08-12  Philipp Hahn  <hahn@univention.de>

	Align table cells on top
	When the description of an entry is too long and needs multiple lines,
	all other table cells of the same row are currently vertically aligned
	on center. Without row borders or different background colors for
	alternating rows this is hard to read.

	Change the style-sheet to align the table cells of a row on top.

2011-08-12  Peter Krempa  <pkrempa@redhat.com>

	virsh: Add dir type for listing volumes with vol-list
	Fix of output of detailed volume list. BZ #727088

	storage: Directory shouldn't be listed as type 'file'
	Fix internals of libvirt for new storage volume type.
	Libvirt reported an invalid type of the volume.

	BZ #727088

2011-08-12  Eric Blake  <eblake@redhat.com>

	virsh: add snapshot-parent
	Down the road, I want to add virDomainSnapshotGetParent, and use
	the new API rather than xml scraping; but this virsh command can
	be implemented even without the new API.

	* tools/virsh.c (cmdSnapshotParent): New command.
	* tools/virsh.pod (snapshot-parent): Document it.

	qemu: silence clang false positive
	Our logic throws off analyzer tools:

	ptr var = NULL;
	if (flags == 0) flags = live ? _LIVE : _CONFIG;
	if (flags & _LIVE) do stuff
	if (flags & _CONFIG) var = non-null;
	if (flags & _LIVE) do more stuff
	else if (flags & _CONFIG) use var

	the tools keep thinking that var can still be NULL in the last
	if clause, adding the hint shuts them up.

	* src/qemu/qemu_driver.c (qemuDomainSetBlkioParameters): Add a
	static analysis hint.

2011-08-12  Laine Stump  <laine@laine.org>

	network: eliminate potential memory leak on parse failure
	While the first encountered dns host record is being parsed, it's
	possible for virNetworkDef::hosts to point to memory that has been
	allocated, but virNetworkDef::nhosts to still be 0. If there is a
	failure during that time, virNetworkDef::hosts will be leaked.

	Although this isn't currently the case for virNetworkDef::txtrecords,
	it could become that way through future re-factoring, and it hurts
	nothing to restructure the freeing of txtrecord data to match that of
	hosts data.

2011-08-11  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: tolerate disappearing interfaces while instantiating filter
	When instantiating a filter, a VM may disappear and remove its tap interfaces. Tolerate this case and don't report an error.

2011-08-11  Cole Robinson  <crobinso@redhat.com>

	qemu: Fix -chardev udp if parameters are omitted
	The following XML:

	    <serial type='udp'>
	      <source mode='connect' service='9999'/>
	    </serial>

	is accepted by domain_conf.c but maps to the qemu command line:

	-chardev udp,host=127.0.0.1,port=2222,localaddr=(null),localport=(null)

	qemu can cope with everything omitting except the connection port, which
	seems to also be the intent of domain_conf validation, so let's not
	generate bogus command lines for that case.
	The defaults are empty strings for addresses and 0 for the localport

	Additionally, tweak the qemu cli parsing to handle omitted host
	parameters
	for -serial udp

2011-08-11  Laine Stump  <laine@laine.org>

	docs: use IPv6 addresses in range reserved for documentation
	Someone in an IRC channel or an email pointed out a few days ago that
	the examples of IPv6 addresses in the libvirt documentation were not
	in the officially reserved "documentation" range. This addresses their
	concern.

2011-08-11  Eric Blake  <eblake@redhat.com>

	virsh: add virsh snapshot-current --name
	Sometimes, full XML is too much; since most snapshot commands
	operate on a snapshot name, there should be an easy way to get
	at the current snapshot's name.  For example:

	virsh snapshot-revert dom `virsh snapshot-current dom --name`

	* tools/virsh.c (cmdSnapshotCurrent): Add an option.
	* tools/virsh.pod (snapshot-current): Document it.

	virsh: fix snapshot-create-as to handle arbitrary names
	Found this working on the next patch to use xpath to parse
	arbitrary names back out.

	* tools/virsh.c (cmdSnapshotCreateAs): Escape user input.

	managedsave: prohibit use on transient domains
	Transient domains reject attempts to set autostart, and using
	virDomainCreate to restart a domain only works on persistent
	domains.  Therefore, managed save makes no sense on transient
	domains, and should be rejected up front rather than creating
	an otherwise unrecoverable managed save file.

	Besides, transient domains imply that a lot more management is
	being done by the upper layer; this includes the assumption
	that the upper layer is okay managing the saved state file
	created by virDomainSave, and does not need to use managed save.

	* src/libvirt.c: Document that transient domains are incompatible
	with managed save.
	* src/qemu/qemu_driver.c (qemuDomainManagedSave): Enforce it.
	* src/libxl/libxl_driver.c (libxlDomainManagedSave): Likewise.

2011-08-11  Laine Stump  <laine@laine.org>

	docs: describe new virtual switch configuration in network XML docs
	This should have been done with the rest of the patch for virtual
	switch / network device abstraction. If documents the new elements
	(and new usage of existing elements) in the <network> XML to support
	libvirt networks that use existing host bridges and macvtap direct
	connections, as well as the new <portgroup> element.

2011-08-10  Juerg Haefliger  <juerg.haefliger@hp.com>

	Bugfix: Check stdoutWatch before removing the handler.

2011-08-10  Eric Blake  <eblake@redhat.com>

	qemu: minor formatting cleanup
	I noticed some inconsistent use of 'else'.

	* src/qemu/qemu_driver.c (qemuCPUCompare)
	(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot)
	(qemuDomainSnapshotDiscard): Match coding conventions.

2011-08-10  Philipp Hahn  <hahn@univention.de>

	Fix memory leak while scanning snapshots
	If a snapshot with the name already exists, virDomainSnapshotAssignDef()
	just returns NULL, in which case the snapshot definition is leaked.
	Currently this leak is not a big problem, since qemuDomainSnapshotLoad()
	is only called once during initial startup of libvirtd.

2011-08-08  Eric Blake  <eblake@redhat.com>

	build: fix regression in large file support
	* .gnulib: Update to latest, for largefile fix.

2011-08-08  Daniel P. Berrange  <berrange@redhat.com>

	Allow use of file images for LXC container filesystems
	A previous commit gave the LXC driver the ability to mount
	block devices for the container filesystem. Through use of
	the loopback device functionality, we can build on this to
	support use of plain file images for LXC filesytems.

	By setting the LO_FLAGS_AUTOCLEAR flag we can ensure that
	the loop device automatically disappears when the container
	dies / shuts down

	* src/lxc/lxc_container.c: Raise error if we see a file
	  based filesystem, since it should have been turned into
	  a loopback device already
	* src/lxc/lxc_controller.c: Rewrite any filesystems of
	  type=file, into type=block, by binding the file image
	  to a free loop device

	Fix typo in LXC cgroups setup error message
	* src/lxc/lxc_controller.c: s/PYT/PTY/

	Allow use of block devices for guest filesystem
	Currently the LXC driver can only populate filesystems from
	host filesystems, using bind mounts. This patch allows host
	block devices to be mounted. It autodetects the filesystem
	format at mount time, and adds the block device to the cgroups
	ACL. Example usage is

	    <filesystem type='block' accessmode='passthrough'>
	      <source dev='/dev/sda1'/>
	      <target dir='/home'/>
	    </filesystem>

	* src/lxc/lxc_container.c: Mount block device filesystems
	* src/lxc/lxc_controller.c: Add block device filesystems
	  to cgroups ACL

	Don't mount /dev for application containers
	An application container shouldn't get a private /dev. Fix
	the regression from 6d37888e6a35a37e6faf7c0a1b1b4d9a5dee1285

	* src/lxc/lxc_container.c: Don't mount /dev for app containers

2011-08-06  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid overwriting errors from virGetHostname

2011-08-05  Eric Blake  <eblake@redhat.com>

	qemu: avoid crash on process attach
	Detected by ccc-analyzer, reported by Alex Jia.

	qemuProcessStart always calls qemuProcessWaitForMonitor with a
	non-negative position, but qemuProcessAttach always calls with -1.
	In the latter case, there is no log file we can scrape, so we
	also should not be trying to scrape the logs if the qemu process
	died at the very end.

	* src/qemu/qemu_process.c (qemuProcessWaitForMonitor): Don't try
	to read from log in qemuProcessAttach case.

2011-08-05  Laine Stump  <laine@laine.org>

	network: eliminate lag in updating dnsmasq hosts files
	This addresses https://bugzilla.redhat.com/show_bug.cgi?id=713728

	When "defining" a new network (or one that exists but isn't currently
	active) the new definition is stored in network->def, but for a
	network that already exists and is active, the new definition is
	stored in network->newDef, and then moved over to network->def as soon
	as the network is destroyed.

	However, the code that writes the dhcp and dns hosts files used by
	dnsmasq was always using network->def for its information, even when
	the new data was actually in network->newDef, so the hosts files
	always lagged one edit behind the definition.

	This patch changes the code to keep the pointer to the new definition
	after it's been assigned into the network, and use it directly
	(regardless of whether it's stored in network->newDef or network->def)
	to construct the hosts files.

2011-08-04  Alex Jia  <ajia@redhat.com>

	qemu: avoid dead store in qemuMonitorTextBlockJob
	Value stored to 'ret' is never read, so remove this dead assignment.

	* src/qemu/qemu_monitor_text.c: kill dead assignment.

	qemu: avoid dead store in qemuProcessStart
	Value stored to 'ret' is never read, in fact, 'cleanup' section will
	directly return -1 when function is fail, so remove this dead assignment.

	* src/qemu/qemu_process.c: kill dead assignment.

2011-08-04  Guannan Ren  <gren@redhat.com>

	rpc:fix sasl session relocking intead of unlocking it
	When trying to use any SASL authentication for TCP sockets by
	setting auth_tls = "sasl" in libvirtd.conf on server side, the
	client will hang because of the sasl session relocking other than
	dropping the lock when exiting virNetSASLSessionExtKeySize()
	* src/rpc/virnetsaslcontext.c: virNetSASLSessionExtKeySize drop the
	  lock on exit

2011-08-04  Osier Yang  <jyang@redhat.com>

	daemon: Unlink unix socket paths on shutdown
	This patch introduces a internal RPC API "virNetServerClose", which
	is standalone with "virNetServerFree".  it closes all the socket fds,
	and unlinks the unix socket paths, regardless of whether the socket
	is still referenced or not.

	This is to address regression bug:
	https://bugzilla.redhat.com/show_bug.cgi?id=725702

2011-08-04  Eric Blake  <eblake@redhat.com>

	build: update to latest gnulib
	I noticed that with 0.9.4, gnulib ended up replacing pthread_sigmask
	on glibc, even though glibc's works perfectly fine.  It turns out
	to have been an upstream gnulib bug.

	* .gnulib: Update to latest, for pthread_sigmask fix.

2011-08-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix detection of GnuTLS 1.x.y
	Detection based on gnutls_session doesn't work because GnuTLS 2.x.y
	comes with a compat.h that defines gnutls_session to gnutls_session_t.

	Instead detect this based on LIBGNUTLS_VERSION_MAJOR. Move this from
	configure/config.h to gnutls_1_0_compat.h and make sure that all users
	include gnutls_1_0_compat.h properly.

	Also fix header guard in gnutls_1_0_compat.h.

2011-08-03  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.4
	* configure.ac docs/news.html.in libvirt.spec.in: updates for new
	  release
	* po/*.po*: pulled translations from the transifex teams and regenerated
	  localizations

2011-08-03  Eric Blake  <eblake@redhat.com>

	qemu: silence coverity false positives
	Coverity gets confused by our logic.  Add some hints to silence
	false positives.

	* src/qemu/qemu_driver.c (qemudDomainGetVcpuPinInfo): Add hint.
	(qemuDomainGetMemoryParameters): Likewise.

	util: plug memory leak
	Leak detected by Coverity; only possible on unlikely ptsname_r
	failure.  Additionally, the man page for ptsname_r states that
	failure is merely non-zero, not necessarily -1.

	* src/util/util.c (virFileOpenTtyAt): Avoid leak on ptsname_r
	failure.

	interface: drop dead code
	Coverity detected that ifaceGetNthParent had already dereferenced
	'nth' prior to the conditional; all callers already complied with
	passing a non-NULL pointer so make this part of the contract.

	* src/util/interface.h (ifaceGetNthParent): Add annotations.
	* src/util/interface.c (ifaceGetNthParent): Drop useless null check.

	rpc: silence coverity false positives
	In virNetServerNew, Coverity didn't realize that srv->mdsnGroupName
	can only be non-NULL if mdsnGroupName was non-NULL.

	In virNetServerRun, Coverity didn't realize that the array is non-NULL
	if the array count is non-zero.

	* src/rpc/virnetserver.c (virNetServerNew): Use alternate pointer.
	(virNetServerRun): Give coverity a hint.

	rpc: avoid null deref
	Detected by Coverity.

	* src/rpc/virnetserverclient.c (virNetServerClientDispatchRead):
	Avoid null deref on OOM.

	build: silence coverity false positives
	Coverity complained that 395 out of 409 virAsprintf calls are
	checked, and therefore assumed that the remaining cases are bugs
	waiting to happen.  But in each of these cases, a failed virAsprintf
	will properly set the target string to NULL, and pass on that
	failure to the caller, without wasting efforts to check the call.
	Adding the ignore_value silences Coverity.

	* src/conf/domain_audit.c (virDomainAuditGetRdev): Ignore
	virAsprintf return value, when it behaves like we need.
	* src/network/bridge_driver.c (networkDnsmasqLeaseFileNameDefault)
	(networkRadvdConfigFileName, networkBridgeDummyNicName)
	(networkRadvdPidfileBasename): Likewise.
	* src/util/storage_file.c (absolutePathFromBaseFile): Likewise.
	* src/openvz/openvz_driver.c (openvzGenerateContainerVethName):
	Likewise.
	* src/util/command.c (virCommandTranslateStatus): Likewise.

	qemu: avoid memory leaks
	Quite a few leaks detected by coverity.  For chr, the leaks were
	close enough to the allocations to plug in place; for disk, the
	leaks were separated from the allocation by enough other lines with
	intermediate failure cases that I refactored the cleanup instead.

	* src/qemu/qemu_command.c (qemuParseCommandLine): Plug leaks.

	qemu: plug child process leak on domain core dump
	Detected by Coverity.  Leak introduced by typo in commit 58e668d2.

	* src/qemu/qemu_driver.c (doCoreDump): Use correct function.

	qemu: remove dead code
	Warning detected by Coverity.  No need for the NULL check, and
	removing it silences the warning without any semantic change.

	* src/qemu/qemu_migration.c (qemuMigrationFinish): All entries to
	endjob had non-NULL vm.

	conf: avoid memory leak on disk operations
	Detected by Coverity.  Leak on meta introduced in commit 85aa40e.

	* src/conf/domain_conf.c (virDomainDiskDefForeachPath): Plug leak.

	rpc: avoid crash on error
	Detected by Coverity.  Freeing the wrong variable results in both
	a memory leak and the likelihood of the caller dereferencing through
	a freed pointer.

	* src/rpc/virnettlscontext.c (virNetTLSSessionNew): Free correct
	variable.

	qemu: avoid null deref on block pull error
	Coverity detected that 5 of 6 callers of virJSONValueArrayGet checked
	for a NULL return; and that by not checking we risk a null deref
	during an error.  The error is unlikely since the prior call to
	virJSONValueArraySize would probably have already caught any botched
	JSON array parse, but better safe than sorry.

	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBlockJobInfo):
	Check for NULL.
	(qemuMonitorJSONExtractPtyPaths): Fix typo.

	rpc: correctly process sasl whitelist globs
	Detected by Coverity.  We want to compare the result of fnmatch 'rv',
	not our pre-set return value 'ret'.

	* src/rpc/virnetsaslcontext.c (virNetSASLContextCheckIdentity):
	Check correct variable.

	build: allow caching the input to STATIC_ANALYSIS
	Right now, every re-run of configure re-evaluates whether a
	static analysis tool is in use.  But if you run configure under
	coverity, make a tweak, and then do an incremental rebuild with
	gcc but not coverity to test the tweak, then rerun a build under
	coverity, then configure does not get rerun, and static analysis
	ends up with lots of false positives.

	This patch caches the static analysis result, and also makes it
	easier to force static analysis even if the existing checks are
	insufficient to detect newer versions of the static analyzer tools.

	* configure.ac (lv_cv_static_analysis): New cache variable.

	fdstream: drop delete argument
	Revert 6a1f5f568f8.  Now that libvirt_iohelper takes fds by
	inheritance rather than by open() (commit 1eb66479), there is
	no longer a race where the parent can unlink() a file prior to
	the iohelper open()ing the same file.  From there, it makes
	more sense to have the callers both create and unlink, rather
	than the caller create and the stream unlink, since the latter
	was only needed when iohelper had to do the unlink.

	* src/fdstream.h (virFDStreamOpenFile, virFDStreamCreateFile):
	Callers are responsible for deletion.
	* src/fdstream.c (virFDStreamOpenFileInternal): Don't leak created
	file on failure.
	(virFDStreamOpenFile, virFDStreamCreateFile): Drop parameter.
	* src/lxc/lxc_driver.c (lxcDomainOpenConsole): Update callers.
	* src/qemu/qemu_driver.c (qemuDomainScreenshot)
	(qemuDomainOpenConsole): Likewise.
	* src/storage/storage_driver.c (storageVolumeDownload)
	(storageVolumeUpload): Likewise.
	* src/uml/uml_driver.c (umlDomainOpenConsole): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainScreenshot): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainOpenConsole): Likewise.

	screenshot: don't unlink bogus file
	The previous qemu patch could end up calling unlink(tmp) before
	tmp was the name of a valid file (unlinking a fileXXXXXX template
	instead), or calling unlink(tmp) twice on success (once here,
	and once at the end of the stream).  Meanwhile, vbox also suffered
	from the same leaked tmp file bug.

	* src/qemu/qemu_driver.c (qemuDomainScreenshot): Don't unlink on
	success, or on invalid name.
	* src/vbox/vbox_tmpl.c (vboxDomainScreenshot): Don't leak temp file.

	python: avoid unlikely sign extension bug
	Detected by Coverity; same analysis as for commit f73198df.

	* python/libvirt-override.c (libvirt_virDomainGetVcpuPinInfo): Use
	correct type.

	rpc: avoid uninitialized memory use
	Spotted by Coverity.  Gnutls documents that buffer must be NULL
	if gnutls_x509_crt_get_key_purpose_oid is to be used to determine
	the correct size needed for allocating a buffer.

	* src/rpc/virnettlscontext.c
	(virNetTLSContextCheckCertKeyPurpose): Initialize buffer.

	rpc: avoid double close on error
	Spotted by coverity.  If pipe2 fails, then we attempt to close
	uninitialized fds, which may result in a double-close.

	* src/rpc/virnetserver.c (virNetServerSignalSetup): Initialize fds.

2011-08-03  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Unlink temporary file on failure
	Although virFDStreamOpenFile will unlink it once opened, when we hit
	error path, we must unlink it by hand.

2011-08-03  Eric Blake  <eblake@redhat.com>

	doc: fix confusing statement about required privileges
	src/libvirt.c: "may requires" is confusing; the s was extra.

2011-08-02  Eric Blake  <eblake@redhat.com>

	rpc: avoid libvirtd crash on unexpected client close
	Steps to reproduce this problem (vm1 is not running):
	for i in `seq 50`; do virsh managedsave vm1& done; killall virsh

	Pre-patch, virNetServerClientClose could end up setting client->sock
	to NULL prior to other cleanup functions trying to use client->sock.
	This fixes things by checking for NULL in more places, and by deferring
	the cleanup until after all queued messages have been served.

	* src/rpc/virnetserverclient.c (virNetServerClientRegisterEvent)
	(virNetServerClientGetFD, virNetServerClientIsSecure)
	(virNetServerClientLocalAddrString)
	(virNetServerClientRemoteAddrString): Check for closed socket.
	(virNetServerClientClose): Rearrange close sequence.
	Analysis from Wen Congyang.

2011-08-02  Alex Jia  <ajia@redhat.com>

	virsh: fix memory leak in cmdNetworkInfo
	* tools/virsh.c: avoid memory leak in cmdNetworkInfo.

	* how to reproduce?
	  % valgrind -v --leak-check=yes virsh net-info default

	  https://bugzilla.redhat.com/show_bug.cgi?id=722806

	doc: fix incorrect option in blockjob
	* tools/virsh.pod: change 'live' to 'abort' based on actual option

2011-08-02  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	openvz: detect when a domain was shut down from the inside
	This patch adds an internal function openvzGetVEStatus to
	get the real state of the domain. This function is used in
	various places in the driver, in particular to detect when
	the domain has been shut down by the user with the "halt"
	command.

2011-08-01  Eric Blake  <eblake@redhat.com>

	qemu: fix crash when mixing sync and async monitor jobs
	Currently, we attempt to run sync job and async job at the same time. It
	means that the monitor commands for two jobs can be run in any order.

	In the function qemuDomainObjEnterMonitorInternal():
	    if (priv->job.active == QEMU_JOB_NONE && priv->job.asyncJob) {
	        if (qemuDomainObjBeginNestedJob(driver, obj) < 0)
	We check whether the caller is an async job by priv->job.active and
	priv->job.asynJob. But when an async job is running, and a sync job is
	also running at the time of the check, then priv->job.active is not
	QEMU_JOB_NONE. So we cannot check whether the caller is an async job
	in the function qemuDomainObjEnterMonitorInternal(), and must instead
	put the burden on the caller to tell us when an async command wants
	to do a nested job.

	Once the burden is on the caller, then only async monitor enters need
	to worry about whether the VM is still running; for sync monitor enter,
	the internal return is always 0, so lots of ignore_value can be dropped.

	* src/qemu/THREADS.txt: Reflect new rules.
	* src/qemu/qemu_domain.h (qemuDomainObjEnterMonitorAsync): New
	prototype.
	* src/qemu/qemu_process.h (qemuProcessStartCPUs)
	(qemuProcessStopCPUs): Add parameter.
	* src/qemu/qemu_migration.h (qemuMigrationToFile): Likewise.
	(qemuMigrationWaitForCompletion): Make static.
	* src/qemu/qemu_domain.c (qemuDomainObjEnterMonitorInternal): Add
	parameter.
	(qemuDomainObjEnterMonitorAsync): New function.
	(qemuDomainObjEnterMonitor, qemuDomainObjEnterMonitorWithDriver):
	Update callers.
	* src/qemu/qemu_driver.c (qemuDomainSaveInternal)
	(qemudDomainCoreDump, doCoreDump, processWatchdogEvent)
	(qemudDomainSuspend, qemudDomainResume, qemuDomainSaveImageStartVM)
	(qemuDomainSnapshotCreateActive, qemuDomainRevertToSnapshot):
	Likewise.
	* src/qemu/qemu_process.c (qemuProcessStopCPUs)
	(qemuProcessFakeReboot, qemuProcessRecoverMigration)
	(qemuProcessRecoverJob, qemuProcessStart): Likewise.
	* src/qemu/qemu_migration.c (qemuMigrationToFile)
	(qemuMigrationWaitForCompletion, qemuMigrationUpdateJobStatus)
	(qemuMigrationJobStart, qemuDomainMigrateGraphicsRelocate)
	(doNativeMigrate, doTunnelMigrate, qemuMigrationPerformJob)
	(qemuMigrationPerformPhase, qemuMigrationFinish)
	(qemuMigrationConfirm): Likewise.
	* src/qemu/qemu_hotplug.c: Drop unneeded ignore_value.

2011-08-01  Alex Jia  <ajia@redhat.com>

	qemu: fix return value issue
	whether or not previous return value is -1, the following codes will be
	executed for a inactive guest in src/qemu/qemu_driver.c:
	ret = virDomainSaveConfig(driver->configDir, persistentDef);
	and if everything is okay, 'ret' is assigned to 0, the previous 'ret'
	will be overwritten, this patch will fix this issue.

	* src/qemu/qemu_driver.c: avoid return value is overwritten when give a argument
	  in out of blkio weight range for a inactive guest.

	* how to reproduce?
	  % virsh blkiotune ${guestname} --weight 10
	  % echo $?

	  Note: guest must be inactive, argument 10 in out of blkio weight range,
	  and can get a error information by checking libvirtd.log, however,
	  virsh hasn't raised any error information, and return value is 0.

	  https://bugzilla.redhat.com/show_bug.cgi?id=726304

	qemu: fix return value issue in qemuDomainSetMemoryParameters
	whether or not previous return value is -1, the following codes will be
	executed for a inactive guest in qemuDomainSetMemoryParameters:
	ret = virDomainSaveConfig(driver->configDir, persistentDef);
	and if everything is okay, 'ret' is assigned to 0, the previous 'ret'
	will be overwritten, this patch will fix this issue.

	* src/qemu/qemu_driver.c: avoid return value is overwritten when set
	  min_guarante value to a inactive guest.

	* how to reproduce?
	  % virsh memtune ${guestname} --min_guarante 1024
	  % echo $?

	  Note: guest must be inactive, in fact, 'min_guarante' hasn't been implemented
	  in memory tunable, and I can get the error when check actual libvirtd.log,
	  however, virsh hasn't raised any error information, and return value is 0.

2011-08-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	virsh: Fix vol-name and vol-pool commands
	This commands don't have a --pool option, so don't tell
	vshCommandOptVolBy that there could be one. This made
	vshCommandOptString for pooloptname fail and an "missing option"
	error was reported.

	Make pooloptname optional for vshCommandOptVolBy.

2011-08-01  Guannan Ren  <gren@redhat.com>

	Correct the default value of lock_manager in qemu.conf
	* src/qemu/qemu.conf: switch back the comment for the default lock
	  manager to sanlock

2011-08-01  Osier Yang  <jyang@redhat.com>

	qemu: Fix a regression of domjobabort
	Introduced by f9a837da73a11ef, the condition is not changed after
	the else clause is removed. So now it quit with "domain is not
	running" when the domain is running. However, when the domain is
	not running, it reports "no job is active".

	How to reproduce:

	1)
	% virsh start $domain
	% virsh domjobabort $domain
	error: Requested operation is not valid: domain is not running

	2)
	% virsh destroy $domain
	% virsh domjobabort $domain
	error: Requested operation is not valid: no job is active on the domain

	3)
	% virsh save $domain /tmp/$domain.save

	Before above commands finished, try to abort job in another terminal

	% virsh domabortjob $domain
	error: Requested operation is not valid: domain is not running

2011-08-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	conf: Don't leak the virtual port profile in virNetworkDefFree
	Reported by Alex Jia.

2011-07-30  Eric Blake  <eblake@redhat.com>

	save: generate idempotent inactive xml for running domain
	Originally noticed by comparing the xml generated by virDomainSave
	with the xml produced by reparsing and redumping that xml, but I
	also did an audit of every last use of VIR_DOMAIN_XML_INACTIVE in
	domain_conf.c to ensure that no other discrepancies exist.

	* src/conf/domain_conf.c (virDomainDeviceInfoIsSet): Add
	parameter, and update all callers.  Make static.
	(virDomainNetDefFormat): Skip generated ifname.
	(virDomainDefFormatInternal): Skip default <seclabel>.
	(virDomainChrSourceDefParseXML): Skip generated pty path, and add
	parameter.  Update callers.
	* src/conf/domain_conf.h (virDomainDeviceInfoIsSet): Delete.
	* src/libvirt_private.syms (domain_conf.h): Update.

	conf: make 'vnet' prefix a macro
	Using a macro ensures that all the code is looking for the same
	prefix.

	* src/conf/domain_conf.h (VIR_NET_GENERATED_PREFIX): New macro.
	* src/conf/domain_conf.c (virDomainNetDefParseXML): Use it.
	* src/uml/uml_conf.c (umlConnectTapDevice): Likewise.
	* src/qemu/qemu_command.c (qemuNetworkIfaceConnect): Likewise.
	Suggested by Laine Stump.

2011-07-30  Laine Stump  <laine@laine.org>

	network: don't forward DNS requests from isolated networks
	This is in response to:

	  https://bugzilla.redhat.com/show_bug.cgi?id=723862

	which points out that a guest on an "isolated" network could
	potentially exploit the DNS forwarding provided by dnsmasq to create a
	communication channel to the outside.

	This patch eliminates that possibility by adding the "--no-resolv"
	argument to the dnsmasq commandline, which tells dnsmasq to not
	forward on any requests that it can't resolve itself (by looking at
	its own static hosts files and runtime list of dhcp clients), but to
	instead return a failure for those requests.

	This shouldn't cause any undesirable change from current
	behavior, even in the case where a guest is currently configured with
	multiple interfaces, one of them being connected to an isolated
	network, and another to a network that does have connectivity to the
	outside. If the isolated network's DNS server is queried for a name
	it doesn't know, it will return "Refused" rather than "Unknown", which
	indicates to the guest that it should query other servers, so it then
	queries the connected DNS server, and gets the desired response.

2011-07-30  Eric Blake  <eblake@redhat.com>

	build: fix include path for cygwin
	Without this, cygwin failed to compile:

	In file included from ../src/rpc/virnetmessage.h:24,
	                 from ../src/rpc/virnetclient.h:27,
	                 from remote/remote_driver.c:31:
	../src/rpc/virnetprotocol.h:9:21: error: rpc/rpc.h: No such file or directory

	With that fixed, compilation warned:

	rpc/virnetsocket.c: In function 'virNetSocketNewListenUNIX':
	rpc/virnetsocket.c:347: warning: format '%d' expects type 'int', but argument 8 has type 'gid_t' [-Wformat]
	rpc/virnetsocket.c: In function 'virNetSocketGetLocalIdentity':
	rpc/virnetsocket.c:743: warning: pointer targets in passing argument 5 of 'getsockopt' differ in signedness

	* src/Makefile.am (libvirt_driver_remote_la_CFLAGS)
	(libvirt_net_rpc_client_la_CFLAGS)
	(libvirt_net_rpc_server_la_CFLAGS): Include XDR_CFLAGS, for rpc
	headers on cygwin.
	* src/rpc/virnetsocket.c (virNetSocketNewListenUNIX)
	(virNetSocketGetLocalIdentity): Avoid compiler warnings.

	build: avoid non-portable shell in test setup
	POSIX states that 'a=1; a=2 b=$a command' has unspecified results
	for the value of $b visible within command.  In particular, on
	BSD, this resulted in PATH not picking up the in-test ssh.

	* tests/Makefile.am (lv_abs_top_builddir): New macro.
	(path_add, TESTS_ENVIRONMENT): Use it to avoid referring to an
	environment variable set previously within the same command line.
	Reported by Matthias Bolte.

2011-07-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Don't use bash if we don't have to
	This tested failed on FreeBSD because it was using bash, that might
	not be installed.

2011-07-29  Osier Yang  <jyang@redhat.com>

	utils: More useful error message for hook script failure
	Commit 3709a386 ported hooks codes to new command execution API,
	together with the useful error message removed. Though we can't
	get "errbuf" from the new command execution API anymore, still
	we can give a more useful error.

	https://bugzilla.redhat.com/show_bug.cgi?id=726398

2011-07-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	freebsd: Fix build problem due to picking up the wrong libvirt.h
	Gettext annoyingly modifies CPPFLAGS in-place, putting
	-I/usr/local/include into the search patch if libintl headers
	must be used from that location.  But since we must support
	automake 1.9.6 which lacks AM_CPPFLAGS, and since CPPFLAGS is used
	prior to INCLUDES, this means that the build picks up the _old_
	installed libvirt.h in priority to the in-tree version, leading
	to all sorts of weird build failures on FreeBSD.

	Fix this by teaching configure to undo gettext's actions, but
	to keep any changes required by gettext at the end of INCLUDES
	after all in-tree locations are used first.  Also requires
	adding a wrapper Makefile.am and making gnulib-tool create
	just gnulib.mk files during the bootstrap process.

	freebsd: Avoid /bin/true in commandtest
	Rely on PATH and use just true, because on FreeBSD it's /usr/bin/true.

	tests: Unify style of test skipping code
	Prefer 'return EXIT_AM_SKIP' over 'exit(EXIT_AM_SKIP)'.

	Prefer 'int main(void)' over 'int main(int argc, char **argv)'.

	Fix mymain signature in commandtest and nodeinfotest.

2011-07-29  Eric Blake  <eblake@redhat.com>

	save: let qemu driver manipulate save files
	The goal here is that save-image-dumpxml fed back to
	save-image-define should not change the save file; anywhere that
	this is not the case is probably a bug in domain_conf.c.

	* src/qemu/qemu_driver.c (qemuDomainSaveImageGetXMLDesc)
	(qemuDomainSaveImageDefineXML): New functions.
	(qemuDomainSaveImageOpen): Add parameter.
	(qemuDomainRestoreFlags, qemuDomainObjRestore): Adjust clients.

	save: support qemu modifying xml on domain save/restore
	With this, it is possible to update the path to a disk backing
	image on either the save or restore action, without having to
	binary edit the XML embedded in the state file.

	This also modifies virDomainSave to output a smaller xml (only
	the inactive xml, which is all the more virDomainRestore parses),
	while still guaranteeing padding for most typical abi-compatible
	xml replacements, necessary so that the next patch for
	virDomainSaveImageDefineXML will not cause unnecessary
	modifications to the save image file.

	* src/qemu/qemu_driver.c (qemuDomainSaveInternal): Add parameter,
	only use inactive state, and guarantee padding.
	(qemuDomainSaveImageOpen): Add parameter.
	(qemuDomainSaveFlags, qemuDomainManagedSave)
	(qemuDomainRestoreFlags, qemuDomainObjRestore): Update callers.

	maint: add missing copyright notices
	I went with the shorter license notice used by src/libvirt.c,
	rather than spelling out the full LGPLv2+ clause into each of
	these files.

	* configure.ac: Declare copyright.
	* all Makefile.am: Likewise.

	xen: drop unused callbacks
	Found by:

	for f in $(sed -n 's/.*Drv[^ ]* \([^;]*\);.*/\1/p' src/xen/xen_driver.h)
	do
	  git grep "\(\.\|->\)$f\b" src/xen
	done | cat

	and looking through the resulting list to see which callback struct
	members are still necessary.

	* src/xen/xen_driver.h (xenUnifiedDriver): Drop all callbacks that
	are only used directly.
	* src/xen/xen_hypervisor.c (xenHypervisorDriver): Shrink list.
	* src/xen/xen_inotify.c (xenInotifyDriver): Likewise.
	* src/xen/xend_internal.c (xenDaemonDriver): Likewise.
	* src/xen/xm_internal.c (xenXMDriver): Likewise.
	* src/xen/xs_internal.c (xenStoreDriver): Likewise.

	xen: make direct call when there is only one subdriver
	No need to use a for loop if we know there is exactly one client.
	Found by:

	for f in $(sed -n 's/.*Drv[^ ]* \([^;]*\);.*/\1/p' src/xen/xen_driver.h)
	do
	  git grep "\(\.\|->\)$f\b" src/xen
	done | cat

	and looking through the resulting list to see which callback struct
	members are used exactly once.  The next patch will ensure that we
	don't reintroduce uses of these callbacks.

	* src/xen/xen_driver.c (xenUnifiedClose): Call close
	unconditionally, to match xenUnifiedOpen.
	(xenUnifiedNodeGetInfo, xenUnifiedDomainCreateXML)
	(xenUnifiedDomainSave, xenUnifiedDomainRestore)
	(xenUnifiedDomainCoreDump, xenUnifiedDomainUpdateDeviceFlags):
	Make direct call to lone implementation.
	* src/xen/xend_internal.h (xenDaemonDomainCoreDump)
	(xenDaemonUpdateDeviceFlags, xenDaemonCreateXML): Add prototypes.
	* src/xen/xend_internal.c (xenDaemonDomainCoreDump)
	(xenDaemonUpdateDeviceFlags, xenDaemonCreateXML): Export.

	xen: reduce callback special cases
	The callback struct is great when iterating through several
	possibilities, but when calling a known callback, it's just
	overhead.  We can make the direct call in those cases.

	* src/xen/xen_driver.c (xenUnifiedOpen, xenUnifiedDomainSuspend)
	(xenUnifiedDomainResume, xenUnifiedDomainDestroyFlags): Make
	direct calls instead of going through callback.

	xen: cleanup callback struct
	Using C99 initializers and xen-specific prefixes will make it
	so that future patches are less likely to add callback members
	to the xenUnifiedDriver struct, since the goal is to get rid
	of the callback struct in the first place.

	* src/xen/xen_driver.h (xenUnifiedDriver): Rename all struct
	members, to make it obvious which ones are still in use.
	* src/xen/xen_driver.c: Update all callers.
	* src/xen/xen_hypervisor.c (xenHypervisorDriver): Rewrite with C99
	initializers.
	* src/xen/xend_internal.c (xenDaemonDriver): Likewise.
	* src/xen/xs_internal.c (xenStoreDriver): Likewise.
	* src/xen/xm_internal.c (xenXMDriver): Likewise.
	* src/xen/xen_inotify.c (xenInotifyDriver): Likewise.

2011-07-29  Laine Stump  <laine@laine.org>

	libxl: fix build failure due to change in virDomainGraphicsDef
	This failure was introduced by commit dacee3d, which removed
	listenAddr from the unions in virDomainGraphicsDef in favor of putting
	it in the address attribute of virDomainGraphicsListenDef.

	qemu: support type=network in domain graphics <listen>
	The domain XML now understands the <listen> subelement of its
	<graphics> element (including when listen type='network'), and the
	network driver has an internal API that will turn a network name into
	an IP address, so the final logical step is to put the glue into the
	qemu driver so that when it is starting up a domain, if it finds
	<listen type='network' network='xyz'/> in the XML, it will call the
	network driver to get an IPv4 address associated with network xyz, and
	tell qemu to listen for vnc (or spice) on that address rather than the
	default address (localhost).

	The motivation for this is that a large installation may want the
	guests' VNC servers listening on physical interfaces rather than
	localhost, so that users can connect directly from the outside; this
	requires sending qemu the appropriate IP address to listen on. But
	this address will of course be different for each host, and if a guest
	might be migrated around from one host to another, it's important that
	the guest's config not have any information embedded in it that is
	specific to one particular host. <listen type='network.../> can solve
	this problem in the following manner:

	  1) on each host, define a libvirt network of the same name,
	     associated with the interface on that host that should be used
	     for listening (for example, a simple macvtap network: <forward
	     mode='bridge' dev='eth0'/>, or host bridge network: <forward
	     mode='bridge'/> <bridge name='br0'/>

	  2) in the <graphics> element of each guest's domain xml, tell vnc to
	     listen on the network name used in step 1:

	     <graphics type='vnc' port='5922'>
	       <listen type='network'network='example-net'/>
	     </graphics>

	(all the above also applies for graphics type='spice').

	conf: add <listen> subelement to domain <graphics> element
	Once it's plugged in, the <listen> element will be an optional
	replacement for the "listen" attribute that graphics elements already
	have. If the <listen> element is type='address', it will have an
	attribute called 'address' which will contain an IP address or dns
	name that the guest's display server should listen on. If, however,
	type='network', the <listen> element should have an attribute called
	'network' that will be set to the name of a network configuration to
	get the IP address from.

	* docs/schemas/domain.rng: updated to allow the <listen> element

	* docs/formatdomain.html.in: document the <listen> element and its
	  attributes.

	* src/conf/domain_conf.[hc]:

	  1) The domain parser, formatter, and data structure are modified to
	     support 0 or more <listen> subelements to each <graphics>
	     element. The old style "legacy" listen attribute is also still
	     accepted, and will be stored internally just as if it were a
	     separate <listen> element. On output (i.e. format), the address
	     attribute of the first <listen> element of type 'address' will be
	     duplicated in the legacy "listen" attribute of the <graphic>
	     element.

	  2) The "listenAddr" attribute has been removed from the unions in
	     virDomainGRaphicsDef for graphics types vnc, rdp, and spice.
	     This attribute is now in the <listen> subelement (aka
	     virDomainGraphicsListenDef)

	  3) Helper functions were written to provide simple access
	     (both Get and Set) to the listen elements and their attributes.

	* src/libvirt_private.syms: export the listen helper functions

	* src/qemu/qemu_command.c, src/qemu/qemu_hotplug.c,
	  src/qemu/qemu_migration.c, src/vbox/vbox_tmpl.c,
	  src/vmx/vmx.c, src/xenxs/xen_sxpr.c, src/xenxs/xen_xm.c

	  Modify all these files to use the listen helper functions rather
	  than directly referencing the (now missing) listenAddr
	  attribute. There can be multiple <listen> elements to a single
	  <graphics>, but the drivers all currently only support one, so all
	  replacements of direct access with a helper function indicate index
	  "0".

	* tests/* - only 3 of these are new files added explicitly to test the
	  new <listen> element. All the others have been modified to reflect
	  the fact that any legacy "listen" attributes passed in to the domain
	  parse will be saved in a <listen> element (i.e. one of the
	  virDomainGraphicsListenDefs), and during the domain format function,
	  both the <listen> element as well as the legacy attributes will be
	  output.

2011-07-28  Alex Jia  <ajia@redhat.com>

	virsh: avoid missing zero value judgement in cmdBlkiotune
	* tools/virsh.c: fix missing zero value judgement in cmdBlkiotune and correct
	  vshError information.

	  when weight is equal to 0, the cmdBlkiotune will not raise any error information
	  when judge weight value first time, and execute else branch to judge weight
	  value again, strncpy(temp->field, VIR_DOMAIN_BLKIO_WEIGHT, sizeof(temp->field))
	  will be not executed for ever. However, if and only if param->field is equal
	  to VIR_DOMAIN_BLKIO_WEIGHT, underlying qemuDomainSetBlkioParameters function
	  will check whether weight value is in range [100, 1000].

	* how to reproduce?

	  % virsh blkiotune ${guestname} --weight 0

2011-07-28  Eric Blake  <eblake@redhat.com>

	build: avoid type-punning compiler warning
	On RHEL 5, with gcc 4.1.2:

	rpc/virnetsaslcontext.c: In function 'virNetSASLSessionUpdateBufSize':
	rpc/virnetsaslcontext.c:396: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]

	* src/rpc/virnetsaslcontext.c (virNetSASLSessionUpdateBufSize):
	Use a union to work around gcc warning.

	qemu: fix nested job with driver lock held
	qemuMigrationUpdateJobStatus (called in a loop by migration
	and save tasks) uses qemuDomainObjEnterMonitorWithDriver;
	however, that function ended up starting a nested job without
	releasing the driver.

	Since no one else is making nested calls, we can inline the
	internal functions to properly track driver_locked.

	* src/qemu/qemu_domain.h (qemuDomainObjBeginNestedJob)
	(qemuDomainObjBeginNestedJobWithDriver)
	(qemuDomainObjEndNestedJob): Drop unused prototypes.
	* src/qemu/qemu_domain.c (qemuDomainObjEnterMonitorInternal):
	Reflect driver lock to nested job.
	(qemuDomainObjBeginNestedJob)
	(qemuDomainObjBeginNestedJobWithDriver)
	(qemuDomainObjEndNestedJob): Drop unused functions.

2011-07-28  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Fix memory leak on metadata fetching
	As written in virStorageFileGetMetadataFromFD decription, caller
	must free metadata after use. Qemu driver miss this and therefore
	leak metadata which can grow to huge mem leak if somebody query
	for blockInfo a lot.

2011-07-28  Matthias Bolte  <matthias.bolte@googlemail.com>

	freebsd: Add gnulib environ module for the commandtest

2011-07-28  Michal Privoznik  <mprivozn@redhat.com>

	libvirt.c: Update outdated description of flags
	Because we do support flags for virDomainSetBlkioParameters and
	virDomainGetBlkioParameters, update appropriate description as well.

2011-07-28  Hu Tao  <hutao@cn.fujitsu.com>

	python: add python binding for virDomainSetMemoryParameters

	python: add python binding for virDomainGetMemoryParameters

	python: add python binding for virDomainSetBlkioParameters

	python: add python binding for virDomainGetBlkioParameters

2011-07-28  Alex Jia  <ajia@redhat.com>

	virsh: fix memory leak in cmdVolPath code
	* tools/virsh.c: avoid memory leak in cmdVolPath.
	* src/libvirt.c: Add doc for virStorageVolGetPath to tell one
	  must free() the returned path after use.

	* how to reproduce?

	% dd if=/dev/zero of=/var/lib/libvirt/images/foo.img count=1 bs=10M
	% virsh pool-refresh default
	% valgrind -v --leak-check=full virsh vol-path --vol \
	/var/lib/libvirt/images/foo.img

	* actual results:

	Detected in valgrind run:

	==16436== 32 bytes in 1 blocks are definitely lost in loss record 7 of 22
	==16436==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==16436==    by 0x386A314B3D: xdr_string (in /lib64/libc-2.12.so)
	==16436==    by 0x3DF8CD770D: xdr_remote_nonnull_string (remote_protocol.c:3
	==16436==    by 0x3DF8CD7EC8: xdr_remote_storage_vol_get_path_ret
	% virsh pool-refresh default
	% valgrind -v --leak-check=full virsh vol-path --vol \
	/var/lib/libvirt/images/foo.img

2011-07-28  Osier Yang  <jyang@redhat.com>

	qemu: Improve docs for virsh dump format
	The error in getCompressionType will never be reported, change
	the errors codes into warning (VIR_WARN("%s", _(foo)); doesn't break
	syntax-check rule), and also improve the docs in qemu.conf to tell
	user the truth.

2011-07-28  Eric Blake  <eblake@redhat.com>

	qemu: improve thread documentation
	* src/qemu/THREADS.txt: Fix problems with typos, grammar, and
	outdated examples.

	virsh: expose change-protection during migration
	* tools/virsh.c (doMigrate): Add --change-protection flag.
	* tools/virsh.pod (migrate): Document it.

2011-07-28  Matthias Bolte  <matthias.bolte@googlemail.com>

	rpc: Fix memory leak in remoteDomainSet*Parameters functions
	Add a new helper remoteFreeTypedParameters and teach the generator
	to add it to the cleanup section.

	https://bugzilla.redhat.com/show_bug.cgi?id=725322

2011-07-28  Lai Jiangshan  <laijs@cn.fujitsu.com>

	send-key: Implement Python API

2011-07-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Remove special case for virDomainAbortJob
	This doesn't abort migration job in any phase, yet.

	qemu: Remove special case for virDomainSuspend

	qemu: Remove special case for virDomainMigrateSetMaxDowntime
	Call qemu monitor command directly within a special job that is only
	allowed during outgoing migration.

	qemu: Remove special case for virDomainMigrateSetMaxSpeed
	Call qemu monitor command directly within a special job that is only
	allowed during outgoing migration.

	qemu: Remove special case for virDomainBlockStats
	Like other query commands, this can now be called directly during
	migration.

	qemu: Remove special case for virDomainGetBlockInfo
	Like other query commands, this can now be called directly during
	migration.

	qemu: Recover from interrupted migration

	qemu: Migration job on source daemon
	Make MIGRATION_OUT use the new helper methods.

	This also introduces new protection to migration v3 process: the
	migration job is held from Begin to Confirm to avoid changes to a domain
	during migration (esp. between Begin and Perform phases). This change is
	automatically applied to p2p and tunneled migrations. For normal
	migration, this requires support from a client. In other words, if an
	old (pre 0.9.4) client starts normal migration of a domain, the domain
	will not be protected against changes between Begin and Perform steps.

	qemu: Migration job on destination daemon
	Make MIGRATION_IN use the new helper methods.

	qemu: Implement migration job phases
	This patch introduces several helper methods to deal with jobs and
	phases during migration in a simpler manner.

2011-07-27  Eric Blake  <eblake@redhat.com>

	build: support warnings on RHEL 5
	Without this, a configure built by autoconf 2.59 was broken when
	trying to detect which compiler warning flags were supported.

	* .gnulib: Update to latest, for warnings.m4 fix.
	* bootstrap.conf: Add fclose explicitly, to match recent gnulib
	implicit dependency changes.
	* src/qemu/qemu_conf.c (includes): Drop unused include.
	* src/uml/uml_conf.c (include): Likewise.
	Reported by Daniel P. Berrange.

2011-07-27  Michal Privoznik  <mprivozn@redhat.com>

	bandwidth: Integrate bandwidth into portgroups
	Every DomainNetDef has a bandwidth, as does every portgroup.
	Whenever a DomainNetDef of type NETWORK is about to be used, a call is
	made to networkAllocateActualDevice(). This function chooses the "best"
	bandwidth object and places it in the DomainActualNetDef.
	From that point on, whenever some code needs to use the bandwidth data
	for the interface, it's retrieved with virDomainNetGetActualBandwidth(),
	which will always return the "best" info as determined in the
	previous step.

2011-07-27  Osier Yang  <jyang@redhat.com>

	doc: Add doc for blockpull and blockjob commands
	Commit b31abc6f0 introduce commands blockpull and blockjob, but
	forgot to add the docs meanwhile.

2011-07-27  Cole Robinson  <crobinso@redhat.com>

	python: Properly report errors if virStreamRecv fails
	We only want to raise the special value -2. -1 should return None
	which tells the bindings to throw an exception.

2011-07-26  Alex Jia  <ajia@redhat.com>

	tools: format percent strings of nodecpustats
	* tools/virsh.c: format strings display for virsh nodecpustats --percent.

	* how to reproduce?

	% virsh nodecpustats --percent
	usage:            2.0%
	    user  :       1.0%
	    system:       1.0%
	idle  :          98.0%
	iowait:           0.0%

	* after format strings

	% virsh nodecpustats --percent
	usage:            2.0%
	user:             1.0%
	system:           1.0%
	idle:            98.0%
	iowait:           0.0%

2011-07-26  Stefan Berger  <stefanb@us.ibm.com>

	Build: fix build if HAVE_AVAHI is not defined
	Fix the build if HAVE_AVAHI is not defined.

2011-07-26  Dave Allan  <dallan@redhat.com>

	Fix incorrect implication about list options
	The description of the list command seemed to suggest that it could
	take a set of domains as an argument, which is not correct in the
	current HEAD.  If virsh list is intended to take a list of domains,
	then this patch should be NAK'd and a bug opened against virsh list.

	Reported by hachi on #virt

	v2:

	Change language to include transient domains

	Osier pointed out that transient domains are not defined, so what I
	had originally proposed wasn't quite correct.

2011-07-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix race in ref counting when handling RPC jobs
	When an incoming RPC message is ready for processing,

	  virNetServerClientDispatchRead()

	will invoke the 'dispatchFunc' callback. This is set to

	  virNetServerDispatchNewMessage

	This function puts the message + client in a queue for processing by the thread
	pool. The thread pool worker function is

	  virNetServerHandleJob

	The first thing this does is acquire an extra reference on the 'client'.

	Unfortunately, between the time the message+client are put on the thread pool
	queue, and the time the worker runs, the client object may have had its last
	reference removed.

	We clearly need to add the reference to the client object before putting the
	client on the processing queue

	* src/rpc/virnetserverclient.c: Add a reference to the client when
	  invoking the dispatch function
	* src/rpc/virnetserver.c: Don't acquire a reference to the client
	  when in the worker thread

2011-07-26  Wen Congyang  <wency@cn.fujitsu.com>

	set cpu bandwidth for the vm
	The cpu bandwidth is applied at the vcpu group level. We should apply it
	at the vm group level too, because the vm may do heavy I/O, and it will affect
	the other vm.

	We apply cpu bandwidth at the vcpu and the vm group level, so we must ensure
	that max(child_quota) <= parent_quota when we modify cpu bandwidth.

2011-07-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix build with gnutls 1.0.x branch

	Fix typos in virsh.pod file
	* tools/virsh.pod: Fix missing > tag in docs

2011-07-26  Osier Yang  <jyang@redhat.com>

	network: Fix typo
	Introduced by commit 239322cb, reported by Ruben Kerkhof.

2011-07-26  Daniel P. Berrange  <berrange@redhat.com>

	Add libtasn1-devel as a BuildRequires for libvirt.spec
	* libvirt.spec.in: Add libtasn1-devel

	Add mutex protection to SASL and TLS modules
	The virNetSASLContext, virNetSASLSession, virNetTLSContext and
	virNetTLSSession classes previously relied in their owners
	(virNetClient / virNetServer / virNetServerClient) to provide
	locking protection for concurrent usage. When virNetSocket
	gained its own locking code, this invalidated the implicit
	safety the SASL/TLS modules relied on. Thus we need to give
	them all explicit locking of their own via new mutexes.

	* src/rpc/virnetsaslcontext.c, src/rpc/virnettlscontext.c: Add
	  a mutex per object

	Report error if unable to bind to any socket
	When setting up a server socket, we must skip EADDRINUSE errors
	from bind, since the IPv6 socket bind may have already bound to
	the IPv4 socket too. If we don't manage to bind to any sockets
	at all though, we should then report the EADDRINUSE error as
	normal.

	This fixes the case where libvirtd would not exit if some other
	program was listening on its TCP/TLS ports.

	* src/rpc/virnetsocket.c: Report EADDRINUSE

	Fix leak of mDNS object in virNetServer
	* src/rpc/virnetserver.c: Free mDNS object

	Fix memory leaks in MDNS code
	* src/rpc/virnetservermdns.c: Fix leaks

2011-07-26  Eric Blake  <eblake@redhat.com>

	virsh: use faster bit search
	Now that gnulib gives us ffs, we might as well use it.

	* tools/virsh.c (vshCmddefGetData): Use ffs rather than
	count_one_bits.

	virsh: make vcpucount use --current consistently
	Rename the existing --current flag to the new name --active,
	while adding a new flag --current to expose the new
	VIR_DOMAIN_AFFECT_CURRENT flag of virDomainGetVcpusFlags.

	For backwards compability, the output does not change (even
	though the label "current" no longer matches the spelling of
	the option that would trigger that number in isolation), and
	we accept "--current --live" as an undocumented synonym for
	"--active --live" to avoid breaking any existing clients.

	* tools/virsh.c (cmdVcpucount): Add --active flag, and rearrange
	existing flag handling to expose VIR_DOMAIN_AFFECT_CURRENT support.
	* tools/virsh.pod (vcpucount): Document this.

	vcpu: teach getVcpusFlags about current
	Now that virDomainSetVcpusFlags knows about VIR_DOMAIN_AFFECT_CURRENT,
	so should virDomainGetVcpusFlags.

	Unfortunately, the virsh counterpart 'virsh vcpucount' has already
	commandeered --current for a different meaning, so teaching virsh
	to expose this in the next patch will require a bit of care.

	* src/libvirt.c (virDomainGetVcpusFlags): Allow
	VIR_DOMAIN_AFFECT_CURRENT.
	* src/libxl/libxl_driver.c (libxlDomainGetVcpusFlags): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainGetVcpusFlags): Likewise.
	* src/test/test_driver.c (testDomainGetVcpusFlags): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainGetVcpusFlags): Likewise.

2011-07-26  Cole Robinson  <crobinso@redhat.com>

	python: Handle embedded NUL in stream.send data
	Otherwise things like volume upload are only useful with text data.

2011-07-26  Laine Stump  <laine@laine.org>

	util: change virFile*Pid functions to return < 0 on failure
	Although most functions in libvirt return 0 on success and < 0 on
	failure, there are a few functions lingering around that return errno
	(a positive value) on failure, and sometimes code calling those
	functions incorrectly assumes the <0 standard. I noticed one of these
	the other day when auditing networkStartDhcpDaemon after Guido Gunther
	found a place where success was improperly returned on failure (that
	patch has been acked and is pending a push). The problem was that it
	expected the return value from virFileReadPid to be < 0 on failure,
	but it was actually positive (it was also neglected to set the return
	code in this case, similar to the bug found by Guido).

	This all led to the fact that *all* of the virFile*Pid functions in
	util.c are returning errno on failure. This patch remedies that
	problem by changing them all to return -errno on failure, and makes
	any necessary changes to callers of the functions. (In the meantime, I
	also properly set the return code on failure of virFileReadPid in
	networkStartDhcpDaemon).

2011-07-26  Guido Günther  <agx@sigxcpu.org>

	Catch dnsmasq start failures
	While we checked the return value we didn't maks sure ret != 0 which
	resulted in dnsmasq errors being ignored.

2011-07-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix import of private key with older gnutls
	With older GNUTLS the gnutls_x509_privkey_import function is
	unable to import our private key. Instead we must use the
	alternative gnutls_x509_privkey_import_pkcs8() (as certtool
	does).

	* virnettlscontexttest.c: Fix import of private key with
	  older gnutls. Also add missing newlines to key

2011-07-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix TLS context tests with expired certs
	commit 5283ea9b1d8a4b0f2fd6796bf60615aca7b6c3e6 changed the
	semantics of the 'expire_offset' field in the test case struct
	so that instead of being an absolute timestamp, it was a delta
	relative to the current time. This broke the test cases which
	were testing expiry of certificates, by putting the expiry
	time into the future, instead of in the past.

	Fix this by changing the expiry values to be negative, so that
	the delta goes into the past again.

	* virnettlscontexttest.c: Fix expiry tests

2011-07-25  Wen Congyang  <wency@cn.fujitsu.com>

	rename cfs_* to vcpu_*
	In the XML file we now have

	  <cputune>
	    <shares>1024</shares>
	    <period>90000</period>
	    <quota>0</quota>
	  </cputune>

	But the schedinfo parameter are being named

	 cpu_shares: 1024
	 cfs_period: 90000
	 cfs_quota: 0

	The period/quota is per-vcpu value, so these new tunables should be named
	'vcpu_period' and 'vcpu_quota'.

2011-07-25  Cole Robinson  <crobinso@redhat.com>

	docs: Break up 'Basic Resources' XML section
	We had a bit too many elements crammed in there. Separate it into different
	headings:

	- CPU Allocation (<vcpus>)
	- CPU Tuning (<cputune>)
	- Memory allocation (<memory> and <currentMemory>)
	- Memory backing (<memoryBacking>)
	- Memory tuning (<memtune>)
	- Numa tuning (<numatune>)
	- Block I/O tuning (<blkiotune>)

2011-07-25  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	python: add Python binding for virDomainGetVcpuPinInfo API
	This patch adds the Python bindings for virDomainGetVcpuPinInfo API.
	* python/generator.py: add it to generator skip list
	* python/libvirt-override-api.xml: provide an override description
	* python/libvirt-override.c: provide an override binding implementation

	python: add Python binding for virDomainPinVcpusFlags API
	This patch adds the Python bindings for virDomainPinVcpuFlags API.
	* python/generator.py: add it to the generator skip list
	* python/libvirt-override-api.xml: provide override description
	* python/libvirt-override.c: provide override bindings implementation

	python: add Python binding for virDomainGetSchedulerParametersFlags API
	This patch adds the Python bindings for
	virDomainGetSchedulerParametersFlags API.

	python: add Python binding for virDomainGetSchedulerParametersFlags API
	This patch adds the Python bindings for
	virDomainGetSchedulerParametersFlags API.
	* python/libvirt-override-api.xml: provide and override description
	* python/libvirt-override.c: implement the bindings

2011-07-25  Eric Blake  <eblake@redhat.com>

	tests: detect gnutls errors
	* tests/virnettlscontexttest.c (testTLSLoadKey): Report errors.

2011-07-25  Wieland Hoffmann  <themineo@googlemail.com>

	driver.h: Fix two driver documentation mistakes

2011-07-25  Michal Privoznik  <mprivozn@redhat.com>

	bandwidth: Add domain schema and xml2xml tests

	bandwidth: Add test cases for network

	bandwidth: Implement functions to enable and disable QoS
	These function executes 'tc' with appropriate arguments to set
	desired QoS setting on interface or bridge during its creation.

	bandwidth: Create format functions

	bandwidth: Add parsing and free functions
	These functions parse given XML node and return pointer to the
	output. Unknown elements are silently ignored. Attributes must
	be integer and must fit in unsigned long long.

	Free function frees elements of virBandwidth structure.

	bandwidth: Declare internal structures

	bandwidth: Define schema and create documentation
	Define new 'bandwidth' element with possible child element 'inbound'
	and 'outbound' addressing incoming and outgoing traffic respectively:

	<bandwidth>
	  <inbound average='1000' peak='2000' burst='5120'/>
	  <outbound average='500'/>
	</bandwidth>

	Leaving any element out means not to shape traffic in that
	direction.
	The units for average and peak (rate) are in kilobytes per second,
	for burst (size) are just in kilobytes.
	This element can be inserted into domain's 'interface' and
	'network'.

2011-07-25  Laine Stump  <laine@laine.org>

	network: provide internal API to return IP of a network
	The new listenNetwork attribute needs to learn an IP address based on a
	named network. This patch provides a function networkGetNetworkAddress
	which provides that.

	Some networks have an IP address explicitly in their configuration
	(ie, those with a forward type of "none", "route", or "nat"). For
	those, we can just return the IP address from the config.

	The rest will have a physical device associated with them (either via
	<bridge name='...'/>, <forward ... dev='...'/>, or possibly via a pool
	of interfaces inside the network's <forward> element) and we will need
	to ask the kernel for a current IP address of that device (via the
	newly added ifaceGetIPAddress)

	If networkGetNetworkAddress encounters an error while trying to learn
	the address for a network, it will return -1. In the case that libvirt
	has been compiled without the network driver, the call is a macro
	which reduces to -2. This allows differentiating between a failure of
	the network driver, and its complete absence.

	util: add an ifaceGetIPAddress to the interface utilities
	This function uses ioctl(SIOCGIFADDR), which limits it to returning
	the first IPv4 address of an interface, but that's what we want right
	now (the place we're going to use the address only accepts one).

2011-07-25  Eric Blake  <eblake@redhat.com>

	tests: fix compilation failures
	Even though gnutls is a hard-req for libvirt, and gnutls depends
	on libtasn1, that does not mean that you have to have the libtasn1
	development files installed.  Skip the test rather than failing
	compilation in that case.

	With newer gcc, the test consumed too much stack space.  Move
	things to static storage to fix that.

	* configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h.
	(HAVE_LIBTASN1): New automake conditional.
	* tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES)
	(virnettlscontexttest_LDADD): Allow compilation without libtasn1.
	* tests/virnettlscontexttest.c: Skip test if headers not present.
	(struct testTLSCertReq): Alter time members.
	(testTLSGenerateCert): Reflect the change.
	(mymain): Reduce stack usage.

2011-07-22  Daniel P. Berrange  <berrange@redhat.com>

	Pre-create /var/lib/libvirt/sanlock directory
	The sanlock plugin for libvirt expects the directory
	/var/lib/libvirt/sanlock to exist. Create this and add
	it to the RPM

	* libvirt.spec.in: Add /var/lib/libvirt/sanlock
	* src/Makefile.am: Create /var/lib/libvirt/sanlock

	Honour filesystem readonly flag & make special FS readonly
	A container should not be allowed to modify stuff in /sys
	or /proc/sys so make them readonly. Make /selinux readonly
	so that containers think that selinux is disabled.

	Honour the readonly flag when mounting container filesystems
	from the guest XML config

	* src/lxc/lxc_container.c: Support readonly mounts

	Refactor mounting of special filesystems
	Even in non-virtual root filesystem mode we should be mounting
	more than just a new /proc. Refactor lxcContainerMountBasicFS
	so that it does everything except for /dev and /dev/pts moving
	that into lxcContainerMountDevFS. Pass in a source prefix
	to lxcContainerMountBasicFS() so it can be used in both shared
	root and private root modes.

	* src/lxc/lxc_container.c: Unify mounting code for special
	  filesystems

	Pull code for doing a bind mount into separate method
	The bind mount setup is about to get more complicated.
	To avoid having to deal with several copies, pull it
	out into a separate lxcContainerMountFSBind method.

	Also pull out the iteration over container filesystems,
	so that it will be easier to drop in support for non-bind
	mount filesystems

	* src/lxc/lxc_container.c: Pull bind mount code out into
	  lxcContainerMountFSBind

	Fix typos in daemon config file from previous commit

	Add a test case for certificate validation
	This test case checks certification validation rules for

	 - Basic constraints
	 - Key purpose
	 - Key usage
	 - Start/expiry times

	It checks initial context creation sanity checks, and live
	session validation

	Allow certificate sanity checking to be disabled
	When libvirtd starts it it will sanity check its own certs,
	and before libvirt clients connect to a remote server they
	will sanity check their own certs. This patch allows such
	sanity checking to be skipped. There is no strong reason to
	need to do this, other than to bypass possible libvirt bugs
	in sanity checking, or for testing purposes.

	libvirt.conf gains tls_no_sanity_certificate parameter to
	go along with tls_no_verify_certificate. The remote driver
	client URIs gain a no_sanity URI parameter

	* daemon/test_libvirtd.aug, daemon/libvirtd.conf,
	  daemon/libvirtd.c, daemon/libvirtd.aug: Add parameter to
	  allow cert sanity checks to be skipped
	* src/remote/remote_driver.c: Add no_sanity parameter to
	  skip cert checks
	* src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h:
	  Add new parameter for skipping sanity checks independantly
	  of skipping session cert validation checks

2011-07-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	build: Use $(PYTHON) instead of python for the keycode map generator
	Also prepend $(AM_V_GEN) to the command line, mark virkeycode-mapgen.py
	as executable and switch the shebang line from /bin/python to the
	commonly use /usr/bin/python.

	xenapi: Fix double-freeing the session in xenapiClose
	xen_session_logout already frees the whole session object.
	Don't call xenSessionFree on a freed session object.

	Reported by Sharmila Radhakrishnan.

2011-07-22  Oskari Saarenmaa  <os@ohmu.fi>

	remote/ssh: optional "keyfile" parameter.
	New optional parameter "keyfile" for ssh transport allows the user to select
	the private key to be used to authenticate to the remote host.

2011-07-22  Laine Stump  <laine@laine.org>

	util: make interface.c functions consistently return < 0 on error
	All of the functions in util/interface.c were returning 0 on success,
	but some returned -1 on error, and some returned a positive value
	(usually the value of errno, but sometimes just 1). Libvirt's standard
	is to return < 0 on error (in the case of functions that need to
	return errno, -errno is returned.

	This patch modifies all functions in interface.c to consistently
	return < 0 on error, and makes changes to callers of those functions
	where necessary.

2011-07-22  Daniel P. Berrange  <berrange@redhat.com>

	Refactor the certification validation code
	There is some commonality between the code for sanity checking
	certs when initializing libvirt and the code for validating
	certs during a live TLS session handshake. This patchset splits
	up the sanity checking function into several smaller functions
	each doing a specific type of check. The cert validation code
	is then updated to also call into these functions

	* src/rpc/virnettlscontext.c: Refactor cert validation code

	Remove call to deprecated gnutls_certificate_type_set_priority (again)
	The gnutls_certificate_type_set_priority method is deprecated.
	Since we already set the default gnutls priority, it was not
	serving any useful purpose and can be removed

	* src/rpc/virnettlscontext.c: Remove gnutls_certificate_type_set_priority
	  call

	Ensure that libvirtd shuts down if initialization fails
	If the virStateInitialize call fails we must shutdown libvirtd
	since drivers will not be available. Just free'ing the virNetServer
	is not sufficient, we must send a SIGTERM to ourselves so that
	we interrupt the event loop and trigger a orderly shutdown

	* daemon/libvirtd.c: Kill ourselves if state init fails
	* src/rpc/virnetserver.c: Add some debugging to event loop

2011-07-22  Adam Litke  <agl@us.ibm.com>

	Asynchronous event for BlockJob completion
	When an operation started by virDomainBlockPull completes (either with
	success or with failure), raise an event to indicate the final status.
	This API allow users to avoid polling on virDomainGetBlockJobInfo if
	they would prefer to use an event mechanism.

	* daemon/remote.c: Dispatch events to client
	* include/libvirt/libvirt.h.in: Define event ID and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle the new event
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for block_stream completion and emit a libvirt block pull event
	* src/remote/remote_driver.c: Receive and dispatch events to application
	* src/remote/remote_protocol.x: Wire protocol definition for the event
	* src/remote_protocol-structs: structure definitions for protocol verification
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for BLOCK_STREAM_COMPLETED event
	  from QEMU monitor

	Enable virDomainBlockPull in the python API
	virDomainGetBlockJobInfo requires manual override since it returns a
	custom type.

	* python/generator.py: reenable bindings for this entry point
	* python/libvirt-override-api.xml python/libvirt-override.c:
	  manual overrides

	Enable the virDomainBlockPull API in virsh
	Define two new virsh commands:
	 * blockpull: Initiate a blockPull for the given disk
	 * blockjob: Retrieve progress info, modify speed, and cancel active block jobs

	Share print_job_progress() with the migration code.

	* tools/virsh.c: implement the new commands

	Implement virDomainBlockPull for the qemu driver
	The virDomainBlockPull* family of commands are enabled by the
	following HMP/QMP commands: 'block_stream', 'block_job_cancel',
	 'info block-jobs' / 'query-block-jobs', and 'block_job_set_speed'.

	* src/qemu/qemu_driver.c src/qemu/qemu_monitor_text.[ch]: implement disk
	  streaming by using the proper qemu monitor commands.
	* src/qemu/qemu_monitor_json.[ch]: implement commands using the qmp monitor

	Add virDomainBlockPull support to the remote driver
	The generator can handle everything except virDomainGetBlockJobInfo().

	* src/remote/remote_protocol.x: provide defines for the new entry points
	* src/remote/remote_driver.c daemon/remote.c: implement the client and
	  server side for virDomainGetBlockJobInfo.
	* src/remote_protocol-structs: structure definitions for protocol verification
	* src/rpc/gendispatch.pl: Permit some unsigned long parameters

	virDomainBlockPull: Implement the main entry points
	* src/libvirt.c: implement the main entry points

	Add new API virDomainBlockPull* to headers
	Set up the types for the block pull functions and insert them into the
	virDriver structure definition.  Symbols are exported in this patch to
	prevent
	documentation compile failures.

	* include/libvirt/libvirt.h.in: new API
	* src/driver.h: add the new entry to the driver structure
	* python/generator.py: fix compiler errors, the actual python bindings
	* are
	  implemented later
	* src/libvirt_public.syms: export symbols
	* docs/apibuild.py: Extend 'unsigned long' parameter exception to this
	* API

2011-07-22  Eric Blake  <eblake@redhat.com>

	save: add virsh commands for manipulating save files
	Now you can edit a saved state file even if you forgot to grab
	a dumpxml file prior to saving a domain.  Plus, in-place editing
	feels so much nicer.

	* tools/virsh.c (cmdSaveImageDumpxml, cmdSaveImageDefine)
	(cmdSaveImageEdit): New commands.
	* tools/virsh.pod (save-image-dumpxml, save-image-define)
	(save-image-edit): Document them.

	save: wire up remote protocol
	* src/remote/remote_driver.c (remote_driver): Add new callbacks.
	* src/remote/remote_protocol.x (remote_procedure): New RPCs.
	(remote_domain_save_image_get_xml_desc_args)
	(remote_domain_save_image_get_xml_desc_ret)
	(remote_domain_save_image_define_xml_args): New structs.
	* src/remote_protocol-structs: Update.

	save: new API to manipulate save file images
	Modifying the xml on either save or restore only gets you so
	far - you have to remember to 'virsh dumpxml dom' just prior
	to the 'virsh save' in order to have an xml file worth modifying
	that won't be rejected due to abi breaks.  To make this more
	powerful, we need a way to grab the xml embedded within a state
	file, and from there, it's not much harder to also support
	modifying a state file in-place.

	Also, virDomainGetXMLDesc didn't document its flags.

	* include/libvirt/libvirt.h.in (virDomainSaveImageGetXMLDesc)
	(virDomainSaveImageDefineXML): New prototypes.
	* src/libvirt.c (virDomainSaveImageGetXMLDesc)
	(virDomainSaveImageDefineXML): New API.
	* src/libvirt_public.syms: Export them.
	* src/driver.h (virDrvDomainSaveImageGetXMLDesc)
	(virDrvDomainSaveImgeDefineXML): New driver callbacks.

	save: support bypass-cache flag in libvirt-guests init script
	libvirt-guests is a perfect use case for bypassing the file system
	cache - lots of filesystem traffic done at system shutdown, where
	caching is pointless, and startup, where reading large files only
	once just gets in the way.  Make this a configurable option in the
	init script, but defaulting to existing behavior.

	* tools/libvirt-guests.sysconf (BYPASS_CACHE): New variable.
	* tools/libvirt-guests.init.sh (start, suspend_guest): Use it.

	save: support bypass-cache flag in qemu.conf
	When auto-dumping a domain on crash events, or autostarting a domain
	with managed save state, let the user configure whether to imply
	the bypass cache flag.

	* src/qemu/qemu.conf (auto_dump_bypass_cache, auto_start_bypass_cache):
	Document new variables.
	* src/qemu/libvirtd_qemu.aug (vnc_entry): Let augeas parse them.
	* src/qemu/qemu_conf.h (qemud_driver): Store new preferences.
	* src/qemu/qemu_conf.c (qemudLoadDriverConfig): Parse them.
	* src/qemu/qemu_driver.c (processWatchdogEvent, qemuAutostartDomain):
	Honor them.

	save: support BYPASS_CACHE during qemu save/restore
	Wire together the previous patches to support file system cache
	bypass during API save/restore requests in qemu.

	* src/qemu/qemu_driver.c (qemuDomainSaveInternal, doCoreDump)
	(qemudDomainObjStart, qemuDomainSaveImageOpen, qemuDomainObjRestore)
	(qemuDomainObjStart): Add parameter.
	(qemuDomainSaveFlags, qemuDomainManagedSave, qemudDomainCoreDump)
	(processWatchdogEvent, qemudDomainStartWithFlags, qemuAutostartDomain)
	(qemuDomainRestoreFlags): Update callers.

	save: add virFileDirectFd wrapper type
	O_DIRECT has stringent requirements.  Rather than make lots of changes
	at each site that wants to use O_DIRECT, it is easier to offload
	the work through a helper process that mirrors the I/O between a
	pipe and the actual direct fd, so that the other end of the pipe
	no longer has to worry about constraints.

	Plus, if the kernel ever gains better posix_fadvise support, then we
	only have to touch a single file to let all callers benefit from a
	more efficient way to avoid file system caching.

	* src/util/virfile.h (virFileDirectFdFlag, virFileDirectFdNew)
	(virFileDirectFdClose, virFileDirectFdFree): New prototypes.
	* src/util/virdirect.c: Implement new wrapper object.
	* src/libvirt_private.syms (virfile.h): Export new symbols.
	* cfg.mk (useless_free_options): Add to list.
	* po/POTFILES.in: Add new translations.

	save: let iohelper work on O_DIRECT fds
	Required for a coming patch where iohelper will operate on O_DIRECT
	fds.  There, the user-space memory must be aligned to file system
	boundaries (at least 512, but using page-aligned works better, and
	some file systems prefer 64k).  Made tougher by the fact that
	VIR_ALLOC won't work on void *, but posix_memalign won't work on
	char * and isn't available everywhere.

	This patch makes some simplifying assumptions - namely, output
	to an O_DIRECT fd will only be attempted on an empty seekable
	file (hence, no need to worry about preserving existing data
	on a partial block, and ftruncate will work to undo the effects
	of having to round up the size of the last block written), and
	input from an O_DIRECT fd will only be attempted on a complete
	seekable file with the only possible short read at EOF.

	* configure.ac (AC_CHECK_FUNCS_ONCE): Check for posix_memalign.
	* src/util/iohelper.c (runIO): Use aligned memory, and handle
	quirks of O_DIRECT on last write.

	save: let iohelper handle inherited fd
	Rather than making the iohelper subject to a race in reopening
	the file, it is nicer to pass an already-open fd by inheritance.

	The old synopsis form must continue to work - if someone updates
	their libvirt package and installs a new libvirt_iohelper but
	without restarting the old libvirtd daemon, then the daemon can
	still make calls using the old syntax but the new iohelper.

	* src/util/iohelper.c (runIO): Split code for open...
	(prepare): ...to new function.
	(usage): Update synopsis.
	(main): Allow alternate calling form.
	* src/fdstream.c (virFDStreamOpenFileInternal): Use alternate form.

	save: support --xml to virsh save/restore
	Also, migrate was missing documentation for the --xml option
	added in commit ec5301cb.

	* tools/virsh.c (cmdSave, cmdRestore): Add xml argument.
	* tools/virsh.pod (save, restore, migrate): Document it.

	save: add --bypass-cache flag to virsh save/restore operations
	Wire up the new flag to several virsh commands.  Also, the
	'dump' command had undocumented flags.

	* tools/virsh.c (cmdSave, cmdManagedSave, cmdDump, cmdStart)
	(cmdRestore): Add new flag.
	* tools/virsh.pod (save, managedsave, dump, start, restore):
	Document flags.

	save: wire up trivial save/restore flags implementations
	For all hypervisors that support save and restore, the new API
	now performs the same functions as the old.

	VBox is excluded from this list, because its existing domainsave
	is broken (there is no corresponding domainrestore, and there
	is no control over the filename used in the save).  A later
	patch should change vbox to use its implementation for
	managedsave, and teach start to use managedsave results.

	* src/libxl/libxl_driver.c (libxlDomainSave): Move guts...
	(libxlDomainSaveFlags): ...to new function.
	(libxlDomainRestore): Move guts...
	(libxlDomainRestoreFlags): ...to new function.
	* src/test/test_driver.c (testDomainSave, testDomainSaveFlags)
	(testDomainRestore, testDomainRestoreFlags): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainSave)
	(xenUnifiedDomainSaveFlags, xenUnifiedDomainRestore)
	(xenUnifiedDomainRestoreFlags): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainSave, qemudDomainRestore):
	Rename and move guts.
	(qemuDomainSave, qemuDomainSaveFlags, qemuDomainRestore)
	(qemuDomainRestoreFlags): ...here.
	(qemudDomainSaveFlag): Rename...
	(qemuDomainSaveInternal): ...to this, and update callers.

	error: add new error type for reflecting partial API support
	VIR_ERR_INVALID_ARG implies that an argument cannot possibly
	be correct, given the current state of the API.
	VIR_ERR_CONFIG_UNSUPPORTED implies that a configuration is
	wrong, but arguments aren't configuration.
	VIR_ERR_NO_SUPPORT implies that a function is completely
	unimplemented.

	But in the case of a function that is partially implemented,
	yet the full power of the API is not available for that
	driver, none of the above messages make sense.  Hence a new
	error message, implying that the argument is known to comply
	with the current state of the API, and that while the driver
	supports aspects of the function, it does not support that
	particular use of the argument.

	A good use case for this is a driver that supports
	virDomainSaveFlags, but not the dxml argument of that API.

	It might be feasible to also use this new error for all functions
	that check flags, and which accept fewer flags than what is possible
	in the public API.  But doing so would get complicated, since
	neither libvirt.c nor the remote driver may do flag filtering,
	and every other driver would have to do a two-part check, first
	using virCheckFlags on all public flags (which gives
	VIR_ERR_INVALID_ARG for an impossible flag), followed by a
	particular mask check for VIR_ERR_ARGUMENT_UNSUPPORTED (for a
	possible public flag but unsupported by this driver).

	* include/libvirt/virterror.h (VIR_ERR_ARGUMENT_UNSUPPORTED): New
	error.
	* src/util/virterror.c (virErrorMsg): Give it a message.
	Suggested by Daniel P. Berrange.

	build: fix bugs with destroyFlags patches
	Build failure on xenapi_driver from compiler warnings (flags was unused).

	Build failure on xen (incorrect number of arguments).  And in fixing
	that, I obeyed the comments of struct xenUnifiedDriver that state
	that we want to minimize the number of callback functions in that
	struct, not add to it.

	* src/xen/xen_driver.c (xenUnifiedDomainDestroyFlags): Use correct
	arguments.
	(xenUnifiedDomainDestroy): Simplify.
	* src/xen/xen_driver.h (xenUnifiedDriver): Remove unused callback.
	* src/xen/xen_hypervisor.c (xenHypervisorDestroyDomain): Likewise.
	* src/xen/xend_internal.c (xenDaemonDomainDestroy): Likewise.
	* src/xen/xend_internal.h (xenDaemonDomainDestroyFlags): Likewise.
	* src/xen/xm_internal.c (xenXMDriver): Likewise.
	* src/xen/xs_internal.c (xenStoreDriver): Likewise.
	* src/xen/xen_inotify.c (xenInotifyDriver): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainDestroyFlags): Reject
	unknown flags.

2011-07-22  Michal Privoznik  <mprivozn@redhat.com>

	remote: Fix forgotten comma
	during conflict resolving

2011-07-22  Laine Stump  <laine@laine.org>

	network: internal API functions to manage assignment of physdev to guest
	The network driver needs to assign physical devices for use by modes
	that use macvtap, keeping track of which physical devices are in use
	(and how many instances, when the devices can be shared). Three calls
	are added:

	networkAllocateActualDevice - finds a physical device for use by the
	domain, and sets up the virDomainActualNetDef accordingly.

	networkNotifyActualDevice - assumes that the domain was already
	running, but libvirtd was restarted, and needs to be notified by each
	already-running domain about what interfaces they are using.

	networkReleaseActualDevice - decrements the usage count of the
	allocated physical device, and frees the virDomainActualNetDef to
	avoid later accidentally using the device.

	bridge_driver.[hc] - the new APIs. When WITH_NETWORK is false, these
	functions are all #defined to be "0" in the .h file (effectively
	becoming a NOP) to prevent link errors.

	qemu_(command|driver|hotplug|process).c - add calls to the above APIs
	    in the appropriate places.

	tests/Makefile.am - we need to include libvirt_driver_network.la
	    whenever libvirt_driver_qemu.la is linked, to avoid unreferenced
	    symbols (in functions that are never called by the test
	    programs...)

	qemu: use virDomainNetGetActual*() in qemuDomainXMLToNative
	This is the one function outside of domain_conf.c that plays around
	with (even modifying) the internals of the virDomainNetDef, and thus
	can't be fixed up simply by replacing direct accesses to the fields of
	the struct with the GetActual*() access functions.

	In this case, we need to check if the defined type is "network", and
	if it is *then* check the actual type; if the actual type is "bridge",
	then we can at least put the bridgename in a place where it can be
	used; otherwise (if type isn't "bridge"), we behave exactly as we used
	to - just null out *everything*.

	qemu: use virDomainNetGetActual*() functions where appropriate
	The qemu driver accesses fields in the virDomainNetDef directly, but
	with the advent of the virDomainActualNetDef, some pieces of
	information may be found in a different place (the ActualNetDef) if
	the network connection is of type='network' and that network is of
	forward type='bridge|private|vepa|passthrough'. The previous patch
	added functions to mask this difference from callers - they hide the
	decision making process and just pick the value from the proper place.

	This patch uses those functions in the qemu driver as a first step in
	making qemu work with the new network types. At this point, the
	virDomainActualNetDef is guaranteed always NULL, so the GetActualX()
	function will return exactly what the def->X that's being replaced
	would have returned (ie bisecting is not compromised).

	There is one place (in qemu_driver.c) where the internal details of
	the NetDef are directly manipulated by the code, so the GetActual
	functions cannot be used there without extra additional code; that
	file will be treated in a separate patch.

	network: separate Start/Shutdown functions for new network types
	Previously all networks were composed of bridge devices created and
	managed by libvirt, and the same operations needed to be done for all
	of them when they were started and stopped (create and start the
	bridge device, configure its MAC address and IP address, add iptables
	rules). The new network types are (for now at least) managed outside
	of libvirt, and the network object is used only to contain information
	about the network, which is then used as each individual guest
	connects itself.

	This means that when starting/stopping one of these new networks, we
	really want to do nothing, aside from marking the network as
	active/inactive.

	This has been setup as toplevel Start/Shutdown functions that do the
	small bit of common stuff, then have a switch statement to execute
	network type-specific start/shutdown code, then do a bit more common
	code. The type-specific functions called for the new host bridge and
	macvtap based types are currently empty.

	In the future these functions may actually do something, and we will
	surely add more functions that are similarly patterned. Once
	everything has settled, we can make a table of "sub-driver" function
	pointers for each network type, and store a pointer to that table in
	the network object, then we can replace the switch statements with
	calls to functions in the table.

	The final step in this will be to add a new table (and corresponding
	new functions) for new network types as they are added.

	conf: support abstracted interface info in network XML
	The network XML is updated in the following ways:

	1) The <forward> element can now contain a list of forward interfaces:

	     <forward .... >
	       <interface dev='eth10'/>
	       <interface dev='eth11'/>
	       <interface dev='eth12'/>
	       <interface dev='eth13'/>
	     </forward>

	   The first of these takes the place of the dev attribute that is
	   normally in <forward> - when defining a network you can specify
	   either one, and on output both will be present. If you specify
	   both on input, they must match.

	2) In addition to forward modes of 'nat' and 'route', these new modes
	   are supported:

	     private, passthrough, vepa - when this network is referenced by a
	     domain's interface, it will have the same effect as if the
	     interface had been defined as type='direct', e.g.:

	        <interface type='direct'>
	          <source mode='${mode}' dev='${dev}>
	          ...
	        </interface>

	     where ${mode} is one of the three new modes, and ${dev} is an interface
	     selected from the list given in <forward>.

	     bridge - if a <forward> dev (or multiple devs) is defined, and
	     forward mode is 'bridge' this is just like the modes 'private',
	     'passthrough', and 'vepa' above. If there is no forward dev
	     specified but a bridge name is given (e.g. "<bridge
	     name='br0'/>"), then guest interfaces using this network will use
	     libvirt's "host bridge" mode, equivalent to this:

	       <interface type='bridge'>
	          <source bridge='${bridge-name}'/>
	          ...
	       </interface>

	3) A network can have multiple <portgroup> elements, which may be
	   selected by the guest interface definition (by adding
	   "portgroup='${name}'" in the <source> element along with the
	   network name). Currently a portgroup can only contain a
	   virtportprofile, but the intent is that other configuration items
	   may be put there int the future (e.g. bandwidth config). When
	   building a guest's interface, if the <interface> XML itself has no
	   virtportprofile, and if the requested network has a portgroup with
	   a name matching the name given in the <interface> (or if one of the
	   network's portgroups is marked with the "default='yes'" attribute),
	   the virtportprofile from that portgroup will be used by the
	   interface.

	4) A network can have a virtportprofile defined at the top level,
	   which will be used by a guest interface when connecting in one of
	   the 'direct' modes if the guest interface XML itself hasn't
	   specified any virtportprofile, and if there are also no matching
	   portgroups on the network.

	conf: support abstracted interface info in domain interface XML
	the domain XML <interface> element is updated in the following ways:

	1) <virtualportprofile> can be specified when source type='network'
	(previously it was only valid for source type='direct')

	2) A new attribute "portgroup" has been added to the <source>
	element. When source type='network' (the only time portgroup is
	recognized), extra configuration information will be taken from the
	<portgroup> element of the given name in the network definition.

	3) Each virDomainNetDef now also potentially has a
	virDomainActualNetDef which is a private object (never
	exported/imported via the public API, and not defined in the RNG) that
	is used to maintain information about the physical device that was
	actually used for a NetDef of type VIR_DOMAIN_NET_TYPE_NETWORK.

	The virDomainActualNetDef will only be parsed/formatted if the
	parse/format function is called with the
	VIR_DOMAIN_XML_INTERNAL_ACTUAL_NET flag set (which is only needed when
	saving/loading a running domain's state info to the stateDir).

	conf: virDomainNetDef points to (rather than contains) virtPortProfile
	The virtPortProfile in the domain interface struct is now a separately
	allocated object *pointed to by* (rather than contained in) the main
	virDomainNetDef object. This is done to make it easier to figure out
	when a virtualPortProfile has/hasn't been specified in a particular
	config.

	conf: put virtPortProfile struct / functions in a common location
	virtPortProfiles are currently only used in the domain XML, but will
	soon also be used in the network XML. To prepare for that change, this
	patch moves the structure definition into util/network.h and the parse
	and format functions into util/network.c (I decided that this was a
	better choice than macvtap.h/c for something that needed to always be
	available on all platforms).

	util: define MAX
	If util.h is going to have a MIN, it may as well also have MAX.

2011-07-22  Michal Privoznik  <mprivozn@redhat.com>

	destroy: Implement internal API for xenapi driver

	destroy: Implement internal API for xen driver

	destroy: Implement internal API for vmware driver

	destroy: Implement internal API for vbox driver

	destroy: Implement internal API for uml driver

	destroy: Implement internal API for phyp driver

	destroy: Implement internal API for openvz driver

	destroy: Implement internal API for lxc driver

	destroy: Implement internal API for libxl driver

	destroy: Implement internal API for ESX driver

	destroy: Implement internal API for qemu driver

	destroy: Wire up the remote protocol

	destroy: Define new public API virDomainDestroyFlags
	This introduces new API virDomainDestroyFlags to allow
	domain destroying with flags, as the existing API virDomainDestroy
	misses flags.

	The set of flags is defined in virDomainDestroyFlagsValues enum,
	which is currently commented, because it is empty.

	Calling this API with no flags set (@flags == 0) is equivalent calling
	virDomainDestroy.

2011-07-22  Eric Blake  <eblake@redhat.com>

	save: wire up remote protocol
	* src/remote/remote_driver.c (remote_driver): Add new callbacks.
	* src/remote/remote_protocol.x (remote_procedure): New RPCs.
	(remote_domain_save_flags_args, remote_domain_restore_flags_args):
	New structs.
	* src/remote_protocol-structs: Update.

	save: new public API to bypass file system cache on save/restore
	In order to choose whether to use O_DIRECT when saving a domain image
	to a file, we need a new flag.  But virDomainSave was implemented
	before our policy of all new APIs having a flag argument.  Likewise
	for virDomainRestore when restoring from a file.

	The new flag name is chosen as CACHE_BYPASS so as not to preclude
	a future solution that uses posix_fadvise once the Linux kernel has
	a smarter implementation of that interface.

	* include/libvirt/libvirt.h.in (virDomainCreateFlags)
	(virDomainCoreDumpFlags): Add a flag.
	(virDomainSaveFlags, virDomainRestoreFlags): New prototypes.
	* src/libvirt.c (virDomainSaveFlags, virDomainRestoreFlags): New API.
	* src/libvirt_public.syms: Export them.
	* src/driver.h (virDrvDomainSaveFlags, virDrvDomainRestoreFlags):
	New driver callbacks.

	qemu: fix error message with migrate2 xml
	Otherwise, an ABI mismatch gives error messages attributing the target
	xml string as current, and the current domain state as the new xml.

	* src/qemu/qemu_migration.c (qemuMigrationBegin): Use correct
	argument order.

	build: rename files.h to virfile.h
	In preparation for a future patch adding new virFile APIs.

	* src/util/files.h, src/util/files.c: Move...
	* src/util/virfile.h, src/util/virfile.c: ...here, and rename
	functions to virFile prefix.  Macro names are intentionally
	left alone.
	* *.c: All '#include "files.h"' uses changed.
	* src/Makefile.am (UTIL_SOURCES): Reflect rename.
	* cfg.mk (exclude_file_name_regexp--sc_prohibit_close): Likewise.
	* src/libvirt_private.syms: Likewise.
	* docs/hacking.html.in: Likewise.
	* HACKING: Regenerate.

	command: avoid leaking fds across fork
	Since libvirt is multi-threaded, we should use FD_CLOEXEC as much
	as possible in the parent, and only relax fds to inherited after
	forking, to avoid leaking an fd created in one thread to a fork
	run in another thread.  This gets us closer to that ideal, by
	making virCommand automatically clear FD_CLOEXEC on fds intended
	for the child, as well as avoiding a window of time with non-cloexec
	pipes created for capturing output.

	* src/util/command.c (virExecWithHook): Use CLOEXEC in parent.  In
	child, guarantee that all fds to pass to child are inheritable.
	(getDevNull): Use CLOEXEC.
	(prepareStdFd): New helper function.
	(virCommandRun, virCommandRequireHandshake): Use pipe2.
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Simplify caller.

	command: move all docs into .c file
	We already have a precedent of function documentation in C files,
	where it is closer to the implementation (witness libvirt.h vs.
	libvirt.c); maintaining docs in both files risks docs going stale.

	While I was at it, I used consistent doxygen style on all comments.

	* src/util/command.h: Remove duplicate docs, and move unique
	documentation...
	* src/util/command.c: ...here.
	Suggested by Matthias Bolte.

2011-07-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	rpc: Make the dispatch generator handle 'void name(void)' style procedures
	The only 'void name(void)' style procedure in the protocol is 'close' that
	is handled special, but also programming errors like a missing _args or
	_ret suffix on the structs in the .x files can create such a situation by
	accident. Making the generator aware of this avoids bogus errors from the
	generator such as:

	  Use of uninitialized value in exists at ./rpc/gendispatch.pl line 967.

	Also this allows to get rid of the -c option and the special case code for
	the 'close' procedure, as the generator handles it now correctly.

	Reported by Michal Privoznik

2011-07-21  Eric Blake  <eblake@redhat.com>

	error: preserve errno when saving last error
	It is common to see the sequence:

	virErrorPtr save_err = virSaveLastError();
	// do cleanup
	virSetError(save_err);
	virFreeError(save_err);

	on cleanup paths.  But for functions where it is desirable to
	return the errno that caused failure, this sequence can clobber
	that errno.  virFreeError was already safe; this makes the other
	two functions in the sequence safe as well, assuming all goes
	well (on OOM, errno will be clobbered, but then again, save_err
	won't reflect the real error that happened, so you are no longer
	preserving the real situation - that's life with OOM).

	* src/util/virterror.c (virSaveLastError, virSetError): Preserve
	errno.

2011-07-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	python: Fix makefile rule for code generation
	Commit 8665f85523f0451c changed generated.stamp to $(GENERATE).stamp,
	but missed one instance in the CLEANFILES list. This can break the
	build in case the generated code is deleted but the .stamp file stays
	around and therefore the code isn't regenerated.

2011-07-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix uninitialized variable in QEMU CPU bandwidth code
	* src/qemu/qemu_driver.c: Fix uninitialized variable

2011-07-21  Wen Congyang  <wency@cn.fujitsu.com>

	fix make syntax-check error

	doc: Add documentation for new cputune elements period and quota
	We have added element period and quota. Document them in formatdomain.html.in.

	qemu: Implement cfs_period and cfs_quota's modification
	This patch implements cfs_period and cfs_quota's modification.
	We can use the command 'virsh schedinfo' to query or modify cfs_period and
	cfs_quota.
	If you query period or quota from config file, the value 0 means it does not set
	in the config file.
	If you set period or quota to config file, the value 0 means that delete current
	setting from config file.
	If you modify period or quota while vm is running, the value 0 means that use
	current value.

	qemu: Implement period and quota tunable XML configuration and parsing
	This patch implements period and quota tunable XML configuration and parsing.
	A quota or period of zero will be simply ignored.

	Update XML Schema for new entries
	Define the element cputune's child elements 'period' and 'quota':
	<cputune>
	  <period>100000</period>
	  <quota>50000</quota>
	</cputune>

	cgroup: Implement cpu.cfs_period_us and cpu.cfs_quota_us tuning API
	This patch provides 4 APIs to get and set cpu.cfs_period_us and cpu.cfs_quota_us.

	Introduce the function virCgroupForVcpu
	Introduce the function virCgroupForVcpu() to create sub directory for each vcpu.

2011-07-21  Lai Jiangshan  <laijs@cn.fujitsu.com>

	qemu: send-key: Implement the driver methods
	qemu driver just accept xt_kbd codeset's keycode, so the lib virtkey
	is used for translating keycodes from other codesets

	send-key: Expose the new API in virsh
	Also support string names for the linux keycode(auto detect)
	* tools/virsh.c: add new command "send-key"
	* tools/virsh.pod: documents the new command

	util: add virtkeycode module
	Add virtkey lib for usage-improvment and keycode translating.
	Add 4 internal API for the aim

	const char *virKeycodeSetTypeToString(int codeset);
	int virKeycodeSetTypeFromString(const char *name);
	int virKeycodeValueFromString(virKeycodeSet codeset, const char *keyname);
	int virKeycodeValueTranslate(virKeycodeSet from_codeset,
	                             virKeycodeSet to_offset,
	                             int key_value);

	* include/libvirt/libvirt.h.in: extend virKeycodeSet enum
	* src/Makefile.am: add new virtkeycode module and rule to generate
	  virkeymaps.h
	* src/util/virkeycode.c src/util/virkeycode.h: new module
	* src/util/virkeycode-mapgen.py: python generator for virkeymaps.h
	  out of keymaps.csv
	* src/libvirt_private.syms: extend private symbols for new module
	* .gitignore: add generated virkeymaps.h

	util: Add keymaps.csv
	Should keep it as the same as:
	http://git.gnome.org/browse/gtk-vnc/commit/src/keymaps.csv

	All master  keymaps are defined in a CSV file. THis covers
	Linux keycodes, OSX keycodes, AT set1, 2 & 3, XT keycodes,
	the XT encoding used by the Linux KBD driver, USB keycodes,
	Win32 keycodes, the XT encoding used by Xorg on Cygwin,
	the XT encoding used by Xorg on Linux with kbd driver.

	* src/Makefile.am: added to EXTRA_DIST
	* src/util/keymaps.csv: new file

2011-07-21  Eric Blake  <eblake@redhat.com>

	maint: fix typos on guaranteed
	* src/conf/domain_event.c (virDomainEventDispatch): Fix typo.
	* src/internal.h (ATTRIBUTE_FMT_PRINTF): Likewise.
	* src/libvirt.c (virStreamEventUpdateCallback): Likewise.
	* src/remote/remote_driver.c (doRemoteOpen): Likewise.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Likewise.
	* src/util/virterror.c (virConnCopyLastError, virCopyLastError):
	Likewise.
	* src/xen/xend_internal.h (xend_wait_for_devices): Likewise.

2011-07-21  Cole Robinson  <crobinso@redhat.com>

	rpc: Pass through DISPLAY so ssh can launch askpass
	Though we prefer users to have SSH keys setup, virt-manager users still
	depend on remote SSH connections to launch a password dialog. This fixes
	launch ssh-askpass

	Fix suggested by danpb

2011-07-20  Michal Privoznik  <mprivozn@redhat.com>

	sysinfo: Don't try to run dmidecode on archs missing it
	DMI table is Intel & Intel-compatible specific. Therefore other
	architectures miss dmidecode command. So we always fail in searching
	for that command on non-Intel architectures.

2011-07-20  Guannan Ren  <gren@redhat.com>

	Don't try to close a NULL virNetClientPtr
	* src/rpc/virnetclient.c: Skip close attempt if virNetClientPtr
	  is NULL

2011-07-20  Daniel P. Berrange  <berrange@redhat.com>

	Honour key usage/purpose criticality flag
	If a key purpose or usage field is marked as non-critical in the
	certificate, then a data mismatch is not (ordinarily) a cause for
	rejecting the connection

	* src/rpc/virnettlscontext.c: Honour key usage/purpose criticality

	Fix checking of key usage/purpose data
	If key usage or purpose data is not present in the cert, the
	RFC recommends that access be allowed. Also fix checking of
	key usage to include requirements for client/server certs,
	and fix key purpose checking to treat data as a list of bits

	Fix mixed up error messages when reporting TLS certificate problems
	* src/rpc/virnettlscontext.c: Fix mixed up error messages

2011-07-20  Michal Privoznik  <mprivozn@redhat.com>

	udev: Don't try to dump DMI on non-intel archs
	DMI is Intel & Intel-compatible specific. Don't try to dump information
	on non-compatible architectures, which results only in error message in
	logs.

2011-07-20  Eric Blake  <eblake@redhat.com>

	build: fix broken build
	* src/libxl/libxl_driver.c (libxlDomainUndefineFlags): Use correct
	enum value.
	* src/remote_protocol-structs (remote_procedure): Likewise.

2011-07-20  Osier Yang  <jyang@redhat.com>

	undefine: Extend virsh undefine to support the new flag
	If the domain has managed save image, and --managed-save is
	not specified, then it fails with an error telling the user
	that a managed save image still exists.

	If the domain has managed save image, and --managed-save is
	specified, it invokes virDomainUndefineFlags. If
	virDomainUndefineFlags fails, then it tries to remove the managed
	save image using virDomainManagedSaveRemove first, with
	invoking virDomainUndefine following. (For compatibility between
	new virsh with this patch and older libvirt without this patch).

	Similarly if the domain has no managed save image. See the codes for
	detail.

	NOTE: Have not removing the codes checking if the domain is running
	in function "cmdUndefine", it will go along with qemu driver's fix
	(allow to undefine a running domain).

	undefine: Implement undefineFlags for all other drivers

	undefine: Implement internal API for libxl driver
	* src/libxl/libxl_driver.c: New callback for libxl_driver,
	new function libxlDomainUndefineFlags, and changes libxlDomainUndefine
	as a wrapper of libxlDomainUndefineFlags.

	undefine: Implement internal API for qemu driver
	* src/qemu/qemu_driver.c: New call back for qemu_driver,
	New function qemudDomainUndefineFlags, and changes on
	qemudDomainUndefine.

	undefine: Wire up the remote protocol

	undefine: Define the new API
	This introduces a new API virDomainUndefineFlags to control the
	domain undefine process, as the existing API virDomainUndefine
	doesn't support flags.

	Currently only flag VIR_DOMAIN_UNDEFINE_MANAGED_SAVE is supported.
	If the domain has a managed save image, including
	VIR_DOMAIN_UNDEFINE_MANAGED_SAVE in @flags will also remove that
	file, and omitting the flag will cause undefine process to fail.

	This patch also changes the behavior of virDomainUndefine, if the
	domain has a managed save image, the undefine will be refused.

2011-07-20  Eric Blake  <eblake@redhat.com>

	maint: fix spelling of Red Hat
	* cfg.mk (sc_copyright_format): Add to rule.
	* src/util/files.h: Fix offenders.
	* src/util/files.c: Likewise.

2011-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Add sanity checking of basic constraints, key purpose & key usage
	Gnutls requires that certificates have basic constraints present
	to be used as a CA certificate. OpenSSL doesn't add this data
	by default, so add a sanity check to catch this situation. Also
	validate that the key usage and key purpose constraints contain
	correct data

	* src/rpc/virnettlscontext.c: Add sanity checking of certificate
	  constraints

	Add some basic sanity checking of certificates before use
	If the libvirt daemon or libvirt client is configured with bogus
	certificates, it is very unhelpful to only find out about this
	when a TLS connection is actually attempted. Not least because
	the error messages you get back for failures are incredibly
	obscure.

	This adds some basic sanity checking of certificates at the
	time the virNetTLSContext object is created. This is at libvirt
	startup, or when creating a virNetClient instance.

	This checks that the certificate expiry/start dates are valid
	and that the certificate is actually signed by the CA that is
	loaded.

	* src/rpc/virnettlscontext.c: Add certificate sanity checks

	Fix reporting of errors for p2p migration
	Starting/ending jobs when closing the connection may reset any
	error which was reported earlier in p2p migration. We must
	save the original error before doing so. This means we can also
	just call virConnectClose as normal, instead of virUnrefConnect

	* src/qemu/qemu_migration.c: Preserve errors in p2p migration

	Add an explicit virNetClientClose method
	Since the I/O callback registered against virNetSocket will
	hold a reference on the virNetClient, we can't rely on the
	virNetClientFree to be able to close the network connection.
	The last reference will only go away when the event callback
	fires (likely due to EOF from the server).

	This is sub-optimal and can potentially cause a leak of the
	virNetClient object if the server were to not explicitly
	close the socket itself

	* src/remote/remote_driver.c: Explicitly close the client
	  object when disconnecting
	* src/rpc/virnetclient.c, src/rpc/virnetclient.h: Add a
	  virNetClientClose method

	Use a virFreeCallback on virNetSocket to ensure safe release
	When unregistering an I/O callback from a virNetSocket object,
	there is still a chance that an event may come in on the callback.
	In this case it is possible that the virNetSocket might have been
	freed already. Make use of a virFreeCallback when registering
	the I/O callbacks and hold a reference for the entire time the
	callback is set.

	* src/rpc/virnetsocket.c: Register a free function for the
	  file handle watch
	* src/rpc/virnetsocket.h, src/rpc/virnetserverservice.c,
	  src/rpc/virnetserverclient.c, src/rpc/virnetclient.c: Add
	  a free function for the socket I/O watches

	Add mutex locking and reference counting to virNetSocket
	Remove the need for a virNetSocket object to be protected by
	locks from the object using it, by introducing its own native
	locking and reference counting

	* src/rpc/virnetsocket.c: Add locking & reference counting

	Add some debugging for virNetClient reference counting
	* src/rpc/virnetclient.c: Add debugging of ref counts

2011-07-19  Eric Blake  <eblake@redhat.com>

	build: detect doc generation failure
	Commit 8665f85 introduced a slight regression in doc generation,
	since make only quits a rule on the first failed command ending
	with a newline rather than a semicolon.

	* docs/Makefile.am (html/index.html): Don't use xmllint unless
	xsltproc succeeded.
	* .gitignore: Ignore recently updated stamp file name.

2011-07-19  Alex Jia  <ajia@redhat.com>

	util: avoid fds leak when virEventPollAddHandle fail
	* src/util/event_poll.c: avoid file descriptors leak when
	  virEventPollAddHandle fail on virEventPollInit function.

2011-07-19  Eric Blake  <eblake@redhat.com>

	Revert "virsh: make migrate --tunnelled imply --p2p"
	This reverts commit 40143fb697c3cb042197632c0286e7dadf40afd4.

	The patch prevents future compatibility if migration ever learns
	how to do tunnelled without p2p.

2011-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Unregister event callback if a fatal error occurs during dispatch
	If we get an I/O error in the async event callback for an RPC
	client, we might not have consumed all pending data off the
	wire. This could result in the callback being immediately
	invoked again. At which point the same I/O might occur. And
	we're invoked again. And again...And again...

	Unregistering the async event callback if an error occurs is
	a good safety net. The real error will be seen when the next
	RPC method is invoked

	* src/rpc/virnetclient.c: Unregister event callback on error

	Quieten build & ensure API build scripts exit with non-zero status
	The current API build scripts will continue and exit with a zero
	status even if they find problems. This has been the cause of many
	build problems, or hidden build errors, in the past. Change the
	scripts so they always exit with a non-zero status for any problems
	they do not understand. Also turn off all debug output by default
	so they respect $(AM_V_GEN)

	* docs/Makefile.am: Use $(AM_V_GEN) for API/HTML scripts
	* docs/apibuild.py, python/generator.py: Exit with non-zero status
	  if problems are found. Also be silent, not outputting any debug
	  messages.
	* src/Makefile.am: Use $(AM_V_GEN) for ESX generator
	* python/Makefile.am: Tweak rule

2011-07-19  Osier Yang  <jyang@redhat.com>

	tests: Fix virshtest failure after dominfo changed
	Caused by the new changed "dominfo" command.

	virsh: Extend virsh dominfo to display if managed save image exists
	* tools/virsh.c: new column "Managed save" for "cmdDominfo".
	* tools/virsh.pod: Update document of "managedsave" to tell one can
	  use "dominfo" to query whether a domain has any managed save image.

	doc: Correct documents for iface commands
	The problems:
	    * Duplicate documents for "iface-name"
	    * Lacks of document for "iface-mac"
	    * Inconsistent option names with virsh help strings.

2011-07-19  Eric Blake  <eblake@redhat.com>

	virsh: make migrate --tunnelled imply --p2p
	We can make the virsh migrate UI friendlier by supplying the
	missing bit automatically instead of erroring out when requesting
	--tunnelled without --p2p.

	* tools/virsh.c (doMigrate): Make --p2p optional when using
	--tunnelled.
	* tools/virsh.pod (migrate): Tweak wording accordingly.

	libvirt: do not mix internal flags into public API
	There were two API in driver.c that were silently masking flags
	bits prior to calling out to the drivers, and several others
	that were explicitly masking flags bits.  This is not
	forward-compatible - if we ever have that many flags in the
	future, then talking to an old server that masks out the
	flags would be indistinguishable from talking to a new server
	that can honor the flag.  In general, libvirt.c should forward
	_all_ flags on to drivers, and only the drivers should reject
	unknown flags.

	In the case of virDrvSecretGetValue, the solution is to separate
	the internal driver callback function to have two parameters
	instead of one, with only one parameter affected by the public
	API.  In the case of virDomainGetXMLDesc, it turns out that
	no one was ever mixing VIR_DOMAIN_XML_INTERNAL_STATUS with
	the dumpxml path in the first place; that internal flag was
	only used in saving and restoring state files, which happened
	to be in functions internal to a single file, so there is no
	mixing of the internal flag with a public flags argument.
	Additionally, virDomainMemoryStats passed a flags argument
	over RPC, but not to the driver.

	* src/driver.h (VIR_DOMAIN_XML_FLAGS_MASK)
	(VIR_SECRET_GET_VALUE_FLAGS_MASK): Delete.
	(virDrvSecretGetValue): Separate out internal flags.
	(virDrvDomainMemoryStats): Provide missing flags argument.
	* src/driver.c (verify): Drop unused check.
	* src/conf/domain_conf.h (virDomainObjParseFile): Delete
	declaration.
	(virDomainXMLInternalFlags): Move...
	* src/conf/domain_conf.c: ...here.  Delete redundant include.
	(virDomainObjParseFile): Make static.
	* src/libvirt.c (virDomainGetXMLDesc, virSecretGetValue): Update
	clients.
	(virDomainMemoryPeek, virInterfaceGetXMLDesc)
	(virDomainMemoryStats, virDomainBlockPeek, virNetworkGetXMLDesc)
	(virStoragePoolGetXMLDesc, virStorageVolGetXMLDesc)
	(virNodeNumOfDevices, virNodeListDevices, virNWFilterGetXMLDesc):
	Don't mask unknown flags.
	* src/interface/netcf_driver.c (interfaceGetXMLDesc): Reject
	unknown flags.
	* src/secret/secret_driver.c (secretGetValue): Update clients.
	* src/remote/remote_driver.c (remoteSecretGetValue)
	(remoteDomainMemoryStats): Likewise.
	* src/qemu/qemu_process.c (qemuProcessGetVolumeQcowPassphrase):
	Likewise.
	* src/qemu/qemu_driver.c (qemudDomainMemoryStats): Likewise.
	* daemon/remote.c (remoteDispatchDomainMemoryStats): Likewise.

2011-07-19  Alex Jia  <ajia@redhat.com>

	virsh: avoid double free of domain
	* tools/virsh.c: avoid double free of domain, when weight value of blkiotune
	  less than 0, codes will free domain and jump to cleanup section, however,
	  cleanup will free domain again.

	Detected in valgrind run:

	==21297== ERROR SUMMARY: 20 errors from 20 contexts (suppressed: 69 from 8)
	==21297==
	==21297== 1 errors in context 1 of 20:
	==21297== Invalid read of size 4
	==21297==    at 0x40E209B: virDomainFree (libvirt.c:2096)
	==21297==    by 0x8065274: cmdBlkiotune (virsh.c:3695)
	==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
	==21297==    by 0x806B967: main (virsh.c:14487)
	==21297==  Address 0x446ad48 is 0 bytes inside a block of size 36 free'd
	==21297==    at 0x4005B0A: free (vg_replace_malloc.c:325)
	==21297==    by 0x406814D: virFree (memory.c:310)
	==21297==    by 0x40D6635: virReleaseDomain (datatypes.c:243)
	==21297==    by 0x40D6C5E: virUnrefDomain (datatypes.c:280)
	==21297==    by 0x40E20B9: virDomainFree (libvirt.c:2101)
	==21297==    by 0x8065297: cmdBlkiotune (virsh.c:3613)
	==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
	==21297==    by 0x806B967: main (virsh.c:14487)
	==21297==
	==21297==
	==21297== 1 errors in context 2 of 20:
	==21297== Invalid read of size 4
	==21297==    at 0x40E1FE6: virDomainFree (libvirt.c:2092)
	==21297==    by 0x8065274: cmdBlkiotune (virsh.c:3695)
	==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
	==21297==    by 0x806B967: main (virsh.c:14487)
	==21297==  Address 0x446ad48 is 0 bytes inside a block of size 36 free'd
	==21297==    at 0x4005B0A: free (vg_replace_malloc.c:325)
	==21297==    by 0x406814D: virFree (memory.c:310)
	==21297==    by 0x40D6635: virReleaseDomain (datatypes.c:243)
	==21297==    by 0x40D6C5E: virUnrefDomain (datatypes.c:280)
	==21297==    by 0x40E20B9: virDomainFree (libvirt.c:2101)
	==21297==    by 0x8065297: cmdBlkiotune (virsh.c:3613)
	==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
	==21297==    by 0x806B967: main (virsh.c:14487)

	* how to reproduce?
	  % valgrind -v --leak-check=full virsh blkiotune guestname --weight -1

2011-07-19  Eric Blake  <eblake@redhat.com>

	docs: improve virsh man page synopses
	"optional" is not a very good meta-syntactic construct in our man
	page.  I scrubbed this, and additionally improved some documentation
	on mutually exclusive options.  For example,

	[[--live] [--config] | [--current]]

	implies a set of optional flags, where within the set you can have
	either --current or a choice of 0, 1, or both --live and --config.

	* tools/virsh.pod: Use "[name]" rather than "optional name" for
	optional arguments.

2011-07-19  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix protocol-structs check in VPATH build
	$@ already included $(srcdir)

2011-07-18  Daniel P. Berrange  <berrange@redhat.com>

	Fix now dead cleanup of VMs on libvirtd restart
	When libvirtd restarts it will attempt to reconnect to existing
	LXC containers. If it loads a XML state file for the container
	the container will appear running. If we fail to read the PID
	file, or fail to connect to the LXC monitor, we should be killing
	off the guest, but if the VMs cgroup does not exist any more,
	cleanup will get skipped. Reading the PID file is also pointless
	since the PID is in the XML statefile

	In lxcReconnectVM we do not need to read the PID file. If part
	of the reconnect process fails we need to run the VM terminate
	code as a safety net.

	In lxcVMTerminate, if we can't obtain the VM cgroup, we know
	the process has died, but we must still run lxcVMCleanup to
	clear out the virDomainObjPtr live state

	* src/lxc/lxc_driver.c: Fix cleanup of dead VMs on restart

2011-07-18  Michal Privoznik  <mprivozn@redhat.com>

	docs: Fix spice documentation typo
	We missed ending tag for paragraph element

2011-07-17  Osier Yang  <jyang@redhat.com>

	rpc: Fix typos in rpc generator scripts
	These typos are introduced by file renaming in commit b17b4afaf.

	src/remote/qemu_protocol.x \
	src/remote/remote_protocol.x \
	src/rpc/gendispatch.pl:
	    s/remote_generator/gendispatch/

	src/rpc/genprotocol.pl:
	    s/remote\/remote_protocol/remote_protocol/

2011-07-16  Osier Yang  <jyang@redhat.com>

	qemu: Fix a regression of attaching device
	The regression is introduced by Commit da1eba6b, the new
	codes with this commit doesn't reset "ret" to "-1" when
	it fails on parsing the device XML (live device attachment)

	This patch changes the codes to reset the "ret" and "-1",
	and also changes the codes so that it don't modify "ret"
	for condition checking.

	How to reproduce:

	% cat test.xml
	<disk type='oops' device='disk'>
	  <driver name='qemu' type='raw'/>
	  <source file='/var/lib/libvirt/images/test.img'/>
	  <target dev='vda' bus='virtio'/>
	</disk>

	% virsh attach-device $domain test.xml
	Device attached successfully

	The device attachment failed actually with error "unknown disk type 'oops'",
	however, it reports success.

2011-07-16  Eric Blake  <eblake@redhat.com>

	build: also track RPC on-wire enum values
	As long as we guarantee RPC struct layout stability, we might as
	well also guarantee RPC enum value constancy.

	* src/Makefile.am (r1, r2, PDWTAGS): Adjust rule to pick up named
	and anonymous enums.
	* src/remote_protocol-structs: Add enum values.
	* src/qemu_protocol-structs: Likewise.
	* src/virnetprotocol-structs: Likewise.

	docs: document dxml argument to migrate2
	Commit 135554166 introduced a nice feature without documenting it.

	* src/libvirt.c (virDomainMigrate2): Add paragraph.

	build: add syntax check for proper flags use
	Enforce the recent flags cleanups - we want to use 'unsigned int flags'
	in any of our APIs (except where backwards compatibility is important,
	in the public migration APIs), and that all flags are checked for
	validity (except when there are stub functions that completely
	ignore the flags argument).

	There are a few minor tweaks done here to avoid false positives:
	signed arguments passed to open() are renamed oflags, and flags
	arguments that are legitimately ignored are renamed flags_unused.

	* cfg.mk (sc_flags_usage): New rule.
	(exclude_file_name_regexp--sc_flags_usage): And a few exemptions.
	(sc_flags_debug): Tweak wording.
	* src/util/iohelper.c (runIO, main): Rename variable.
	* src/util/util.c (virSetInherit): Likewise.
	* src/fdstream.h (virFDStreamOpenFile, virFDStreamCreateFile):
	Likewise.
	* src/fdstream.c (virFDStreamOpenFileInternal)
	(virFDStreamOpenFile, virFDStreamCreateFile): Likewise.
	* src/util/command.c (virExecWithHook) [WIN32]: Likewise.
	* src/util/util.c (virFileOpenAs, virDirCreate) [WIN32]: Likewise.
	* src/locking/lock_manager.c (virLockManagerPluginNew)
	[!HAVE_DLFCN_H]: Likewise.
	* src/locking/lock_driver_nop.c (virLockManagerNopNew)
	(virLockManagerNopAddResource, virLockManagerNopAcquire)
	(virLockManagerNopRelease, virLockManagerNopInquire): Likewise.

	xen: reject unknown flags
	Also fix a logic bug in xenXMDomain{Attach,Detach}DeviceFlags,
	where (flags & VIR_DOMAIN_DEVICE_MODIFY_CURRENT) is always false.

	* src/xen/xen_driver.c (xenUnifiedDomainXMLFromNative)
	(xenUnifiedDomainXMLToNative, xenUnifiedDomainBlockPeek): Reject
	unknown flags.
	* src/xen/xen_hypervisor.c (xenHypervisorOpen)
	(xenHypervisorGetDomainState): Likewise.
	* src/xen/xen_inotify.c (xenInotifyOpen): Likewise.
	* src/xen/xs_internal.c (xenStoreOpen, xenStoreDomainGetState)
	(xenStoreDomainReboot): Likewise.
	* src/xen/xend_internal.c (xenDaemonOpen, xenDaemonDomainReboot)
	(xenDaemonDomainCoreDump, xenDaemonDomainGetState)
	(xenDaemonDomainMigratePrepare, xenDaemonDomainSetVcpusFlags,
	xenDaemonDomainGetVcpusFlags, xenDaemonAttachDeviceFlags,
	xenDaemonDetachDeviceFlags): Likewise.
	(xenDaemonDomainGetXMLDesc): Prefer unsigned flags.
	* src/xen/xend_internal.h (xenDaemonDomainGetXMLDesc): Likewise.
	* src/xen/xm_internal.h (xenXMDomainGetXMLDesc): Likewise.
	* src/xen/xm_internal.c (xenXMDomainGetXMLDesc): Likewise.
	(xenXMOpen, xenXMDomainGetState, xenXMDomainSetVcpusFlags)
	(xenXMDomainGetVcpusFlags): Reject unknown flags.
	(xenXMDomainAttachDeviceFlags, xenXMDomainDetachDeviceFlags):
	Likewise, and avoid always-false conditional.
	* src/xen/xen_driver.h (XEN_MIGRATION_FLAGS): New define.

	esx: reject unknown flags
	Silently ignored flags get in the way of new features that
	use those flags.

	Regarding ESX migration flags - right now, ESX silently enforces
	VIR_MIGRATE_PERSIST_DEST, VIR_MIGRATE_UNDEFINE_SOURCE, and
	VIR_MIGRATE_LIVE, even if those flags were not supplied; it ignored
	other flags.  This patch does not change the implied bits (it permits
	but does not require them), but enforces only the supported bits.
	If further cleanup is needed to be more particular about migration
	flags, that should be a separate patch.

	* src/esx/esx_device_monitor.c (esxDeviceOpen): Reject unknown
	flags.
	* src/esx/esx_driver.c (esxOpen, esxDomainReboot)
	(esxDomainXMLFromNative, esxDomainXMLToNative)
	(esxDomainMigratePrepare, esxDomainMigratePerform)
	(esxDomainMigrateFinish): Likewise.
	* src/esx/esx_interface_driver.c (esxInterfaceOpen): Likewise.
	* src/esx/esx_network_driver.c (esxNetworkOpen): Likewise.
	* src/esx/esx_nwfilter_driver.c (esxNWFilterOpen): Likewise.
	* src/esx/esx_secret_driver.c (esxSecretOpen): Likewise.
	* src/esx/esx_storage_driver.c (esxStorageOpen): Likewise.

	virsh: improve option handling
	The documentation for vshCommandOptString claims that it returns
	-1 on a missing required argument, but in reality, that error
	message was unreachable (it was buried inside an if clause that
	is true only if the argument was present).  The code was so hairy
	that I decided a rewrite would make it easier to understand,
	and actually return the error values we want.

	Meanwhile, our construction guarantees that all vshCmdOpt have
	a non-null def member, so there are some redundant checks that
	can be trimmed.

	* tools/virsh.c (vshCommandOpt): Alter signature.
	(vshCommandOptInt, vshCommandOptUInt, vshCommandOptUL)
	(vshCommandOptString, vshCommandOptLongLong)
	(vshCommandOptULongLong, vshCommandOptBool): Adjust all callers.
	(vshCommandOptArgv): Remove dead condition.

	flags: fix domain_conf migration regression
	Commit 461e0f1a broke migration, because there was a code path
	that tried to enable an internal flag while still going through
	the public function.  Split the internal flag into a separate
	callback, and validate that flags do not overlap.

	* src/conf/domain_conf.c (virDomainDefFormat): Split...
	(virDomainDefFormatInternal): ...to separate the flag check.
	(virDomainObjFormat): Adjust caller.

2011-07-16  Dave Allan  <dallan@redhat.com>

	website: Point main page links to libvirt driver pages
	The "libvirt supports:" section on the main page of libvirt.org
	contains a list of hypervisors with links that point to the sites of
	the underlying virt technologies.  The entry for KVM points to
	http://www.linux-kvm.org/, for example.  People coming to libvirt.org
	for the first time are likely to know about those sites, and they're
	probably interested in how libvirt manages those technologies.  This
	patch points those links to the libvirt driver pages instead.  It also
	consolidates KVM and QEMU as there is only one libvirt driver page for
	them.  Finally, it adds a line about networking support.

	v2: incorporate Eric's feedback adding project links to driver pages.

	website: Add project links to KVM/QEMU driver page
	website: Add project links to Xen driver page
	website: Add project links to LXC driver page
	website: Add project links to OpenVZ driver page
	website: Add project links to UML driver page
	website: Add project links to Virtualbox driver page
	website: Add project links to ESX driver page
	website: Add project links to VMware driver page

2011-07-16  Eric Blake  <eblake@redhat.com>

	flags: fix qemu migration regression
	Commit f548480b broke migration v3 on qemu, because the driver
	passed flags on through to qemu_migration even though
	qemu_migration wasn't using those flags.

	* src/qemu/qemu_migration.h (QEMU_MIGRATION_FLAGS): New define.
	* src/qemu/qemu_driver.c: Simplify all migration callbacks.
	* src/qemu/qemu_migration.c (qemuMigrationConfirm): Fix regression.

	flags: use common dumpxml flags check
	The previous patches only cleaned up ATTRIBUTE_UNUSED flags cases;
	auditing the drivers found other places where flags was being used
	but not validated.  In particular, domainGetXMLDesc had issues with
	clients accepting a different set of flags than the common
	virDomainDefFormat helper function.

	* src/conf/domain_conf.c (virDomainDefFormat): Add common flag check.
	* src/uml/uml_driver.c (umlDomainAttachDeviceFlags)
	(umlDomainDetachDeviceFlags): Reject unknown
	flags.
	* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc)
	(vboxDomainAttachDeviceFlags)
	(vboxDomainDetachDeviceFlags): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainMemoryPeek): Likewise.
	(qemuDomainGetXMLDesc): Document common flag handling.
	* src/libxl/libxl_driver.c (libxlDomainGetXMLDesc): Likewise.
	* src/lxc/lxc_driver.c (lxcDomainGetXMLDesc): Likewise.
	* src/openvz/openvz_driver.c (openvzDomainGetXMLDesc): Likewise.
	* src/phyp/phyp_driver.c (phypDomainGetXMLDesc): Likewise.
	* src/test/test_driver.c (testDomainGetXMLDesc): Likewise.
	* src/vmware/vmware_driver.c (vmwareDomainGetXMLDesc): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainGetXMLDesc): Likewise.

	maint: fix typos
	Our XML prefers "shareable" over "sharable".

	* docs/internals/locking.html.in: s/sharable/shareable/
	* src/locking/lock_driver_sanlock.c
	(virLockManagerSanlockAddResource): Likewise.

2011-07-16  Hu Tao  <hutao@cn.fujitsu.com>

	add --cache, --serial, --shareable and --address to attach-disk
	This adds four options for virsh command attach-disk.

	--cache option allows user to specify cache mode of disk device
	from virsh command line when attaching a disk device.

	--serial option allows user to specify serial string of disk device
	from virsh command line when attaching a disk device.

	--shareable option allows user to specify whether the disk device is
	shareable between domains when attaching a disk device from virsh
	command line.

	--address option allows user to specify address of disk device when
	attaching a disk device.

2011-07-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix error message for missing TLS write function
	* src/rpc/virnettlscontext.c: s/read/write/

	Fix reporting of cert validation failures
	If the server succesfully validates the client cert, it will send
	back a single byte, under TLS. If it fails, it will close the
	connection. In this case, we were just reporting the standard
	I/O error. The original RPC code had a special case hack for the
	GNUTLS_E_UNEXPECTED_PACKET_LENGTH error code to make us report
	a more useful error message

	* src/rpc/virnetclient.c: Return ENOMSG if we get
	  GNUTLS_E_UNEXPECTED_PACKET_LENGTH
	* src/rpc/virnettlscontext.c: Report cert failure if we
	  see ENOMSG

2011-07-15  Dave Allan  <dallan@redhat.com>

	Fix error code for storage operations
	Many volume operations will fail if the volume in question is being
	allocated.  These operations were returning VIR_ERR_INTERNAL_ERROR
	when they should be returning VIR_ERR_OPERATION_INVALID.

2011-07-15  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	setvcpus: add "--current" option to "virsh setvcpus"
	This patch adds the --current option to "virsh setvcpus"
	command. Currently "virsh setvcpus" command supports
	"--live" and "--config" , but "--current" option.
	From view of consistency, it's reasonable to support
	"--current" option too.

	When --current is specified, it affects a "current"
	domain.

	setvcpus: extend qemuDomainSetVcpusFlags() to support current flag
	This patch extends qemudDomainSetVcpusFlags() function to support
	VIR_DOMAIN_AFFECT_CURRENT flag.

	setvcpus: extend virDomainSetVcpusFlags API to support current flag
	This patch extends virDomainSetVcpusFlags API to support
	VIR_DOMAIN_AFFECT_CURRENT flag.

	Now because most APIs accept VIR_DOMAIN_AFFECT_CURRENT flags,
	virDomainSetVcpusFlags API should also do.

2011-07-15  Daniel P. Berrange  <berrange@redhat.com>

	Add domain events support to UML driver
	* src/uml_conf.h: Add queue for dispatch of domain events
	* src/uml_driver.c: Trigger domain events upon important lifecycle transitions

2011-07-15  Eric Blake  <eblake@redhat.com>

	docs: mention EMOTIVE as a libvirt-using app
	* docs/apps.html.in: Add EMOTIVE.
	Reported by Alex Vaqué Brull <memfis@gmail.com>.

	virnetsocket: use new API for uniform child cleanup
	Rather than trying to clean up the ssh child ourselves, and risk
	subtle differences from the socket creation error path, we can
	just use the new APIs.

	* src/rpc/virnetsocket.c (virNetSocketFree): Use new function.

	fdstream: avoid child process leak on error
	By requesting the pid in virCommandRunAsync, fdstream was claiming
	that it would manually wait for the process.  But on the failure
	path, the child process was being leaked.

	* src/fdstream.c (virFDStreamOpenFileInternal): Auto-reap child.

	command: introduce virPidWait, virPidAbort
	When using virCommandRunAsync and saving the pid for later, it
	is useful to be able to reap that pid in the same way that it
	would have been auto-reaped by virCommand if we had passed
	NULL for the pid argument in the first place.

	* src/util/command.c (virPidWait, virPidAbort): New functions,
	created from...
	(virCommandWait, virCommandAbort): ...bodies of these.
	(includes): Drop duplicate <stdlib.h>.  Ensure that our pid_t
	assumptions hold.
	(virCommandRunAsync): Improve documentation.
	* src/util/command.h (virPidWait, virPidAbort): New prototypes.
	* src/libvirt_private.syms: Export them.
	* docs/internals/command.html.in: Document them.

2011-07-15  Jamie Strandboge  <jamie@canonical.com>

	update apparmor security driver for new udev paths
	In the Ubuntu development release we recently got a new udev that
	moves /var/run to /run, /var/lock to /run/lock and /dev/shm to /run/shm.
	This change in udev requires updating the apparmor security driver in
	libvirt[1].

	Attached is a patch that:
	 * adjusts src/security/virt-aa-helper.c to allow both
	LOCALSTATEDIR/run/libvirt/**/%s.pid and /run/libvirt/**/%s.pid. While
	the profile is not as precise, LOCALSTATEDIR/run/ is typically a symlink
	to /run/ anyway, so there is no additional access (remember that
	apparmor resolves symlinks, which is why this is still required even
	if /var/run points to /run).
	 * adjusts example/apparmor/libvirt-qemu paths for /dev/shm

	[1]https://launchpad.net/bugs/810270

	--
	Jamie Strandboge             | http://www.canonical.com

2011-07-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	xenapi: Improve error reporting in xenapiOpen
	Use better suited error code and avoid NULL in error messsage
	as *privP->session->error_description can be NULL.

2011-07-14  Eric Blake  <eblake@redhat.com>

	build: fix VPATH build of todo
	Without this patch, the make rule in a VPATH build was trying to
	invoke ../../docs/../../docs/todo.pl, which didn't exist.

	* docs/Makefile.am (todo.html.in): Using $< already implies
	$(srcdir) in GNU make VPATH situations.

	build: check for virnetprotocol on-the-wire stability
	Similar to the recent qemu_protocol-structs addition.

	* src/virnetprotocol-structs: New file.
	* src/Makefile.am (%_protocol-structs): Factor body...
	(PDWTAGS): ...into new helper macro.
	(virnetprotocol-structs): New rule.
	(PROTOCOL_STRUCTS): Add virnetprotocol-structs.

2011-07-14  Wen Congyang  <wency@cn.fujitsu.com>

	build: disable some drivers when building without libvirt daemon
	We disable some drivers when building without libvirtd in configure,
	but we do not do the same thing in libvirt.spec. It may break rpm
	building without libvirtd.

2011-07-14  Michal Privoznik  <mprivozn@redhat.com>

	storage: Avoid memory leak on metadata fetching
	Getting metadata on storage allocates a memory (path) which need to
	be freed after use otherwise it gets leaked. This means after use of
	virStorageFileGetMetadataFromFD or virStorageFileGetMetadata one
	must call virStorageFileFreeMetadata to free it. This function frees
	structure internals and structure itself.

2011-07-14  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't overwrite errors by closefd in error paths
	When qemuMonitorCloseFileHandle is called in error path, we need to
	preserve the original error since a possible further error when running
	closefd monitor command is not very useful to users.

	qemu: Save domain status ASAP after creating qemu process
	When creating new qemu process we saved domain status XML only after the
	process was fully setup and running. In case libvirtd was killed before
	the whole process finished, once libvirtd started again it didn't know
	anything about the new process and we end up with an orphaned qemu
	process. Let's save the domain status XML as soon as we know the PID so
	that libvirtd can kill the process on restart.

2011-07-14  Eric Blake  <eblake@redhat.com>

	build: avoid ATTRIBUTE_UNUSED in headers
	The compiler might optimize based on our declaration that something
	is unused.  Putting that declaration in the header risks getting
	out of sync with the actual implementation, so it belongs better
	only in the .c files.  We were mostly compliant, and a new syntax
	check will help us in the future.

	* cfg.mk (sc_avoid_attribute_unused_in_header): New syntax check.
	* src/nodeinfo.h (nodeGetCPUStats, nodeGetMemoryStats): Delete
	attribute already present in .c file.
	* src/qemu/qemu_domain.h (qemuDomainEventFlush): Likewise.
	* src/util/virterror_internal.h (virReportErrorHelper): Parameters
	are actually used by .c file.
	* src/xenxs/xen_sxpr.h (xenFormatSxprDisk): Adjust prototype.
	* src/xenxs/xen_sxpr.c (xenFormatSxprDisk): Delete unused argument.
	(xenFormatSxpr): Adjust caller.
	* src/xen/xend_internal.c (xenDaemonAttachDeviceFlags)
	(xenDaemonUpdateDeviceFlags): Likewise.
	Suggested by Daniel Veillard.

	remote: prefer unsigned flags
	* src/remote/remote_driver.c (call, remoteOpenSecondaryDriver):
	Prefer unsigned flags.

	conf: delete unused flags arguments
	For static functions not used as callbacks, there's no need to
	keep an unused parameter.

	* src/conf/domain_conf.c (virDomainChrDefParseTargetXML)
	(virDomainTimerDefParseXML, virDomainHostdevSubsysUsbDefParseXML)
	(virDomainVcpuPinDefParseXML): Drop unused parameter.
	(virDomainChrDefParseXML, virDomainDefParseXML)
	(virDomainHostdevDefParseXML): Update callers.
	(virDomainNetDefParseXML): Mark flags used.

2011-07-14  Supriya Kannery  <supriyak@linux.vnet.ibm.com>

	virsh: Update virsh man page
	Valid loglevel range for virsh  is 0-4. Update virsh man page
	accordingly. Also explain virsh ENV variables and values.

2011-07-14  Jiri Denemark  <jdenemar@redhat.com>

	virsh: fix previous patch
	The last patch breaks make check for two reasons. First, it reverses the
	condition but leaves default level unchanged, so instead of not printing
	anything but errors before the patch it now prints all debug messages by
	default. Second, you forgot to change -d5 option passed to virsh in
	tests/virsh-optparse to -d0; the script wants to see all debug messages.

2011-07-14  Supriya Kannery  <supriyak@linux.vnet.ibm.com>

	virsh: Make "DEBUG" loglevel the superset
	Aligning loglevel values of virsh to that of libvirt.
	"DEBUG"=0 loglevel, when specified through commandline or
	env variable, should log all the messages. "ERROR=4"
	should log only error messages.

	virsh: Avoid using magic numbers for logging
	Replace magic numbers with loglevel variables.

2011-07-14  Jiri Denemark  <jdenemar@redhat.com>

	util: Avoid duplicating virFileOpenAsNoFork in virFileOpenAs
	In 2f4d2496a88055a8343b3efca618522da8715d92 I didn't notice that one
	part of virFileOpenAs doesn't actually call to virFileOpenAsNoFork but
	rather includes a copy of the code from there.

2011-07-14  Eric Blake  <eblake@redhat.com>

	build: don't hand-roll cloexec code
	No need to repeat common code.

	* bootstrap.conf (gnulib_modules): Import calloc-posix.
	* src/util/bridge.c (brInit): Use virSetCloseExec.
	(brSetInterfaceUp): Adjust flags name.
	* src/uml/uml_driver.c (umlSetCloseExec): Delete.
	(umlStartVMDaemon): Use util version instead.

	conf: prefer unsigned flags
	* src/conf/cpu_conf.h (virCPUDefFormat, virCPUDefFormatBuf):
	Change flags type.
	* src/conf/cpu_conf.c (virCPUDefFormat, virCPUDefFormatBuf):
	Likewise.
	* src/conf/storage_conf.c (_virStoragePoolOptions): Likewise.
	* src/datatypes.h (_virConnect, _virStream): Likewise.

	python: prefer unsigned flags
	* python/libvirt-override.c (libvirt_virConnectOpenAuth)
	(libvirt_virDomainSnapshotListNames)
	(libvirt_virDomainRevertToSnapshot): Change flags type.

	node_device: avoid implicit int
	'unsigned a' and 'unsigned int a' are synonyms, but we generally
	always spell out the 'int' in that case.  Fixing this will avoid
	a false positive in the next syntax-check commit.

	* src/conf/node_device_conf.h (pci_config_address)
	(_virNodeDevCapsDef): Prefer 'unsigned int' over 'unsigned'.

	virsh, daemon: prefer unsigned flags
	* tools/virsh.c (vshCmdDef): Change flags type.
	* daemon/remote.c (remoteDispatchOpen): Likewise.

	xenapi: reject unknown flags
	* src/xenapi/xenapi_driver.c (xenapiOpen, xenapiDomainReboot):
	Reject unknown flags.
	(xenapiDomainGetXMLDesc): Likewise, and pass known flags through
	to XML generation.

	vmware: reject unknown flags
	* src/vmware/vmware_driver.c (vmwareOpen, vmwareDomainReboot)
	(vmwareDomainCreateXML, vmwareDomainCreateWithFlags): Reject
	unknown flags.

	vbox: reject unknown flags
	* src/vbox/vbox_driver.c (vboxOpenDummy): Reject unknown flags.
	* src/vbox/vbox_tmpl.c (vboxOpen, vboxDomainReboot)
	(vboxNetworkOpen, vboxNetworkGetXMLDesc, vboxStorageOpen)
	(vboxStorageVolCreateXML, vboxStorageVolDelete)
	(vboxStorageVolGetXMLDesc, vboxDomainScreenshot): Likewise.

	uml: reject unknown flags
	* src/uml/uml_driver.c (umlOpen, umlDomainGetXMLDesc)
	(umlDomainBlockPeek): Reject unknown flags.

	test: reject unknown flags
	* src/test/test_driver.c (testOpen, testDomainCoreDump)
	(testOpenNetwork, testNetworkGetXMLDesc, testOpenInterface)
	(testInterfaceChangeBegin, testInterfaceChangeCommit)
	(testInterfaceChangeRollback, testInterfaceGetXMLDesc)
	(testInterfaceDefineXML, testInterfaceCreate)
	(testInterfaceDestroy, testStorageOpen, testStoragePoolStart)
	(testStorageFindPoolSources, testStoragePoolCreate)
	(testStoragePoolDefine, testStoragePoolBuild)
	(testStoragePoolDelete, testStoragePoolRefresh)
	(testStoragePoolGetXMLDesc, testStorageVolumeCreateXML)
	(testStorageVolumeCreateXMLFrom, testStorageVolumeDelete)
	(testStorageVolumeGetXMLDesc, testDevMonOpen)
	(testNodeNumOfDevices, testNodeListDevices)
	(testNodeDeviceGetXMLDesc, testNodeDeviceCreateXML)
	(testSecretOpen, testNWFilterOpen): Reject unknown flags.

	qemu: reject unknown flags
	* src/qemu/qemu_driver.c (qemudOpen, qemuDomainScreenshot)
	(qemuDomainXMLFromNative, qemuDomainXMLToNative)
	(qemudDomainBlockPeek, qemuCPUCompare, qemuCPUBaseline): Reject
	unknown flags.
	* src/qemu/qemu_migration.c (qemuMigrationConfirm): Likewise.
	(_qemuMigrationCookie, qemuMigrationCookieXMLParse)
	(qemuMigrationCookieXMLParseStr, qemuMigrationBakeCookie)
	(qemuMigrationEatCookie): Make flags unsigned.
	* src/qemu/qemu_domain.h: (qemuDomainDefFormatXML)
	(qemuDomainFormatXML): Prefer unsigned flags.
	* src/qemu/qemu_domain.c (qemuDomainDefFormatXML)
	(qemuDomainFormatXML): Likewise.
	(qemuDomainOpenLogHelper, qemuDomainCreateLog): Rename variable.

	phyp: reject unknown flags
	* src/phyp/phyp_driver.c (phypOpen, phypDomainReboot)
	(phypVIOSDriverOpen): Reject unknown flags.

	openvz: reject unknown flags
	* src/openvz/openvz_driver.c (openvzDomainReboot, openvzOpen):
	Reject unknown flags.

	lxc: reject unknown flags
	* src/lxc/lxc_driver.c (lxcOpen, lxcDomainSetMemoryParameters)
	(lxcDomainGetMemoryParameters): Reject unknown flags.
	* src/lxc/lxc_container.c (lxcContainerStart): Rename flags to
	cflags to reflect that it is not tied to libvirt.

	libxl: reject unknown flags
	* src/libxl/libxl_driver.c (libxlOpen, libxlDomainReboot)
	(libxlDomainXMLFromNative, libxlDomainXMLToNative)
	(libxlDomainCreateWithFlags): Reject unknown flags.

2011-07-14  Nan Zhang  <nzhang@redhat.com>

	virsh: fix missing prompt message for 'snapshot-delete' command
	Make the command 'virsh snapshot-delete' has the appropriate prompt
	message when executing sucessful or failed.

2011-07-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: build failed due to unused variables
	While compiling on F15 build crashed (probably because of new GCC).

2011-07-13  Eric Blake  <eblake@redhat.com>

	storage: reject unknown flags
	* src/storage/storage_backend.c (virStorageBackendCreateBlockFrom)
	(virStorageBackendCreateQemuImg)
	(virStorageBackendCreateQcowCreate): Reject unknown flags.
	* src/storage/storage_backend_disk.c (virStorageBackendDiskBuildPool)
	(virStorageBackendDiskDeleteVol): Likewise.
	* src/storage/storage_backend_fs.c
	(virStorageBackendFileSystemNetFindPoolSources)
	(virStorageBackendFileSystemBuild)
	(virStorageBackendFileSystemDelete, createFileDir)
	(virStorageBackendFileSystemVolBuildFrom)
	(virStorageBackendFileSystemVolDelete): Likewise.
	* src/storage/storage_backend_iscsi.c
	(virStorageBackendISCSIFindPoolSources): Likewise.
	* src/storage/storage_backend_logical.c
	(virStorageBackendLogicalFindPoolSources)
	(virStorageBackendLogicalBuildPool)
	(virStorageBackendLogicalDeletePool)
	(virStorageBackendLogicalDeleteVol): Likewise.
	* src/storage/storage_driver.c (storageOpen, storagePoolCreate)
	(storagePoolDefine, storagePoolRefresh, storagePoolGetXMLDesc)
	(storageVolumeCreateXML, storageVolumeCreateXMLFrom)
	(storageVolumeGetXMLDesc): Likewise.

	node_device: reject unknown flags
	* src/node_device/node_device_driver.c (nodeNumOfDevices)
	(nodeListDevices, nodeDeviceGetXMLDesc, nodeDeviceCreateXML):
	Reject unknown flags.
	* src/node_device/node_device_hal.c (halNodeDrvOpen): Likewise.
	* src/node_device/node_device_udev.c (udevNodeDrvOpen): Likewise.

	util: reject unknown flags, and prefer unsigned flags
	Silently ignored flags get in the way of new features that
	use those flags.  Also, an upcoming syntax check will favor
	unsigned flags.

	* src/nodeinfo.h (nodeGetCPUStats, nodeGetMemoryStats): Drop
	unused attribute.
	* src/interface/netcf_driver.c (interfaceOpenInterface)
	(interfaceDefineXML, interfaceCreate, interfaceDestroy): Reject
	unknown flags.
	* src/network/bridge_driver.c (networkOpenNetwork)
	(networkGetXMLDesc): Likewise.
	* src/nwfilter/nwfilter_driver.c (nwfilterOpen): Likewise.
	* src/secret/secret_driver.c (secretOpen, secretDefineXML)
	(secretGetXMLDesc, secretSetValue): Likewise.
	* src/util/logging.c (virLogDefineFilter, virLogDefineOutput)
	(virLogMessage): Likewise; also use unsigned flags.
	* src/util/logging.h (virLogDefineFilter, virLogDefineOutput)
	(virLogMessage): Change signature.
	* src/util/command.c (virExecWithHook): Likewise.

	libvirt-qemu: use unsigned flags
	Like commit 1740c381, but for libvirt-qemu.

	* src/remote/qemu_protocol.x (qemu_monitor_command_args): Adjust
	type to match API.
	* src/qemu_protocol-structs: Update accordingly.

	maint: print flags in hex during debug
	Continuation of commit 313ac7fd, and enforce things with a syntax
	check.

	Technically, virNetServerClientCalculateHandleMode is not printing
	a mode_t, but rather a collection of VIR_EVENT_HANDLE_* bits;
	however, these bits are < 8, so there is no different in the
	output, and that was the easiest way to silence the new syntax check.

	* cfg.mk (sc_flags_debug): New syntax check.
	(exclude_file_name_regexp--sc_flags_debug): Add exemptions.
	* src/fdstream.c (virFDStreamOpenFileInternal): Print flags in
	hex, mode_t in octal.
	* src/libvirt-qemu.c (virDomainQemuMonitorCommand)
	(virDomainQemuAttach): Likewise.
	* src/locking/lock_driver_nop.c (virLockManagerNopInit): Likewise.
	* src/locking/lock_driver_sanlock.c (virLockManagerSanlockInit):
	Likewise.
	* src/locking/lock_manager.c: Likewise.
	* src/qemu/qemu_migration.c: Likewise.
	* src/qemu/qemu_monitor.c: Likewise.
	* src/rpc/virnetserverclient.c
	(virNetServerClientCalculateHandleMode): Print mode with %o.

	maint: exclude more files from syntax check
	* cfg.mk (VC_LIST_ALWAYS_EXCLUDE_REGEX): Exempt
	docs/api_extension/*.patch.
	(exclude_file_name_regexp--sc_prohibit_always_true_header_tests)
	(exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF)
	(exclude_file_name_regexp--sc_prohibit_fork_wrappers)
	(exclude_file_name_regexp--sc_trailing_blank): Simplify.
	(exclude_file_name_regexp--sc_prohibit_gettext_noop): Delete.
	(exclude_file_name_regexp--sc_prohibit_close)
	(exclude_file_name_regexp--sc_prohibit_nonreentrant)
	(exclude_file_name_regexp--sc_prohibit_sprintf): Tighten.

	util: honor anchored names when searching for executables
	I got bit in a debugging session on an uninstalled libvirtd; the
	code tried to call out to the installed $LIBEXECDIR/libvirt_iohelper
	instead of my just-built version.  So I set a breakpoint and altered
	the binary name to be "./src/libvirt_iohelper", and it still failed
	because I don't have "." on my PATH.

	According to POSIX, execvp only searches PATH if the name does
	not contain a slash.  Since we are trying to mimic that behavior,
	an anchored name should be relative to the current working dir.

	This tightens existing behavior, but most callers already pass
	an absolute name or a name with no slashes, so it probably won't
	be noticeable.

	* src/util/util.c (virFindFileInPath): Anchored relative names do
	not invoke a PATH search.

2011-07-13  Daniel P. Berrange  <berrange@redhat.com>

	Ensure signal handler propagates fatal signals to default handler
	When replacing the default SEGV/ABORT/BUS signal handlers you
	can't rely on the process being terminated after your custom
	handler runs. It is neccessary to manually restore the default
	handler and then re-raise the signal

	* src/rpc/virnetserver.c: Restore default handler and raise
	  signal

	Remove unused virNetServerProgramErrorHander typedef
	* src/rpc/virnetserverprogram.h: Remove unused typedef for
	  virNetServerProgramErrorHander function callback
	* daemon/remote.h: Remove decl for non-existant variables

2011-07-13  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix monitor unlocking in some error paths
	When monitor is entered with qemuDomainObjEnterMonitorWithDriver, the
	correct method for leaving and unlocking the monitor is
	qemuDomainObjExitMonitorWithDriver.

	qemu: Consolidate qemuMigrationPrepare{Direct,Tunnel}
	Most of the code in these two functions is supposed to be identical but
	currently it isn't (which is natural since the code is duplicated).
	Let's move common parts of these functions into qemuMigrationPrepareAny.

	This also fixes qemuMigrationPrepareTunnel which didn't store received
	lockState in the domain object.

	qemu: Add support for job phase
	Asynchronous jobs may take long time to finish and may consist of
	several phases which we need to now about to help with recovery/rollback
	after libvirtd restarts.

	qemu: Recover from interrupted jobs
	Detect and react on situations when libvirtd was restarted or killed
	when a job was active.

	qemu: Save job type in domain status XML
	If libvirtd is restarted when a job is running, the new libvirtd process
	needs to know about that to be able to recover and rollback the
	operation.

	qemu: Allow all query commands to be run during long jobs
	Query commands are safe to be called during long running jobs (such as
	migration). This patch makes them all work without the need to
	special-case every single one of them.

	The patch introduces new job.asyncCond condition and associated
	job.asyncJob which are dedicated to asynchronous (from qemu monitor
	point of view) jobs that can take arbitrarily long time to finish while
	qemu monitor is still usable for other commands.

	The existing job.active (and job.cond condition) is used all other
	synchronous jobs (including the commands run during async job).

	Locking schema is changed to use these two conditions. While asyncJob is
	active, only allowed set of synchronous jobs is allowed (the set can be
	different according to a particular asyncJob) so any method that
	communicates to qemu monitor needs to check if it is allowed to be
	executed during current asyncJob (if any). Once the check passes, the
	method needs to normally acquire job.cond to ensure no other command is
	running. Since domain object lock is released during that time, asyncJob
	could have been started in the meantime so the method needs to recheck
	the first condition. Then, normal jobs set job.active and asynchronous
	jobs set job.asyncJob and optionally change the list of allowed job
	groups.

	Since asynchronous jobs only set job.asyncJob, other allowed commands
	can still be run when domain object is unlocked (when communicating to
	remote libvirtd or sleeping). To protect its own internal synchronous
	commands, the asynchronous job needs to start a special nested job
	before entering qemu monitor. The nested job doesn't check asyncJob, it
	only acquires job.cond and sets job.active to block other jobs.

	qemu: Consolidate {Enter,Exit}Monitor{,WithDriver}
	EnterMonitor and ExitMonitor methods are very similar to their
	*WithDriver variants; consolidate them into EnterMonitorInternal and
	ExitMonitorInternal to avoid (mainly future) code duplication.

	qemu: Consolidate BeginJob{,WithDriver} into a single method
	This avoids code duplication and also avoids relying on good luck that
	ignore_value(virDomainObjUnref(obj)) doesn't set errno.

	qemu: Separate job related data into a new object

2011-07-13  Eric Blake  <eblake@redhat.com>

	maint: avoid incremental 'make syntax-check' failure
	Incrementally running 'make syntax-check' on a tree previously
	built after commit 62dee6f but before 44036460 fails sc_po_check
	(because the generated qemu_dispatch.h gained translatable strings).
	This is a followup to commit addaa537 for that scenario.

	* cfg.mk (sc_po_check): Add another prereq.
	($(srcdir)/daemon/qemu_dispatch.h): Add rule.

2011-07-13  Daniel P. Berrange  <berrange@redhat.com>

	Skip bugs which are CLOSED in todo list
	* docs/todo.pl: Skip closed bugs

	Add missing cleanup for transient guests in UML driver
	The UML inotify handler would kill off guests when certain
	conditions arise, but it forgot to remove transient guests
	from the list of domains

	* src/uml/uml_driver.c: Cleanup transient guests

	Add auditing to the UML driver
	* src/uml/uml_driver.c: Add audit hooks

	Add auditing to the LXC driver
	* src/lxc/lxc_driver.c: Add auditing hooks

	Add virtualization type in audit messages
	Since a host can run several different virtualization types at
	the same time, audit messages should allow domains to be identified.
	Add a 'virt={qemu,kvm,uml,lxc,...}' key to domain audit messages

	* src/conf/domain_audit.c: Identify virt type of guest

	Add auditing of filesystems
	When passing through filesystems from the host to a guest, the
	host filesystem passed must be audited

	* src/conf/domain_audit.{c,h}: Add virDomainAuditFS

	Move qemu_audit.h helpers into shared code
	The LXC and UML drivers can both make use of auditing. Move
	the qemu_audit.{c,h} files to src/conf/domain_audit.{c,h}

	* src/conf/domain_audit.c: Rename from src/qemu/qemu_audit.c
	* src/conf/domain_audit.h: Rename from src/qemu/qemu_audit.h
	* src/Makefile.am: Remove qemu_audit.{c,h}, add domain_audit.{c,h}
	* src/qemu/qemu_audit.h, src/qemu/qemu_cgroup.c,
	  src/qemu/qemu_command.c, src/qemu/qemu_driver.c,
	  src/qemu/qemu_hotplug.c, src/qemu/qemu_migration.c,
	  src/qemu/qemu_process.c: Update for changed audit API names

2011-07-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Initialize all instances of esxVMX_Data to zero
	To avoid using or freeing uninitialized memory or pointers.

	rpc: Fix compile error due to potentially unused parameter
	connectDBus is only used if HAVE_DBUS is set. Therefore mark
	it as potentially unused.

2011-07-12  Jim Fehlig  <jfehlig@novell.com>

	Fix build when using polkit0
	V2: Remove policy kit references from virNetServer and use DBus APIs
	    directly, if available.

2011-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Implement code to attach to external QEMU instances.
	Given a PID, the QEMU driver reads /proc/$PID/cmdline and
	/proc/$PID/environ to get the configuration. This is fed
	into the ARGV->XML convertor to build an XML configuration
	for the process.

	/proc/$PID/exe is resolved to identify the full command
	binary path

	After checking for name/uuid uniqueness, an attempt is
	made to connect to the monitor socket. If successful
	then 'info status' and 'info kvm' are issued to determine
	whether the CPUs are running and if KVM is enabled.

	* src/qemu/qemu_driver.c: Implement virDomainQemuAttach
	* src/qemu/qemu_process.h, src/qemu/qemu_process.c: Add
	  qemuProcessAttach to connect to the monitor of an
	  existing QEMU process

	Add monitor API for checking whether KVM is enabled
	When attaching to an external QEMU process, it is neccessary
	to check if the process is using KVM or not. This can be done
	using a monitor command

	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  API for checking if KVM is enabled

	Add a method for extracting QEMU argv from /proc
	To enable attaching to externally launched QEMU, we need
	to be able to reverse engineer a guest XML config based
	on the argv for a PID in /proc

	* src/qemu/qemu_command.c, src/qemu/qemu_command.h: Add
	  qemuParseCommandLinePid which extracts QEMU config from
	  argv in /proc, given a PID number

	Change extract pidfile & monitor config from QEMU command line
	When converting QEMU argv into a virDomainDefPtr, also extract
	the pidfile, monitor character device config and the monitor
	mode.

	* src/qemu/qemu_command.c, src/qemu/qemu_command.h: Extract
	  pidfile & monitor config from QEMU argv
	* src/qemu/qemu_driver.c, tests/qemuargv2xmltest.c: Add extra
	  params when calling qemuParseCommandLineString

	Keep pidfile path in qemuDomainObjPrivate struct
	Avoid re-formatting the pidfile path everytime we need it. Create
	it once when starting the guest, and preserve it until the guest
	is shutdown.

	* src/libvirt_private.syms, src/util/util.c,
	  src/util/util.h: Add virFileReadPidPath
	* src/qemu/qemu_domain.h: Add pidfile field
	* src/qemu/qemu_process.c: Store pidfile path in qemuDomainObjPrivate

	Add a new 'virsh qemu-attach' command.
	This command allows libvirt to attach to an existing QEMU
	instance.

	 $ qemu-kvm -cdrom ~/demo.iso \
	     -monitor unix:/tmp/demo,server,nowait \
	     -name foo \
	     -uuid cece4f9f-dff0-575d-0e8e-01fe380f12ea  &
	 $ QEMUPID=$!
	 $ virsh qemu-attach $QEMUPID

	Define remote wire protocol & impls for virDomainQemuAttach
	This tweaks the RPC generator to cope with some naming
	conventions used for the QEMU specific APIs

	* daemon/remote.c: Server side dispatcher
	* src/remote/remote_driver.c: Client side dispatcher
	* src/remote/qemu_protocol.x: Wire protocol definition
	* src/rpc/gendispatch.pl: Use '$structprefix' in method
	  names, fix QEMU flags and fix dispatcher method names

	Define a QEMU specific API to attach to a running QEMU process
	Introduce a new API in libvirt-qemu.so

	 virDomainPtr virDomainQemuAttach(virConnectPtr domain,
	                                  unsigned long long pid,
	                                  unsigned int flags);

	This allows libvirtd to attach to an existing, externally
	launched QEMU process. This is useful for QEMU developers who
	prefer to launch QEMU themselves for debugging/devel reasons,
	but still want the benefit of libvirt based tools like
	virt-top, virt-viewer, etc

	* include/libvirt/libvirt-qemu.h: Define virDomainQemuAttach
	* src/driver.h, src/libvirt-qemu.c, src/libvirt_qemu.syms:
	  Driver glue for virDomainQemuAttach

2011-07-12  Alex Jia  <ajia@redhat.com>

	qemu: update configuration file
	* src/qemu/qemu.conf: Add blkio controller into qemu.conf.

2011-07-12  Eric Blake  <eblake@redhat.com>

	qemu: avoid fd leak on core dump failure
	* src/qemu/qemu_driver.c (doCoreDump): Guarantee fd is closed.

	maint: rename virtaudit to match file contents
	* src/util/virtaudit.[ch]: Rename...
	* src/util/viraudit.[ch]: ...to match virAudit* API.
	* src/Makefile.am (UTIL_SOURCES): Reflect rename.
	* daemon/libvirtd.c: Likewise.
	* po/POTFILES.in: Likewise.
	* src/libvirt_private.syms: Likewise.
	* src/qemu/qemu_audit.c: Likewise.

2011-07-12  Oskari Saarenmaa  <os@ohmu.fi>

	remote/ssh: support for no_verify.
	Set StrictHostKeyChecking=no to auto-accept new ssh host keys if the
	no_verify extra parameter was specified.  This won't disable host key
	checking for already known hosts.  Includes a test and documentation.

2011-07-12  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	Fix virsh inject-nmi man page
	* tools/virsh.pod: move the description which was misplaced

2011-07-12  Michal Privoznik  <mprivozn@redhat.com>

	domain_conf: Free temporary variable
	* src/conf/domain_conf.c: caller must free returned value of
	  virXPathString in useserial

2011-07-12  Osier Yang  <jyang@redhat.com>

	esx: Fix a potential crash
	Initialize ptr data.datastorePathWithoutFileName as NULL, otherwise
	it might cause crash when trying to free it in cleanup.

2011-07-12  Eric Blake  <eblake@redhat.com>

	build: also check qemu_protocol for on-the-wire stability
	Since we are going to add some libvirt-qemu.so entry points in
	0.9.4, we might as well start checking for RPC stability, just
	as for libvirt.so.

	* src/Makefile.am (PROTOCOL_STRUCTS): New variable.
	(remote_protocol-structs): Rename...
	(%_protocol-structs): ...and make more generic.
	* src/qemu_protocol-structs: New file.

	build: avoid requiring -lm
	log2() is heavy when ffs() can do the same thing.  But ffs()
	requires gnulib support for mingw.

	This patch solves this linker error on Fedora 14.

	/usr/bin/ld: libvirt_lxc-domain_conf.o: undefined reference to symbol 'log2@@GLIBC_2.2.5'
	/usr/bin/ld: note: 'log2@@GLIBC_2.2.5' is defined in DSO /lib64/libm.so.6 so try adding it to the linker command line
	/lib64/libm.so.6: could not read symbols: Invalid operation
	collect2: ld returned 1 exit status

	* .gnulib: Update to latest, for ffs.
	* bootstrap.conf (gnulib_modules): Import ffs.
	* src/conf/domain_conf.c (virDomainDefParseXML): Use ffs instead
	of log2.
	Reported by Dave Allan.

2011-07-12  Jim Fehlig  <jfehlig@novell.com>

	Remove code no longer used after commit df0b57a9

2011-07-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add domain type checking
	The drivers were accepting domain configs without checking if those
	were actually meant for them. For example the LXC driver happily
	accepts configs with type QEMU.

	Add a check for the expected domain types to the virDomainDefParse*
	functions.

2011-07-11  Alex Jia  <ajia@redhat.com>

	remote: Fix memory leak
	Detected in valgrind run:

	==9184== 1 bytes in 1 blocks are definitely lost in loss record 1 of 19
	==9184==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==9184==    by 0x3073715F78: xdr_array (xdr_array.c:97)
	==9184==    by 0x4CF97C9: xdr_remote_domain_get_security_label_ret (remote_protocol.c:1696)
	==9184==    by 0x4D08741: virNetMessageDecodePayload (virnetmessage.c:286)
	==9184==    by 0x4D00F78: virNetClientProgramCall (virnetclientprogram.c:318)
	==9184==    by 0x4CE3887: call (remote_driver.c:3933)
	==9184==    by 0x4CF71C6: remoteDomainGetSecurityLabel (remote_driver.c:1580)
	==9184==    by 0x4CCA480: virDomainGetSecurityLabel (libvirt.c:7340)
	==9184==    by 0x41993A: cmdDominfo (virsh.c:2414)
	==9184==    by 0x411E92: vshCommandRun (virsh.c:12730)
	==9184==    by 0x4211ED: main (virsh.c:14076)
	==9184==
	==9184== 2 bytes in 1 blocks are definitely lost in loss record 2 of 19
	==9184==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==9184==    by 0x3073715F78: xdr_array (xdr_array.c:97)
	==9184==    by 0x4CF974F: xdr_remote_node_get_security_model_ret (remote_protocol.c:1713)
	==9184==    by 0x4D08741: virNetMessageDecodePayload (virnetmessage.c:286)
	==9184==    by 0x4D00F78: virNetClientProgramCall (virnetclientprogram.c:318)
	==9184==    by 0x4CE3887: call (remote_driver.c:3933)
	==9184==    by 0x4CF6F96: remoteNodeGetSecurityModel (remote_driver.c:1648)
	==9184==    by 0x4CBF799: virNodeGetSecurityModel (libvirt.c:7382)
	==9184==    by 0x4197D7: cmdDominfo (virsh.c:2394)
	==9184==    by 0x411E92: vshCommandRun (virsh.c:12730)
	==9184==    by 0x4211ED: main (virsh.c:14076)
	==9184==
	==9184== 8 bytes in 1 blocks are definitely lost in loss record 3 of 19
	==9184==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==9184==    by 0x3073715F78: xdr_array (xdr_array.c:97)
	==9184==    by 0x4CF9729: xdr_remote_node_get_security_model_ret (remote_protocol.c:1710)
	==9184==    by 0x4D08741: virNetMessageDecodePayload (virnetmessage.c:286)
	==9184==    by 0x4D00F78: virNetClientProgramCall (virnetclientprogram.c:318)
	==9184==    by 0x4CE3887: call (remote_driver.c:3933)
	==9184==    by 0x4CF6F96: remoteNodeGetSecurityModel (remote_driver.c:1648)
	==9184==    by 0x4CBF799: virNodeGetSecurityModel (libvirt.c:7382)
	==9184==    by 0x4197D7: cmdDominfo (virsh.c:2394)
	==9184==    by 0x411E92: vshCommandRun (virsh.c:12730)
	==9184==    by 0x4211ED: main (virsh.c:14076)
	==9184==
	==9184== LEAK SUMMARY:
	==9184==    definitely lost: 11 bytes in 3 blocks

	* src/remote/remote_driver.c: Avoid leak on remoteDomainGetSecurityLabel
	  and remoteNodeGetSecurityModel.

2011-07-11  Eric Blake  <eblake@redhat.com>

	tests: simplify formatting
	The shell version would output 40 extra spaces for a test with
	a multiple of 40 sub-tests, and the C version can use the same
	printf optimization for avoiding a loop over single space output
	as the shell version.

	* tests/testutils.c (virtTestMain): Avoid loop for alignment.
	* tests/test-lib.sh: Fix formatting when counter is multiple of 40.

2011-07-11  Jim Fehlig  <jfehlig@novell.com>

	Do not drop kernel cmdline for xen pv domains
	Kernel cmdline args can be passed to xen pv domains even when a
	bootloader is specified.  The current config-to-sxpr mapping
	ignores cmdline when bootloader is present.

	Since the xend sub-driver is used with many xen toolstack versions,
	this patch takes conservative approach of adding an else block to
	existing !def->os.bootloader, and only appends sxpr if def->os.cmdline
	is non-NULL.

	V2: Fix existing testcase broken by this patch and add new testcases

2011-07-11  Wen Congyang  <wency@cn.fujitsu.com>

	kill vm if saving config failed in v3 protocol
	If virDomainSaveConfig() failed, we will return NULL to source,
	and the vm is still available to restart during confirm() step in
	v3 protocol. So we should kill it off in qemuMigrationFinish().

	In v2 protocol, we should not set vm to NULL, because we hold
	a reference of vm and should unrefernce it.

	RPC: fix argument's name

	fix typo error

2011-07-11  Michal Privoznik  <mprivozn@redhat.com>

	bios: Add support for SGA
	This patch creates new <bios> element which, at this time has only the
	attribute useserial='yes|no'. This attribute allow users to use
	Serial Graphics Adapter and see BIOS messages from the very first moment
	domain boots up. Therefore, users can choose boot medium, set PXE, etc.

2011-07-11  Daniel Veillard  <veillard@redhat.com>

	Fix rpm build with sanlock and without QEmu
	The qemu-sanlock.conf file is not installed in this case

2011-07-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Fix logic in storage driver open function
	If the main driver is the vbox driver, then the open function
	has to return an error if the private data is invalid.

	tests: Improve output of tests that decide to skip at runtime
	Don't print OK/FAIL for tests that decide to be skipped after
	calling virtTestMain. Delay printing of the indentation before
	the first test until we know that the test didn't decide to be
	skipped.

	Also make the reconnect test use VIRT_TEST_MAIN.

	tests: Fix compressed test output padding logic
	The current logic tries to count from 1 to 40 and ignores paddings
	of 0 and 1 to 40. This doesn't work for counter + 1 mod 40 == 0
	like here for counter value 159

	TEST: virsh-all
	      ........................................ 40
	      ........................................ 80
	      ........................................ 120
	      ....................................... 159 OK
	PASS: virsh-all

	Also seq isn't portable. Therefore, calculate the correct padding
	length directly and use printf to output it at once.

	tests: Use EXIT_AM_SKIP instead of 77 directly

	rpc: Fix whitespace problem in generated code
	Add missing line break and fix indention level.

	Reported by Cole Robinson.

2011-07-09  Federico Simoncelli  <fsimonce@redhat.com>

	sanlock: avoid lockspace setup when auto_disk_lease is off
	When auto_disk_lease is off we should avoid the automatic lockspace
	creation.

2011-07-09  Eric Blake  <eblake@redhat.com>

	libvirtd: diagnose explicitly requested but missing conf file
	Fixes test regression introduced in commit 8e2e4780.

	* daemon/libvirtd.c (daemonConfigLoad): Add argument.
	(main): Update caller.

2011-07-08  Michael Santos  <michael.santos@gmail.com>

	qemu: clean up OOM checks

2011-07-08  Daniel P. Berrange  <berrange@redhat.com>

	Don't exit if the libvirtd config does not exist
	It is common for the $HOME/.libvirt/libvirtd.conf file to not
	exist. Treat this situation as non-fatal since we can carry
	on with our default settings just fine.

	* daemon/libvirtd.c: Treat ENOENT as non-fatal when loading
	  config

	Fix sending of reply to final RPC message
	The dispatch for the CLOSE RPC call was invoking the method
	virNetServerClientClose(). This caused the client connection
	to be immediately terminated. This meant the reply to the
	final RPC message was never sent. Prior to the RPC rewrite
	we merely flagged the connection for closing, and actually
	closed it when the next RPC call dispatch had completed.

	* daemon/remote.c: Flag connection for a delayed close
	* daemon/stream.c: Update to use new API for closing
	  failed connection
	* src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h:
	  Add support for a delayed connection close. Rename the
	  virNetServerClientMarkClose method to virNetServerClientImmediateClose
	  to clarify its semantics

	Fix leak of remote driver if final 'CLOSE' RPC call fails
	When closing a remote connection we issue a (fairly pointless)
	'CLOSE' RPC call to the daemon. If this fails we skip all the
	cleanup of private data, but the virConnectPtr object still
	gets released as normal. This causes a memory leak. Since the
	CLOSE RPC call is pretty pointless, just carry on freeing the
	remote driver if it fails.

	* src/remote/remote_driver.c: Ignore failure to issue CLOSE
	  RPC call

	Fix release of outgoing stream confirmation/abort message
	When sending back the final OK or ERROR message on completion
	of a stream, we were not decrementing the 'nrequests' tracker
	on the client. With the default requests limit of '5', this
	meant once a client had created 5 streams, they are unable to
	process any further RPC calls.  There was also a bug when
	handling an error from decoding a message length header, which
	meant a client connection would not immediately be closed.

	* src/rpc/virnetserverclient.c: Fix release of request after
	  stream completion & mark client for close on error

	Fix leak of 'msg' object in client stream code
	In one exit path we forgot to free the virNetMessage object causing
	a large memory leak for streams which send a lot of data. Some other
	paths were calling VIR_FREE directly instead of virNetMessageFree
	although this was (currently) harmless.

	* src/rpc/virnetclientstream.c: Fix leak of msg object
	* src/rpc/virnetclientprogram.c: Call virNetMessageFree instead
	  of VIR_FREE

	Fix potential crash in libvirtd with active streams
	If a client disconnects while it has a stream active, there is
	a race condition which could see libvirtd crash. This is because
	the client struct may be freed before the last stream event has
	triggered. This is trivially solved by holding an extra reference
	on the client for the stream callbak

	* daemon/stream.c: Acquire reference on client when adding the
	  stream callback

	Fix mistaken order of server cert/key parameters in constructor
	The virNetTLSContextNew was being passed key/cert parameters in
	the wrong order. This wasn't immediately visible because if
	virNetTLSContextNewPath was used, a second bug reversed the order
	of those parameters again.

	Only if the paths were manually specified in /etc/libvirt/libvirtd.conf
	did the bug appear

	* src/rpc/virnettlscontext.c: Fix order of params passed to
	  virNetTLSContextNew

2011-07-08  Michal Privoznik  <mprivozn@redhat.com>

	graphics: add support for action_if_connected in qemu
	This option accepts 3 values:
	-keep, to keep current client connected (Spice+VNC)
	-disconnect, to disconnect client (Spice)
	-fail, to fail setting password if there is a client connected (Spice)

2011-07-08  Jiri Denemark  <jdenemar@redhat.com>

	util: Don't try to fchown files opened as non-root
	When virFileOpenAs is called with VIR_FILE_OPEN_AS_UID flag and uid/gid
	different from root/root while libvirtd is running as root, we fork a
	new child, change its effective UID/GID to uid/gid and run
	virFileOpenAsNoFork. It doesn't make any sense to fchown() the opened
	file in this case since we already know that uid/gid can access the file
	when open succeeds and one of the following situations may happen:

	- the file is already owned by uid/gid and we skip fchown even before
	  this patch
	- the file is owned by uid but not gid because it was created in a
	  directory with SETGID set, in which case it is desirable not to change
	  the group
	- the file may be owned by a completely different user and/or group
	  because it was created on a root-squashed or even all-squashed NFS
	  filesystem, in which case fchown would most likely fail anyway

2011-07-08  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't chown files on NFS share if dynamic_ownership is off
	When dynamic ownership is disabled we don't want to chown any files,
	not just local.

2011-07-08  John Williams  <john.williams@petalogix.com>

	microblaze: Add architecture support
	Add libvirt support for MicroBlaze architecture as a QEMU target.  Based on mips/mipsel pattern.

2011-07-08  Jim Fehlig  <jfehlig@novell.com>

	Skip some xen tests if xend is not running
	Currently, the xen statstest and reconnect tests are only compiled
	if xend is running.  Compile them unconditionally if xen headers
	are present, but skip the tests at runtime if xend is not running.

	This is in response to Eric's suggestion here

	https://www.redhat.com/archives/libvir-list/2011-July/msg00367.html

2011-07-08  Eric Blake  <eblake@redhat.com>

	util: drop unused safezero argument
	No caller was using the flags argument, and this function is internal
	only, so we might as well skip it.

	* src/util/util.h (safezero): Update signature.
	* src/util/util.c (safezero): Update function.
	* src/locking/lock_driver_sanlock.c
	(virLockManagerSanlockSetupLockspace)
	(virLockManagerSanlockCreateLease): Update all callers.
	* src/storage/storage_backend.c (createRawFile): Likewise.

	conf: prefer unsigned int for flags
	* src/conf/domain_conf.c (virDomainGraphicsDefParseXML)
	(virDomainDeviceInfoFormat, virDomainDeviceInfoParseXML)
	(virDomainDiskDefParseXML, virDomainControllerDefParseXML)
	(virDomainFSDefParseXML, virDomainNetDefParseXML)
	(virDomainChrDefParseTargetXML, virDomainChrDefParseXML)
	(virDomainSmartcardDefParseXML, virDomainInputDefParseXML)
	(virDomainTimerDefParseXML, virDomainSoundDefParseXML)
	(virDomainWatchdogDefParseXML, virDomainMemballoonDefParseXML)
	(virDomainVideoDefParseXML)
	(virDomainHostdevSubsysUsbDefParseXML)
	(virDomainHostdevSubsysPciDefParseXML)
	(virDomainHostdevDefParseXML, virSecurityLabelDefParseXML)
	(virDomainVcpuPinDefParseXML, virDomainDefParseXML)
	(virDomainDefParse, virDomainDiskDefFormat)
	(virDomainControllerDefFormat, virDomainFSDefFormat)
	(virDomainNetDefFormat, virDomainChrSourceDefFormat)
	(virDomainChrDefFormat, virDomainSmartcardDefFormat)
	(virDomainSoundDefFormat, virDomainMemballoonDefFormat)
	(virDomainWatchdogDefFormat, virDomainVideoDefFormat)
	(virDomainInputDefFormat, virDomainGraphicsDefFormat)
	(virDomainHostdevDefFormat, virDomainObjFormat): Switch signature.
	(virDomainObjTaint, virDomainSaveStatus): Use unsigned flags.

	drivers: prefer unsigned int for flags
	Now that the public APIs always use unsigned flags, the internal
	driver callbacks might as well do likewise.

	* src/driver.h (vrDrvOpen, virDrvDomainCoreDump)
	(virDrvDomainGetXMLDesc, virDrvNetworkGetXMLDesc)
	(virDrvNWFilterGetXMLDesc): Update type.
	* src/remote/remote_protocol.x (remote_open_args)
	(remote_domain_core_dump_args, remote_domain_get_xml_desc_args)
	(remote_network_get_xml_desc_args)
	(remote_nwfilter_get_xml_desc_args): Likewise.
	* src/test/test_driver.c: Update clients.
	* src/remote/remote_driver.c: Likewise.
	* src/xen/xen_hypervisor.c: Likewise.
	* src/xen/xen_hypervisor.h: Likewise.
	* src/xen/xen_driver.c: Likewise.
	* src/xen/xend_internal.c: Likewise.
	* src/xen/xend_internal.h: Likewise.
	* src/xen/xm_internal.c: Likewise.
	* src/xen/xm_internal.h: Likewise.
	* src/xen/xs_internal.c: Likewise.
	* src/xen/xs_internal.h: Likewise.
	* src/xen/xen_inotify.c: Likewise.
	* src/xen/xen_inotify.h: Likewise.
	* src/phyp/phyp_driver.c: Likewise.
	* src/openvz/openvz_driver.c: Likewise.
	* src/vmware/vmware_driver.c: Likewise.
	* src/vbox/vbox_driver.c: Likewise.
	* src/vbox/vbox_tmpl.c: Likewise.
	* src/xenapi/xenapi_driver.c: Likewise.
	* src/esx/esx_driver.c: Likewise.
	* src/esx/esx_interface_driver.c: Likewise.
	* src/esx/esx_network_driver.c: Likewise.
	* src/esx/esx_storage_driver.c: Likewise.
	* src/esx/esx_device_monitor.c: Likewise.
	* src/esx/esx_secret_driver.c: Likewise.
	* src/esx/esx_nwfilter_driver.c: Likewise.
	* src/interface/netcf_driver.c: Likewise.
	* src/nwfilter/nwfilter_driver.c: Likewise.
	* src/libxl/libxl_driver.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.
	* src/lxc/lxc_driver.c: Likewise.
	* src/uml/uml_driver.c: Likewise.
	* src/network/bridge_driver.c: Likewise.
	* src/secret/secret_driver.c: Likewise.
	* src/storage/storage_driver.c: Likewise.
	* src/node_device/node_device_hal.c: Likewise.
	* src/node_device/node_device_udev.c: Likewise.
	* src/remote_protocol-structs: Likewise.

	public API: prefer unsigned int for flags
	Most APIs use 'unsigned int flags'; but a few stragglers were using
	a signed value.  In particular, the vir*GetXMLDesc APIs were
	split-brain, with inconsistent choice of types.  Although it is
	an API break to use 'int' instead of 'unsigned int', it is ABI
	compatible (pre-compiled apps will have no difference in behavior),
	and generally apps can be recompiled without any issue (only rare
	apps that compiled with extremely high warning levels, or which
	pass libvirt API around as typed function pointers, would have to
	make any code changes to deal with the change).

	The migrate APIs use 'unsigned long flags', which can't be changed,
	due to ABI constraints.

	This patch intentionally touches only the public API, to prove the
	claim that most existing code (including driver callbacks and virsh)
	still compiles just fine in spite of the type change.

	* include/libvirt/libvirt.h.in (virConnectOpenAuth)
	(virDomainCoreDump, virDomainGetXMLDesc, virNetworkGetXMLDesc)
	(virNWFilterGetXMLDesc): Use unsigned int for flags.
	(virDomainHasCurrentSnapshot): Use consistent spelling.
	* src/libvirt.c (virConnectOpenAuth, virDomainCoreDump)
	(virDomainGetXMLDesc, virNetworkGetXMLDesc)
	(virNWFilterGetXMLDesc, do_open): Update accordingly.

	maint: print flags in hex during debug
	Debugging decimal flags is a pain.

	* src/libvirt.c: Always print flags in hex.

	virsh: make destroy sound less scary
	Destroy has a rather negative English connotation.  Try to reduce
	the impact, so newbies aren't as scared to use it.

	* tools/virsh.c: Tweak all destroy documentation.
	* tools/virsh.pod: Likewise.

	build: use gnulib pthread_sigmask
	Gnulib finally learned how to do pthread_sigmask on mingw.

	* .gnulib: Update to latest, for pthread_sigmask.
	* bootstrap.conf (gnulib_modules): Add pthread_sigmask.
	* configure.ac (AC_CHECK_FUNCS): Drop redundant check.
	* src/rpc/virnetclient.c (virNetClientSetTLSSession)
	(virNetClientIOEventLoop): Make code unconditional.
	* src/util/command.c (virFork): Likewise.
	* tools/virsh.c (doMigrate, cmdMigrate): Likewise.

	build: fix virBufferVasprintf on mingw
	Gnulib documents that mingw vsnprintf is broken (it returns -1
	on out-of-space, instead of the count of what would have been
	printed); but while we were using the snprintf wrapper, we had
	not yet been using the vsnprintf wrapper.

	Meanwhile, mingw (but not mingw64) has a replacement snprintf
	that fixes return values, but still lacks %1$s support; so in
	that case, gnulib didn't replace snprintf, but libintl then
	went ahead and installed a version that supported %1$s but not
	return values.  Gnulib has since been fixed to guarantee that
	the snprintf module will always guarantee the constraints needed
	by libintl.

	Also, we want to guarantee that strdup sets errno on failure.

	* .gnulib: Update to latest, for vsnprintf fix.
	* bootstrap.conf (gnulib_modules): Add vsnprintf, strdup-posix.
	Reported by Matthias Bolte.

2011-07-08  Jim Fehlig  <jfehlig@novell.com>

	Fix compilation of statstest.c during make check

2011-07-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	python: Fix bogus label placement

2011-07-07  Laine Stump  <laine@laine.org>

	util: close the ioctl socket at the end of if(Get|Set)MacAddress
	Otherwise this will leak an fd each time one of these functions is
	called.

	util: rename err_exit to cleanup in interface.c
	This brings it in line with the recommendations in HACKING.

2011-07-07  Minoru Usui  <usui@mxm.nes.nec.co.jp>

	sysinfo: delete unnecessary white space of sysinfo.
	  * Trim each element and delete null entry of sysinfo by
	  virSkipSpacesBackwards().

2011-07-07  Eric Blake  <eblake@redhat.com>

	util: add virTrimSpaces
	The next patch wants to adjust an end pointer to trim trailing
	spaces but without modifying the underlying string, but a more
	generally useful ability to trim trailing spaces in place is
	also worth providing.

	* src/util/util.h (virTrimSpaces, virSkipSpacesBackwards): New
	prototypes.
	* src/util/util.c (virTrimSpaces, virSkipSpacesBackwards): New
	functions.
	* src/libvirt_private.syms (util.h): Export new functions.
	Inspired by a patch by Minoru Usui.

	util: fix virSkipSpaces
	Most clients of virSkipSpaces don't want to omit backslashes.
	Also, open-coding the list of spaces is not as nice as using
	c_isspace.

	* src/util/util.c (virSkipSpaces): Use c_isspace.
	(virSkipSpacesAndBackslash): New function.
	* src/util/util.h (virSkipSpacesAndBackslash): New prototype.
	* src/xen/xend_internal.c (sexpr_to_xend_topology): Update caller.
	* src/libvirt_private.syms (util.h): Export new function.

	docs: minor whitespace cleanups
	No change in wording.  One spacing change in a <pre>, noticed because
	of odd XML formatting online; the rest is in free-flowing text to
	make it easier to see nesting levels in the document.

	* docs/formatdomain.html.in: Adjust spacing.  Break long lines.

2011-07-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	Reduce code duplication in virFileMakePath(Helper)
	Move stat and mkdir to virFileMakePathHelper.

	Also use the stat result to detect whether the existing path
	is a directory and set errno accordingly if it's not.

	apparmor: Finish incomplete renaming of relabel to norelabel
	Commit 693eac388f1759d was incomplete here.

2011-07-06  Daniel P. Berrange  <berrange@redhat.com>

	Fix default value of security label 'relabel' attribute
	When no <seclabel> is present in the XML, the virDomainSeclabelDef
	struct is left as all zeros. Unfortunately, this means it gets setup
	as type=dynamic, with relabel=no, which is an illegal combination.

	Change the 'bool relabel' attribute in virDomainSeclabelDef to
	the inverse 'bool norelabel' so that the default initialization
	is sensible

	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/security/security_apparmor.c, src/security/security_selinux.c:
	  Replace 'relabel' with 'norelabel'

2011-07-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix return value semantic of virFileMakePath
	Some callers expected virFileMakePath to set errno, some expected
	it to return an errno value. Unify this to return 0 on success and
	-1 on error. Set errno to report detailed error information.

	Also optimize virFileMakePath if stat fails with an errno different
	from ENOENT.

	nodedev: Let check_fc_host_linux report errors to the caller

2011-07-06  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	Fix compilation error when SASL support is disabled
	This patch adds #if HAVE_SASL where needed in libvirtd.h

2011-07-06  Guannan Ren  <gren@redhat.com>

	pci: initialize state values on reattach
	add a new API pciDeviceReAttachInit() in pci.c to initialize state values for nodedev reattach

	Initialize three state value of device driver to 1. This is just for a new call to
	qemudNodeDeviceReAttach()

2011-07-06  Laine Stump  <laine@laine.org>

	xml: create an RNG file for common types and move some definitions there
	domain.rng, network.rng, and interface.rng already use a few of the
	same types (or in some cases *should* but don't), and an upcoming code
	change will have them sharing even more. To prepare for that, this
	patch takes those common data type definitions and moves them into
	basictypes.rng.

	This may break some rule about the need to RNG files to be autonomous
	or something, but I saw that storageencryption.rng is used in this
	way, so I figured it must not be completely against the law...

	docs: sort the file list in the schemas Makefile

	qemu: check flags in qemuDomainGetXMLDesc
	Although most functions with flags check to verify no application is
	passing in flag bits that are currently undefined, for some reason
	this function wasn't.

	conf: fix domain parse flags
	* Change all flags args from int to unsigned int

	* Allow passing flags in virDomainObjParseFile (and propogate those
	  flags all the way down the call chain). Previously the flags were
	  hardcoded (to VIR_DOMAIN_XML_INTERNAL_STATUS) several layers down
	  the chain. Pass that value in at the one place that is currently
	  calling virDomainObjParseFile.

2011-07-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Disable networkxml2argvtest when configured without network
	Reported by Ruben Kerkhof.

	qemu: Fix virFileMakePath error handling in snapshot creation
	virFileMakePath returns an errno value on error, that will never
	be negative. An virFileMakePath error would have been ignored here,
	instead of being reported correctly.

	conf: Fix declaration of virNetworkDNS(Hosts)Def struct
	The struct A {} A; construct triggers a linker error on OSX about
	duplicate symbols. This also differs from the common struct style.

	Switch to common style to fix this.

	Reported by Justin Clift.

2011-07-04  Daniel P. Berrange  <berrange@redhat.com>

	Add documentation for the seclabel XML element
	The domain XML documentation is missing information about the
	<seclabel> element used by security drivers

	* formatdomain.html.in: Document <seclabel>

	Allow for resource relabelling with static labels
	Add a new attribute to the <seclabel> XML to allow resource
	relabelling to be enabled with static label usage.

	  <seclabel model='selinux' type='static' relabel='yes'>
	    <label>system_u:system_r:svirt_t:s0:c392,c662</label>
	  </seclabel>

	* docs/schemas/domain.rng: Add relabel attribute
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Parse
	  the 'relabel' attribute
	* src/qemu/qemu_process.c: Unconditionally clear out the
	  'imagelabel' attribute
	* src/security/security_apparmor.c: Skip based on 'relabel'
	  attribute instead of label type
	* src/security/security_selinux.c: Skip based on 'relabel'
	  attribute instead of label type and fill in <imagelabel>
	  attribute if relabel is enabled.

	Allow a base label to be specified in dynamic labelling mode
	Normally the dynamic labelling mode will always use a base
	label of 'svirt_t' for VMs. Introduce a <baselabel> field
	in the <seclabel> XML to allow this base label to be changed

	eg

	   <seclabel type='dynamic' model='selinux'>
	     <baselabel>system_u:object_r:virt_t:s0</baselabel>
	   </seclabel>

	* docs/schemas/domain.rng: Add <baselabel>
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Parsing
	  of base label
	* src/qemu/qemu_process.c: Don't reset 'model' attribute if
	  a base label is specified
	* src/security/security_apparmor.c: Refuse to support base label
	* src/security/security_selinux.c: Use 'baselabel' when generating
	  label, if available

2011-07-04  Osier Yang  <jyang@redhat.com>

	storage: Do not override the exact error of createRawFile
	virStorageBackendCreateRaw: createRawFile already reported the
	exact error.

	Before the fix:

	error: Failed to create vol vol-create.img
	error: cannot create path '/var/lib/libvirt/images/vol-create.img': Unknown error 18446744073709551597

	After the fix:

	error: Failed to create vol vol-create.img
	error: cannot fill file '/var/lib/libvirt/images/vol-create.img': No space left on device

2011-07-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.3
	* configure.ac docs/news.html.in libvirt.spec.in: update for the
	  new release
	* po/*.po*: updated and regenerated localizations

2011-07-04  Wen Congyang  <wency@cn.fujitsu.com>

	initialize pointer to NULL
	cmd is not initialized to NULL, but we try to freed it if we
	meet some error.

2011-07-04  Eric Blake  <eblake@redhat.com>

	storage: avoid crash on parse error
	Coverity detected that we could crash on bogus input.  Meanwhile,
	strtok_r is rather heavy compared to strchr.

	* src/storage/storage_backend_iscsi.c (virStorageBackendIQNFound):
	  Check for parse failure, and use lighter-weight functions.

	vmware: avoid null deref on failed lookup
	* src/vmware/vmware_driver.c (vmwareDomainReboot): Check error
	  before dereferencing memory.

	qemu: avoid null deref on low memory
	Detected by Coverity.  qemuDomainEventQueue requires a non-NULL
	pointer; most callers silently drop the event if we encountered
	and OOM situation trying to create the event.

	* src/qemu/qemu_migration.c (qemuMigrationFinish): Check for OOM.

	cgroup: silence coverity warning
	Coverity noted that most clients reacted to failure to hash; but in
	a best-effort kill loop, we can ignore failure.

	* src/util/cgroup.c (virCgroupKillInternal): Ignore hash failure.

	rpc: silence coverity warning
	Coverity noted that 4 out of 5 calls to virNetClientStreamRaiseError
	checked the return value.  This case expects a particular value, so
	warn if our expectations went wrong due to some bug elsewhere.

	* src/rpc/virnetclient.c (virNetClientCallDispatchStream): Warn on
	  unexpected scenario.

	qemu: silence coverity warnings
	Coverity warns if the majority of callers check a function for
	errors, but a few don't; but in qemu_audit and qemu_domain, the
	choice to not check for failures was safe.  In qemu_command, the
	failure to generate a uuid can only occur on a bad pointer.

	* src/qemu/qemu_audit.c (qemuAuditCgroup): Ignore failure to get
	  cgroup controller.
	* src/qemu/qemu_domain.c (qemuDomainObjEnterMonitor)
	  (qemuDomainObjEnterMonitorWithDriver): Ignore failure to get
	  timestamp.
	* src/qemu/qemu_command.c (qemuParseCommandLine): Check for error.

	rpc: avoid memory leak on error
	Detected by Coverity.  The leak is on an error path, but I'm not
	sure whether that path is likely to be triggered in practice.

	* src/rpc/virnetserverservice.c (virNetServerServiceAccept): Plug leak.

	rpc: fix logic bug
	Spotted by Coverity.  If we don't update tmp each time through
	the loop, then if the filter being removed was not the head of
	the list, we accidentally lose all filters prior to the one we
	wanted to remove.

	* src/rpc/virnetserverclient.c (virNetServerClientRemoveFilter):
	    Don't lose unrelated filters.

2011-07-02  Eric Blake  <eblake@redhat.com>

	pci: avoid memory leak on error
	Detected by Coverity.  Some, but not all, error paths were clean;
	but they were repetitive so I refactored them.

	* src/util/pci.c (pciGetDevice): Plug leak.

	interface: avoid memory leak on parse error
	Detected by Coverity.  Unlikely to hit unless the file contents
	were corrupted.

	* src/util/interface.c (ifaceRestoreMacAddress): Plug leak.

	libvirtd: avoid memory leak on OOM
	Detected by Coverity; only strikes on OOM so not serious.

	* daemon/libvirtd.c (daemonPidFilePath): Plug leak.

	build: avoid 'make syntax-check' failure
	* tests/utiltest.c (DO_TEST): Fix indentation for cppi.

2011-07-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Add a general util test
	Move non-esx specific tests from esxutilstest there and add a
	test for virParseVersionString.

2011-07-02  Eric Blake  <eblake@redhat.com>

	util: choose whether to require micro in version strings
	To avoid regressions, we let callers specify whether to require a
	minor and micro version.  Callers that were parsing uname() output
	benefit from defaulting to 0, whereas callers that were parsing
	version strings from other sources should not change in behavior.

	* src/util/util.c (virParseVersionString): Allow caller to choose
	whether to fail if minor or micro is missing.
	* src/util/util.h (virParseVersionString): Update signature.
	* src/esx/esx_driver.c (esxGetVersion): Update callers.
	* src/lxc/lxc_driver.c (lxcVersion): Likewise.
	* src/openvz/openvz_conf.c (openvzExtractVersionInfo): Likewise.
	* src/uml/uml_driver.c (umlGetVersion): Likewise.
	* src/vbox/vbox_MSCOMGlue.c (vboxLookupVersionInRegistry):
	Likewise.
	* src/vbox/vbox_tmpl.c (vboxExtractVersion): Likewise.
	* src/vmware/vmware_conf.c (vmwareExtractVersion): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiGetVersion): Likewise.
	Reported by Matthias Bolte.

	build: consistently use CFLAGS
	According to the automake manual, CPPFLAGS (aka INCLUDES, as spelled
	in automake 1.9.6) should only include -I, -D, and -U directives; more
	generic directives like -Wall belong in CFLAGS since they affect more
	phases of the build process.  Therefore, we should be sticking CFLAGS
	additions into a CFLAGS container, not a CPPFLAGS container.

	* src/Makefile.am (libvirt_driver_vmware_la_CFLAGS): Use AM_CFLAGS.
	(INCLUDES): Move CFLAGS items...
	(AM_CFLAGS): ...to their proper location.
	* python/Makefile.am (INCLUDES, AM_CFLAGS): Likewise.
	* tests/Makefile.am (INCLUDES, AM_CFLAGS): Likewise.
	(commandtest_CFLAGS, commandhelper_CFLAGS)
	(virnetmessagetest_CFLAGS, virnetsockettest_CFLAGS): Use AM_CFLAGS.

2011-07-01  Daniel Veillard  <veillard@redhat.com>

	Explicitely invoke python for API doc generator
	This fixes the problem of not finding python in /usr/bin
	which broke build on FreeBSD

2011-07-01  Scott Moser  <smoser@ubuntu.com>

	fix virParseVersionString with linux 3.0
	linux 3.0 has no micro version number, and that is causing problems
	for virParseVersionString.  The patch below should allow for:
	  major
	  major.minor
	  major.minor.micro

	If major or minor are not present they just default to zero.
	We found this in Ubuntu (https://bugs.launchpad.net/bugs/802977)

2011-07-01  Eric Blake  <eblake@redhat.com>

	build: remove dead variables
	Detected by Coverity.  No real harm in leaving these, but fixing
	them cuts down on the noise for future analysis.

	* src/rpc/virnetserver.c (virNetServerAddService): Delete unused
	entry.
	* src/util/sysinfo.c (virSysinfoRead): Delete dead assignment to
	base.

2011-07-01  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus jsondata.h file reference which does not exist
	* tests/Makefile.am: Remove jsondata.h

2011-07-01  Eric Blake  <eblake@redhat.com>

	build: simplify sanlock distribution
	EXTRA_DIST files should unconditionally be part of the tarball,
	rather than depending on the presence of sanlock-devel.

	Meanwhile, parallel builds could fail if we don't use mkdir -p.

	* src/Makefile.am (EXTRA_DIST): Always ship sanlock .aug and
	template .conf files.
	(%-sanlock.conf): Use MKDIR_P.

	build: allow 'make syntax-check' on fresh checkout
	For good or for bad, I did a fresh checkout, ./autogen.sh, then
	'configure', then 'make syntax-check', and was surprised that it
	failed.  Running 'make' before 'make syntax-check' cleaned up the
	issue, but this patch makes it work up front.

	* cfg.mk (sc_po_check): Add prerequisites.

	build: ignore generated file
	* .gitignore: Exempt jsontest binary.

2011-07-01  Daniel P. Berrange  <berrange@redhat.com>

	Add conditionals to allow build without SASL
	* daemon/libvirtd.c, daemon/remote.c: Add #if HAVE_SASL and
	  suitable function stubs to allow build without SASL

2011-07-01  Eric Blake  <eblake@redhat.com>

	build: avoid double-close bug with pipe2
	Based on Coverity's finding on the previous patch, I audited
	gnulib's pipe2 code and found that we had the potential for
	a subtle double-close bug, unless gnulib guarantees that the
	contents of the fd array are unchanged on pipe2() failure.

	* .gnulib: Update to latest, for pipe2 fix.

	rpc: avoid freeing uninitialized variable
	Detected by Coverity.  Both are instances of bad things happening
	if pipe2 fails; the virNetClientNew failure could free garbage,
	and virNetSocketNewConnectCommand could close random fds.

	Note: POSIX doesn't guarantee the contents of fd[0] and fd[1]
	after pipe failure: http://austingroupbugs.net/view.php?id=467
	We may need to introduce a virPipe2 wrapper that guarantees
	that on pipe failure, the fds are explicitly set to -1, rather
	than our current state of assuming the fds are unchanged from
	their value prior to the failed pipe call.

	* src/rpc/virnetclient.c (virNetClientNew): Initialize variable.
	* src/rpc/virnetsocket.c (virNetSocketNewConnectCommand):
	Likewise.

	virsh: avoid uninitialized variable
	Detected by Coverity; neither vshCmddefHelp nor vshCmdOptParse
	was initializing opts_required.

	* tools/virsh.c (vshCmddefOptParse): Always initialize bitmaps.

	virsh: avoid integer overflow
	Detected by Coverity.  info.nrVirtCpu is unsigned short, but if
	cpumaplen is int, then the product of the two in vshMalloc risks
	unintended sign extension.  cmdVcpuinfo had already solved this
	by using size_t cpumaplen.

	* tools/virsh.c (cmdVcpuPin): Use correct type.

2011-07-01  Daniel P. Berrange  <berrange@redhat.com>

	Fix stream procedure number for virDomainMigratePrepareTunnel3
	The virDomainMigratePrepareTunnel3 impl in the remote driver
	was using the procedure number for the virDomainMigratePrepareTunnel
	method. This doesn't work out so well, because it makes the server
	ignore & drop all stream packets

	* src/remote/remote_driver.c: Fix procedure for PrepareTunnel3

	Send back an error if we get unexpected stream control message
	We ignore any stream data packets which come in for streams which
	are not registered, since these packets are async and do not have
	a reply. If we get a stream control packet though we must send back
	an actual error, otherwise a (broken) client may hang forever
	making it hard to diagnose the client bug.

	* src/rpc/virnetserverprogram.c: Send back error for unexpected
	  stream control messages

	Fix release of virNetMessagePtr instances in streams processing
	If a message packet for a invalid stream is received it is just
	free'd. This is not good because it doesn't let the client RPC
	request counter decrement. If a stream is shutdown with pending
	packets the message also isn't released properly because of an
	incorrect header type

	* daemon/stream.c: Fix message header type
	* src/rpc/virnetserverprogram.c: Send dummy reply instead of
	  free'ing ignored stream message

	Add missing include of signal.h in virnetsocket.c
	virNetSocketFree uses kill(SIGTERM) so we must include
	signal.h for the definitions

	* src/rpc/virnetsocket.c: Include signal.h

	Add test case for parsing JSON docs
	While investigating some memory leaks it was unclear whether the
	JSON code correctly free'd all memory during parsing. Add a test
	case which can be run under valgrind to clearly demonstrate that
	the parser is leak free.

	* tests/Makefile.am: Add 'jsontest'
	* tests/jsontest.c: A few simple JSON parsing tests

	Fix potential crash when saving guests
	The qemudDomainSaveFlag method will call EndJob on the 'vm'
	object it is passed in. This can result in the 'vm' object
	being free'd if the last reference is removed. Thus no caller
	of 'qemudDomainSaveFlag' must *ever* reference 'vm' again
	upon return.

	Unfortunately qemudDomainSave and qemuDomainManagedSave
	both call 'virDomainObjUnlock', which can result in a
	crash. This is non-deterministic since it involves a race
	with the monitor I/O thread.

	Fix this by making qemudDomainSaveFlag responsible for
	calling virDomainObjUnlock instead.

	* src/qemu/qemu_driver.c: Fix potential use after free
	  when saving guests

	Fix uninitialized value in QEMU monitor FD sending code
	The 'char control[CMSG_SPACE(sizeof(int))];' was not being
	wiped, so could potentially contain uninitialized bytes.
	While this was harmless in this case, it caused complaints
	from valgrind

	* src/qemu/qemu_monitor.c: memset 'control' variable
	  in qemuMonitorIOWriteWithFD

	Fix leak of JSON object for events
	The event handler functions do not free the virJSONValuePtr
	object. Every event received from a VM thus caused a memory
	leak

	* src/qemu/qemu_monitor_json.c: Fix leak of event object

	Remove bogus warning message in JSON code
	* src/util/json.c: Remove warning message

	Fix use of uninitialized memory when releasing PCI slots
	The 'function' field in the PCI address was not correctly
	initialized, so it was building the wrong address address
	string and so not removing all functions from the in use
	list.

	* src/qemu/qemu_command.c: Fix initialization of PCI function

	Fix leak of virStreamPtr object with callback added in fdstream impl
	When adding a callback to an FD stream, we take an extra reference
	on the virStreamPtr instance. We forgot to registered a free function
	with the callback, so when the callback was removed, the extra
	reference held on virStreamPtr was not released.

	* src/fdstream.c: Use a free callback to release reference on
	  virStreamPtr when removing callback

	Fix leak of mdnsGroupName in virNetServer object
	* src/rpc/virnetserver.c: Free mdnsGroupName

	Fix release of filtered stream messages
	The stream code was reusing a stream message object before
	it was removed from the linked list of filtered messages.
	This caused any later queued messages to be completely lost.

	* daemon/stream.c: Delay reuse of stream message until
	  after it is removed from the queue

	Ensure RPC message is cleared before being reused
	To save on memory reallocation, virNetMessage instances that
	have been transmitted, may be reused for a subsequent incoming
	message. We forgot to clear out the old data of the message
	fully, which caused later confusion upon read.

	* src/rpc/virnetserverclient.c: memset entire message before
	  reusing it

	Fix hardcoded limit on client requests in RPC code
	The virNetServerClient object had a hardcoded limit of 10 requests
	per client. Extend constructor to allow it to be passed in as a
	configurable variable. Wire this up to the 'max_client_requests'
	config parameter in libvirtd

	* daemon/libvirtd.c: Pass max_client_requests into services
	* src/rpc/virnetserverservice.c, src/rpc/virnetserverservice.h: Pass
	  nrequests_client_max to clients
	* src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h: Allow
	  configurable request limit

2011-06-30  Osier Yang  <jyang@redhat.com>

	tests: Add valgrind.supp into EXTRA_DIST

	virsh: Fix a problem of buildPoolXML
	It doesn't generate "<name>" and "<format>" nodes for "<source>"
	even if they are explicitly specified. This patch fixes it.

2011-06-30  Wen Congyang  <wency@cn.fujitsu.com>

	lock qemu_driver early in qemuGetSchedulerParametersFlags()
	If we pass VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG to
	qemuGetSchedulerParametersFlags() or *nparams is less than 1,
	we will unlock qemu_driver without locking it. It's very dangerous.

	We should lock qemu_driver after calling virCheckFlags().

	save domain status after modifing vcpupin
	We should save domain status after modifing vcpupin. If not,
	we will get wrong vcpupin information after rebooting libvirtd.

	Fix memory leak in virDomainVcpuPinDel()
	virDomainVcpuPinDefFree() does not free def->cputune.vcpupin if nvcpupin
	is 0, and does not set def->cputune.vcpupin to NULL.

	If we set nvcpupin to 0 but do not free vcpupin, vcpupin will not be freed
	when vm->def is freed.

	Use VIR_FREE() instead of virDomainVcpuPinDefFree() to free the memory
	and set def->cputune.vcpupint to NULL.

2011-06-29  Eric Blake  <eblake@redhat.com>

	build: avoid pod2man on tarball
	virt-sanlock-cleanup.8 has static contents (no dependency on
	configure), but is generated by pod2man (a perl dependency that
	maintainers must have, but which ordinary tarball users need
	not have).  Therefore, ensure that it is always part of the
	tarball, even though it is only conditionally installed.

	This is similar to commit 6db98a2d4b, but made simpler by the fact
	that the .8 page is static content.

	* tools/Makefile.am (EXTRA_DIST): Add virt-sanlock-cleanup.8.

2011-06-29  Minoru Usui  <usui@mxm.nes.nec.co.jp>

	sysinfo: fix illegal NULL return
	If virSysinfoParse{BIOS,System,Processor,Memory}()
	can't find newline('\n'), these return NULL.
	This patch fixes this.

2011-06-29  Daniel P. Berrange  <berrange@redhat.com>

	Ensure that EOF is dispatched to the stream callback
	When the remote client receives end of file on the stream
	it never invokes the stream callback. Applications relying
	on async event driven I/O will thus never see the EOF
	condition on the stream

	* src/rpc/virnetclient.c, src/rpc/virnetclientstream.c:
	  Ensure EOF is dispatched

	Fix locking wrt virNetClientStreamPtr object
	The client stream object can be used independently of the
	virNetClientPtr object, so must have full locking of its
	own and not rely on any caller.

	* src/remote/remote_driver.c: Remove locking around stream
	  callback
	* src/rpc/virnetclientstream.c: Add locking to all APIs
	  and callbacks

	Avoid referencing NULL pointer when copying stream error
	* src/rpc/virnetclientstream.c: Avoid referencing NULL

	Avoid free'ing a filtered RPC message in the server
	When a filter steals an RPC message, that message must
	not be freed, except by the filter code itself

	* src/rpc/virnetserverclient.c: Don't free stolen RPC
	  messages

	Improve two log messages in virNetMessage
	Improve log messages issued when encountering a bogus
	message length to include the actual length and the
	limit violated

	* src/rpc/virnetmessage.c: Improve log messages

	Ensure empty payload is written upon stream completion
	On stream completion it is neccessary to send back a
	message with an empty payload. The message header was
	not being filled out correctly, since we were not writing
	any payload. Add a method for encoding an empty payload
	which updates the message headers correctly.

	* src/rpc/virnetmessage.c, src/rpc/virnetmessage.h: Add
	  a virNetMessageEncodePayloadEmpty method
	* src/rpc/virnetserverprogram.c: Write empty payload on
	  stream completion

	Lower logging level when failing to register socket watch
	The RPC client treats failure to register a socket watch
	as non-fatal, since we do not mandate that a libvirt client
	application provide an event loop implementation. It is
	thus inappropriate to a log a message at VIR_LOG_WARN

	* src/rpc/virnetsocket.c: Lower logging level

	Fix propagation of RPC errors from streams
	If a streams error is raised, virNetClientIOEventLoop
	returns 0, but an error is set. Check for this and
	propagate it if present

	* src/rpc/virnetclient.c: Propagate streams error

	Fix crash when aborting a stream from a I/O callback
	If a callback being invoked from a stream issues a virStreamAbort
	operation, the stream data will be free'd but the callback will
	then still try to use this. Delay free'ing of the stream data when
	a callback is dispatching

	* src/fdstream.c: Delay stream free when callback is active

2011-06-29  Michal Privoznik  <mprivozn@redhat.com>

	screenshot: Set access rights to temporary file
	Although we create a temporary file, it is owned by root:root and have
	rights 0600. In case qemu does not run under root, it is unable to write
	to that file and thus we transfer 0B sized file.

2011-06-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	dnsmasq: Fix errno handling and don't unlink non-existing files
	addnhostsSave and hostsfileSave expect < 0 return value on error from
	addnhostsWrite and hostsfileWrite but then pass err instead of -err
	to virReportSystemError that expects an errno value.

	Also addnhostsWrite returns -ENOMEM and errno, change this to -errno.

	addnhostsWrite and hostsfileWrite tried to unlink the tempfile after
	renaming it, making both fail on the final step. Remove the unnecessary
	unlink calls.

2011-06-29  Eric Blake  <eblake@redhat.com>

	maint: improve makefile whitespace
	None of these instances cause any semantic differences, but
	consistency is nice.

	* src/Makefile.am: Replace leading spaces with tabs.

2011-06-29  Osier Yang  <jyang@redhat.com>

	tests: Fix memory leak in virnetmessagetest
	Detected when playing with "make -C tests valgrind".

	conf: Fix memory leak in virNetworkDNSDefFormat

2011-06-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	network: Don't ignore errors in dnsmasq config file creation

	network: Fix dnsmasq hostsfile creation logic and related tests
	networkSaveDnsmasqHostsfile was added in 8fa9c2214247 (Apr 2010).
	It has a force flag. If the dnsmasq hostsfile already exists force
	needs to be true to overwrite it. networkBuildDnsmasqArgv sets force
	to false, networkDefine sets it to true. This results in the
	hostsfile being written only in networkDefine in the common case.
	If no error occurred networkSaveDnsmasqHostsfile returns true and
	networkBuildDnsmasqArgv adds the --dhcp-hostsfile to the dnsmasq
	command line.

	networkSaveDnsmasqHostsfile was changed in 89ae9849f744 (24 Jun 2011)
	to return a new dnsmasqContext instead of reusing one. This change broke
	the logic of the force flag as now networkSaveDnsmasqHostsfile returns
	NULL on error, but the early return -- if force was not set and the
	hostsfile exists -- returns 0. This turned the early return in an error
	case and networkBuildDnsmasqArgv didn't add the --dhcp-hostsfile option
	anymore if the hostsfile already exists. It did because networkDefine
	created the hostsfile already.

	Then 9d4e2845d498 fixed the return 0 case in networkSaveDnsmasqHostsfile
	but didn't apply the force option correctly to the new addnhosts file.
	Now force doesn't control an early return anymore, but influences the
	handling of the hostsfile context creation and dnsmasqSave is always
	called now. This commit also added test cases that reveal several
	problems. First, the tests now calls functions that try to write the
	dnsmasq config files to disk. If someone runs this tests as root this
	might overwrite actively used dnsmasq config files, this is a no-go. Also
	the tests depend on configure --localstatedir, this needs to be fixed as
	well, because it makes the tests fail when localstatedir is different
	from /var.

	This patch does several things to fix this:

	1) Move dnsmasqContext creation and saving out of networkBuildDnsmasqArgv
	to the caller to separate the command line generation from the config
	file writing. This makes the command line generation testable without the
	risk of interfering with system files, because the tests just don't call
	dnsmasqSave.

	2) This refactoring of networkSaveDnsmasqHostsfile makes the force flag
	useless as the saving happens somewhere else now. This fixes the wrong
	usage of the force flag in combination with then newly added addnhosts
	file by removing the force flag.

	3) Adapt the wrong test cases to the correct behavior, by adding the
	missing --dhcp-hostsfile option. Both affected tests contain DHCP host
	elements but missed the necessary --dhcp-hostsfile option.

	4) Rename networkSaveDnsmasqHostsfile to networkBuildDnsmasqHostsfile,
	because it doesn't save the dnsmasqContext anymore.

	5) Move all directory creations in dnsmasq context handling code from
	the *New functions to dnsmasqSave to avoid directory creations in system
	paths in the test cases.

	6) Now that networkBuildDnsmasqArgv doesn't create the dnsmasqContext
	anymore the test case can create one with the localstatedir that is
	expected by the tests instead of the configure --localstatedir given one.

	Fix compilation with systemtap 1.3
	Version 1.3 of <sys/sdt.h> uses this macro

	  #define STAP_CAST(t) (size_t)t

	that breaks like this if t is a function

	  remote.c:1775: error: cast from function call of type 'const char *'
	  to non-matching type 'long unsigned int' [-Wbad-function-cast]

	For that to work it should probably look like this

	  #define STAP_CAST(t) ((size_t)(t))

	In systemtap 1.4 this was completely rewritten.

	Anyway, before commit df0b57a95a767c t was always a variable, but now
	also a function is used here, namely virNetSASLSessionGetIdentity.

	Use an intermediate variable to avoid this problem.

2011-06-29  Eric Blake  <eblake@redhat.com>

	build: fix mingw build
	./autobuild.sh died on several messages resembling:

	../../src/rpc/virnetsocket.c: In function 'virNetSocketNewListenTCP':
	../../src/rpc/virnetsocket.c:231:9: error: implicit declaration of function 'bind_used_without_requesting_gnulib_module_bind' [-Wimplicit-function-declaration]
	../../src/rpc/virnetsocket.c:231:9: error: nested extern declaration of 'bind_used_without_requesting_gnulib_module_bind' [-Wnested-externs]

	Basically, gnulib socket fds are not safe to pass to mingw socket
	functions unless we pull in those gnulib modules.

	* bootstrap.conf (gnulib_modules): Add modules to handle socket
	functions on mingw.

	sysinfo: fix parsing regression
	Detected by gcc -O2, introduced in commit 532ce9c2.  If dmidecode
	outputs a field unrecognized by the parsers, then the code would
	dereference an uninitialized eol variable.

	* src/util/sysinfo.c (virSysinfoParseBIOS)
	(virSysinfoParseSystem, virSysinfoParseProcessor)
	(virSysinfoParseMemory): Avoid uninitialized variable.

	build: update translated files
	The last patch was incomplete.  The translated strings merely
	moved between generated file names, rather than disappearing.

	* cfg.mk (generated_files): Update generated file names.
	* po/POTFILES.in: Add remote_dispatch.h

2011-06-29  Jiri Denemark  <jdenemar@redhat.com>

	build: Don't expect translatable strings in a dead file
	daemon/remote_dispatch_bodies.h is no longer with us and shouldn't be
	searched for translatable strings.

	daemon: Fix build without polkit

2011-06-29  Eric Blake  <eblake@redhat.com>

	remote: fix uninitialized variable
	Detected by gcc -O2:

	remote/remote_driver.c: In function 'doRemoteOpen':
	remote/remote_driver.c:2753:26: error: 'sasl' may be used uninitialized in this function [-Werror=uninitialized]

	* src/remote/remote_driver.c (remoteAuthSASL): Initialize sasl.

	build: fix 'make check' when pdwtags is available
	Problem introduced in commit 6818cf86.

	* src/remote_protocol-structs: Delete unused struct.

	build: sanlock-devel is not in F15 yet
	* libvirt.spec.in (with_sanlock): Only default on in rawhide.
	Reported by Gerhard Stenzel.

2011-06-29  Daniel P. Berrange  <berrange@redhat.com>

	Add documentation for configuration lock managers
	Add a page which documents how to configure lock managers,
	focusing on use of sanlock with the QEMU/KVM driver

	* docs/locking.html.in: Docs about lock managers
	* docs/sitemap.html.in: Add lock manager config to
	  the deployment section

	Support automatic creation of leases for disks in sanlock
	The current sanlock plugin requires a central management
	application to manually add <lease> elements to each guest,
	to protect resources that are assigned to it (eg writable
	disks). This makes the sanlock plugin useless for usage
	in more ad hoc deployment environments where there is no
	central authority to associate disks with leases.

	This patch adds a mode where the sanlock plugin will
	automatically create leases for each assigned read-write
	disk, using a md5 checksum of the fully qualified disk
	path. This can work pretty well if guests are using
	stable disk paths for block devices eg /dev/disk/by-path/XXXX
	symlinks, or if all hosts have NFS volumes mounted in
	a consistent pattern.

	The plugin will create one lockspace for managing disks
	with filename /var/lib/libvirt/sanlock/__LIBVIRT__DISKS__.
	For each VM disks, there will be another file to hold
	a lease /var/lib/libvirt/sanlock/5903e5d25e087e60a20fe4566fab41fd
	Each VM disk lease is usually 1 MB in size. The script
	virt-sanlock-cleanup should be run periodically to remove
	unused lease files from the lockspace directory.

	To make use of this capability the admin will need to do
	several tasks:

	 - Mount an NFS volume (or other shared filesystem)
	   on /var/lib/libvirt/sanlock
	 - Configure 'host_id' in /etc/libvirt/qemu-sanlock.conf
	   with a unique value for each host with the same NFS
	   mount
	 - Toggle the 'auto_disk_leases' parameter in qemu-sanlock.conf

	Technically the first step can be skipped, in which case
	sanlock will only protect against 2 vms on the same host
	using the same disk (or the same VM being started twice
	due to error by libvirt).

	* src/locking/libvirt_sanlock.aug,
	  src/locking/sanlock.conf,
	  src/locking/test_libvirt_sanlock.aug: Add config params
	  for configuring auto lease setup
	* libvirt.spec.in: Add virt-sanlock-cleanup program, man
	  page
	* tools/virt-sanlock-cleanup.in: Script to purge unused
	  disk resource lease files

	Support loading a configuration file for sanlock plugin
	Introduce a configuration file with a single parameter
	'require_lease_for_disks', which is used to decide whether
	it is allowed to start a guest which has read/write disks,
	but without any leases.

	* libvirt.spec.in: Add sanlock config file and augeas
	  lens
	* src/Makefile.am: Install sanlock config file and
	  augeas lens
	* src/locking/libvirt_sanlock.aug: Augeas master lens
	* src/locking/test_libvirt_sanlock.aug: Augeas test file
	* src/locking/sanlock.conf: Example sanlock config
	* src/locking/lock_driver_sanlock.c: Wire up loading
	  of configuration file

	Allow per-driver config file for lock manager plugins
	Allow a 'configFile' parameter to be passed into the lock
	drivers to provide configuration. Wire up the QEMU driver
	to pass in file names '/etc/libvirt/qemu-$NAME.conf
	eg qemu-sanlock.conf

	* src/locking/lock_driver.h, src/locking/lock_driver_nop.c,
	  src/locking/lock_driver_sanlock.c, src/locking/lock_manager.c,
	  src/locking/lock_manager.h: Add configFile parameter
	* src/qemu/qemu_conf.c: Pass in configuration file path to
	  lock driver plugins

2011-06-29  Laine Stump  <laine@laine.org>

	network: add domain to unqualified names defined with <host>
	If a domain name is defined for a network, add the --expand-hosts
	option to the dnsmasq commandline. This results in the domain being
	added to any hostname that is defined in a dns <host> element and
	contains no '.' characters (i.e. it is an "unqualified"
	hostname). Since PTR records are automatically created for any name
	defined in <host>, the result of a PTR request will change from the
	unqualified name to the qualified name.

	This also has the same effect on any hostnames that dnsmasq reads
	from the host's /etc/hosts file.

	(In the case of guest hostnames that were learned by dnsmasq via DHCP
	requests, they were already getting the domain name added on, even
	without --expand-hosts).

2011-06-29  Daniel P. Berrange  <berrange@redhat.com>

	Cleanup remote protocol definitions
	The standard remote protocol for libvirtd no longer needs to
	include definitions of the generic message header/error structs
	or status codes. This is all defined in the generic RPC protocol

	* src/remote/remote_protocol.x: Remove all RPC message definitions
	* src/remote/remote_protocol.h, src/remote/remote_protocol.c:
	  Re-generate
	* daemon/remote_generate_stubs.pl: Delete obsolete script

	Remove obsolete libvirtd mdns code
	libvirtd now uses the generic RPC code for MDNS, so its
	custom mdns APIs are no longer required

	* daemon/mdns.c, daemon/mdns.h: Removed obsolete files

	Convert libvirtd over to the new RPC handling APIs
	This guts the libvirtd daemon, removing all its networking and
	RPC handling code. Instead it calls out to the new virServerPtr
	APIs for all its RPC & networking work

	As a fallout all libvirtd daemon error reporting now takes place
	via the normal internal error reporting APIs. There is no need
	to call separate error reporting APIs in RPC code, nor should
	code use VIR_WARN/VIR_ERROR for reporting fatal problems anymore.

	* daemon/qemu_dispatch_*.h, daemon/remote_dispatch_*.h: Remove
	  old generated dispatcher code
	* daemon/qemu_dispatch.h, daemon/remote_dispatch.h: New dispatch
	  code
	* daemon/dispatch.c, daemon/dispatch.h: Remove obsoleted code
	* daemon/remote.c, daemon/remote.h: Rewrite for new dispatch
	  APIs
	* daemon/libvirtd.c, daemon/libvirtd.h: Remove all networking
	  code
	* daemon/stream.c, daemon/stream.h: Update for new APIs
	* daemon/Makefile.am: Link to libvirt-net-rpc-server.la

	Convert the remote driver to new RPC client APIs
	This guts the current remote driver, removing all its networking
	handling code. Instead it calls out to the new virClientPtr and
	virClientProgramPtr APIs for all RPC & networking work.

	* src/Makefile.am: Link remote driver with generic RPC code
	* src/remote/remote_driver.c: Gut code, replacing with RPC
	  API calls
	* src/rpc/gendispatch.pl: Update for changes in the way
	  streams are handled

	Add XDR_CFLAGS to libvirt-net-rpc.la library
	* src/Makefile.am: Add XDR_CFLAGS

2011-06-28  Daniel P. Berrange  <berrange@redhat.com>

	Ensure sanlock socket is labelled with the VM process label
	The libvirt sanlock plugin is intentionally leaking a file
	descriptor to QEMU. To enable QEMU to use this FD under
	SELinux, it must be labelled correctly. We dont want to use
	the svirt_image_t for this, since QEMU must not be allowed
	to actually use the FD. So instead we label it with svirt_t
	using virSecurityManagerSetProcessFDLabel

	* src/locking/domain_lock.c, src/locking/domain_lock.h,
	  src/locking/lock_driver.h, src/locking/lock_driver_nop.c,
	  src/locking/lock_driver_sanlock.c, src/locking/lock_manager.c,
	  src/locking/lock_manager.h: Optionally pass an FD back to
	  the hypervisor for security driver labelling
	* src/qemu/qemu_process.c: label the lock manager plugin
	  FD with the process label

	Add a virSecurityManagerSetProcessFDLabel
	Add a new security driver method for labelling an FD with
	the process label, rather than the image label

	* src/libvirt_private.syms, src/security/security_apparmor.c,
	  src/security/security_dac.c, src/security/security_driver.h,
	  src/security/security_manager.c, src/security/security_manager.h,
	  src/security/security_selinux.c, src/security/security_stack.c:
	  Add virSecurityManagerSetProcessFDLabel & impl

	Rename virSecurityManagerSetFDLabel method
	The virSecurityManagerSetFDLabel method is used to label
	file descriptors associated with disk images. There will
	shortly be a need to label other file descriptors in a
	different way. So the current name is ambiguous. Rename
	the method to virSecurityManagerSetImageFDLabel to clarify
	its purpose

	* src/libvirt_private.syms,
	  src/qemu/qemu_migration.c, src/qemu/qemu_process.c,
	  src/security/security_apparmor.c, src/security/security_dac.c,
	  src/security/security_driver.h, src/security/security_manager.c,
	  src/security/security_manager.h, src/security/security_selinux.c,
	  src/security/security_stack.c: s/FDLabel/ImageFDLabel/

2011-06-28  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add node prefix to virNodeGet(CPU|Memory)Stats structs and defines

2011-06-28  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix update device for CURRENT + FORCE flags
	When CURRENT and FORCE flags were used together, UpdateDeviceFlags did
	nothing because it failed to transform CURRENT into either LIVE or
	CONFIG.

2011-06-28  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Return error message about unresolvable variables
	This is in response to bugzilla 664629

	https://bugzilla.redhat.com/show_bug.cgi?id=664629

	The patch below returns an appropriate error message if the chain of
	nwfilters is found to contain unresolvable variables and therefore
	cannot be instantiated.

	Example: The following XMl added to a domain:

	    <interface type='bridge'>
	      <mac address='52:54:00:9f:80:45'/>
	      <source bridge='virbr0'/>
	      <model type='virtio'/>
	      <filterref filter='test'/>
	    </interface>

	that references the following filter

	<filter name='test' chain='root'>
	  <filterref filter='clean-traffic'/>
	  <filterref filter='allow-dhcp-server'/>
	</filter>

	now displays upon 'virsh start mydomain'

	error: Failed to start domain mydomain
	error: internal error Cannot instantiate filter due to unresolvable variable: DHCPSERVER

	'DHPCSERVER' is contained in allow-dhcp-server.

2011-06-27  Eric Blake  <eblake@redhat.com>

	build: rename Vcpupin to VcpuPin
	We already have a public virDomainPinVcpu, which implies that
	Pin and Vcpu are treated as separate words.  Unreleased commit
	e261987c introduced virDomainGetVcpupinInfo as the first public
	API that used Vcpupin, although we had prior internal uses of
	that spelling.  For consistency, change the spelling to be two
	words everywhere, regardless of whether pin comes first or last.

	* daemon/remote.c: Treat vcpu and pin as separate words.
	* include/libvirt/libvirt.h.in: Likewise.
	* src/conf/domain_conf.c: Likewise.
	* src/conf/domain_conf.h: Likewise.
	* src/driver.h: Likewise.
	* src/libvirt.c: Likewise.
	* src/libvirt_private.syms: Likewise.
	* src/libvirt_public.syms: Likewise.
	* src/libxl/libxl_driver.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.
	* src/remote/remote_driver.c: Likewise.
	* src/xen/xend_internal.c: Likewise.
	* tools/virsh.c: Likewise.
	* src/remote/remote_protocol.x: Likewise.
	* src/remote_protocol-structs: Likewise.
	Suggested by Matthias Bolte.

2011-06-27  Minoru Usui  <usui@mxm.nes.nec.co.jp>

	sysinfo: cleanup function/struct names.
	Fix lack of 'virSysinfo' prefix of functions/structs in src/util/sysinfo.[ch]

	sysinfo: fix lack of error check in virSysinfoFormat().
	Fix lack of error check in virSysinfoFormat().

2011-06-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Partly fix networkxml2argvtest being configure result dependent
	Convert networkDnsmasqLeaseFileName to a replaceable function pointer
	that allow the testsuite to use a version of that function that is not
	depending on configure --localstatedir.

	This fixes 5 of 6 test failures, when configure --localstatedir isn't
	set to /var.

2011-06-27  Osier Yang  <jyang@redhat.com>

	qemu: Remove bogus error codes for NUMA memory tuning
	This is no code between virSaveLastError and virGetLastError will
	set an error, remove the bogus codes.

2011-06-27  Laine Stump  <laine@laine.org>

	network: fix indentation in networkBuildDnsmasqArgv
	This block was inadvertently added with the wrong indentation.

2011-06-27  Ruben Kerkhof  <ruben@rubenkerkhof.com>

	Only include parthelper if built with storage_disk
	Parthelper is only compiled if both --with-libvirtd
	and --with-storage-disk are set.

2011-06-25  Eric Blake  <eblake@redhat.com>

	build: avoid uninitialized variable
	Caught by gcc -O2, during autobuild.sh.

	* src/qemu/qemu_driver.c (qemudDomainGetVcpupinInfo): Initialize vm.

	build: fix VPATH builds
	The build currently fails when trying to create virnetprotocol.c
	into $(builddir)/rpc, which doesn't exist.  But since the file
	is part of the tarball, it should be generated into $(srcdir).
	Caught by autobuild.sh.

	* src/Makefile.am (VIR_NET_RPC_GENERATED): Generate into srcdir.

2011-06-25  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	vcpupin: add query option to virsh vcpupin command
	This patch teaches "virsh vcpupin" command to query if no list
	is given. Its feature is to show CPU affinity information in more
	reader-friendly way.

	 # virsh vcpupin VM --config
	 VCPU: CPU Affinity
	 ----------------------------------
	    0: 1-6,9-20
	    1: 10
	    2: 5,9-11,15-20
	    3: 1,3,5,7,9,11,13,15

	When cpulist is omitted, vcpu number is optional. When vcpu number is
	provided, information of only specified vcpu is displayed.

	vcpuinfo: add the code to fallback to try new API
	The "virsh vcpuinfo" command results in failure when the target domain
	is inactive on KVM. This patch improves this behavior by adding the
	fallback to invoke virDomainGetVcpupinInfo API in case of
	virDomainGetVcpus API returns error and the target domain is inactive.

	vcpupin: implement the remote protocol to address the new API
	This patch implements the remote protocol to address the new API
	(virDomainGetVcpupinInfo).

	vcpupin: implement the code to support new API for the qemu driver
	This patch implements the code to address the new API (virDomainGetVcpupinInfo)
	in the qemu driver.

	vcpupin: introduce the new libvirt API (virDomainGetVcpupinInfo)
	This patch introduces a new libvirt API (virDomainGetVcpupinInfo),
	as a counterpart to virDomainPinVcpuFlags.

	We can use virDomainGetVcpus API to retrieve CPU affinity information,
	but can't use this API against inactive domains (at least in case of KVM),
	as it lacks a flags parameter.
	The usual thing is to add a new virDomainGetVcpusFlags, but that API name
	is already occupied by the counterpart to virDomainGetMaxVcpus, which
	has a completely different signature.

	The virDomainGetVcpupinInfo is the new API to retrieve CPU affinity
	information of active and inactive domains.  While the usual convention
	is to list an array before its length, this API violates that rule
	in order to be more like virDomainGetVcpus (where maxinfo was doing
	double-duty as the length of two different arrays).

2011-06-25  Laine Stump  <laine@laine.org>

	docs: fix indentation of sub-elements of <ip> in network XML
	The sub-elements of <ip> had been placed at the same level of
	indentation as ip itself, implying that they were really elements of
	<network>. Within that, sub-elements of ip/dhcp were also at that same
	level. These have been double-indented.

	At the same time, I realized that the documentation for the new <dns>
	element had been placed right in the middle of the description of the
	sub-elements of <ip>. I moved it up out of the way.

2011-06-25  Eric Blake  <eblake@redhat.com>

	buf: protect against integer overflow
	It's unlikely that we'll ever want to escape a string as long as
	INT_MAX/6, but adding this check can't hurt.

	* src/util/buf.c (virBufferEscapeSexpr, virBufferEscapeString):
	Check for (unlikely) overflow.

	remote: protect against integer overflow
	Integer overflow and remote code are never a nice mix.

	This has existed since commit 56cd414.

	* src/libvirt.c (virDomainGetVcpus): Reject overflow up front.
	* src/remote/remote_driver.c (remoteDomainGetVcpus): Avoid overflow
	on sending rpc.
	* daemon/remote.c (remoteDispatchDomainGetVcpus): Avoid overflow on
	receiving rpc.

	build: update gnulib for intprops
	Done as a separate commit to make backporting the next patch easier.
	We are already using "intprops.h", but this makes it explicit.

	* .gnulib: Update, for syntax-check fix.
	* bootstrap.conf (gnulib_modules): Make intprops use explicit.
	* src/locking/domain_lock.c (includes): Drop unused header.
	* src/nwfilter/nwfilter_learnipaddr.c (includes): Use "", not <>,
	for gnulib.

	build: avoid long line tests
	'make syntax-check' regression introduced in commit 60b9c69.

	* tests/networkxml2argvdata/*.argv: Break long lines.

2011-06-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	Rename iface(G|S)etMacaddr to iface(G|S)etMacAddress for consistency

	Fix typo in libvirt_private.syms
	Triggered a linker error on MinGW.

2011-06-25  Michal Novotny  <minovotn@redhat.com>

	Network: Add support for DNS hosts definition to the network XML
	This commit introduces names definition for the DNS hosts file using
	the following syntax:

	  <dns>
	    <host ip="192.168.1.1">
	      <name>alias1</name>
	      <name>alias2</name>
	    </host>
	  </dns>

	Some of the improvements and fixes were done by Laine Stump so
	I'm putting him into the SOB clause again ;-)

	Network: Add additional hosts internal infrastructure

	Network: Add regression tests for the command-line arguments
	The regression testing done by comparison of command-line
	generated from the network XML file and the expected
	command-line arguments (read from file).

	Network: modify dnsmasq commandline build function to allow testing
	The dnsmasq commandline was being built as a part of running
	dnsmasq. This patch puts the commandline build into a separate
	function (and exports it as a private API) making it possible to build
	a dnsmasq commandline without executing it, so that we can write a
	test program to verify that the proper commandlines are being created.

	Add TXT record support for virtual DNS service
	This commit introduces the <dns> element and <txt> record for the
	virtual DNS network. The DNS TXT record can be defined using following
	syntax in the network XML file:

	  <dns>
	    <txt name="example" value="example value" />
	  </dns>

	Also, the Relax-NG scheme has been altered to allow the texts without
	spaces only for the name element and some nitpicks about memory
	free'ing have been fixed by Laine so therefore I'm adding Laine to the
	SOB clause ;-)

2011-06-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	python: Don't declare Py_ssize_t for Python 2.6
	Commit cd48c3f4e95597 added a Py_ssize_t typedef for Python < 2.7.
	But Py_ssize_t was added in Python 2.5. This makes the build fail
	for Python 2.6.

	Adjust the check to match Python < 2.5 to fix this.

	tests: Improve IPv6 detection for virNetSocket tests
	getifaddrs can return an IPv6 address, but getaddrinfo can fail
	for an IPv6 address. Cover this combination.

2011-06-25  Jamie Strandboge  <jamie@canonical.com>

	Move load of AppArmor profile to GenLabel()
	Commit 12317957ecd6c37a2fb16275dcdeeacfe25c517 introduced an incompatible
	architectural change for the AppArmor security driver. Specifically,
	virSecurityManagerSetAllLabel() is now called much later in
	src/qemu/qemu_process.c:qemuProcessStart(). Previously, SetAllLabel() was
	called immediately after GenLabel() such that after the dynamic label (profile
	name) was generated, SetAllLabel() would be called to create and load the
	AppArmor profile into the kernel before qemuProcessHook() was executed. With
	12317957ecd6c37a2fb16275dcdeeacfe25c517, qemuProcessHook() is now called
	before SetAllLabel(), such that aa_change_profile() ends up being called
	before the AppArmor profile is loaded into the kernel (via ProcessLabel() in
	qemuProcessHook()).

	This patch addresses the change by making GenLabel() load the AppArmor
	profile into the kernel after the label (profile name) is generated.
	SetAllLabel() is then adjusted to only reload_profile() and append stdin_fn to
	the profile when it is specified. This also makes the AppArmor driver work
	like its SELinux counterpart with regard to SetAllLabel() and stdin_fn.
	Bug-Ubuntu: https://launchpad.net/bugs/801569

2011-06-24  Eric Blake  <eblake@redhat.com>

	docs: document correct flag name
	When adding virDomainGetVcpusFlags in commit ea3f5c6, I did
	enough rebasing that the doc comments in libvirt.c no longer
	matched the final chosen enum names in libvirt.h.

	And now we've gone ahead and deprecated the names
	VIR_DOMAIN_VCPU_{LIVE,CONFIG}.

	* src/libvirt.c (virDomainGetVcpusFlags): Fix comment.

	Revert "Add new API virDomainBlockPull* to headers"
	This reverts commit 7d56a16d036d9aa7292e10e884c129742036f8a7.

	Conflicts:

		python/generator.py
		src/libvirt_public.syms

	Revert "virDomainBlockPull: Implement the main entry points"
	This reverts commit 6419f596e114ee9f372136cc2b9eb19f1cbb7a77.

	Revert "Add virDomainBlockPull support to the remote driver"
	This reverts commit d1693bb160ea78954592c45a40eb856190c619c8.

	Conflicts:

		daemon/remote.c
		src/remote/remote_driver.c
		src/remote/remote_protocol.x

	Revert "Implement virDomainBlockPull for the qemu driver"
	This reverts commit 784ee08d2220d2a77424d5fc756b6eebe8efd5fa.

	Revert "Enable the virDomainBlockPull API in virsh"
	This reverts commit 3e2493ce28b7e20416e916fdf893a9569c267925.

	Revert "Enable virDomainBlockPull in the python API."
	This reverts commit d74b86f5d6ecae3d18a391f90a918fcac75914db.

	Conflicts:

		python/generator.py

	Revert "Asynchronous event for BlockPull completion"
	This reverts commit 12cd77a0c58a80179182f7d09e8e73f9f66b4677.

	Conflicts:

		python/libvirt-override-virConnect.py
		python/libvirt-override.c
		src/remote/remote_protocol.x

	build: avoid python 2.4 build failure
	I'm not sure when Py_ssize_t was introduced; but Fedora 14 Python 2.7
	has it, while RHEL 5 Python 2.4 lacks it.  It should be easy enough
	to adjust if someone runs into problems.

	* python/typewrappers.h (Py_ssize_t): Define for older python.

	build: fix NUMA build on RHEL 5
	Use NUMA's older nodemask_t (fixed-size map) rather than the newer
	'struct bitmask' (variable-size) in order to still compile on RHEL 5,
	with its numactl-devel-0.9.8.

	* src/qemu/qemu_process.c [HAVE_NUMA]: Prefer back-compat mode.
	(qemuProcessInitNumaMemoryPolicy): Use older nodemask_t.

2011-06-24  Minoru Usui  <usui@mxm.nes.nec.co.jp>

	Add Memory Device Information to virSysinfoRead() from dmidecode type 17
	* src/util/sysinfo.[ch]: also parse and save all the SMBIOS informations
	  about memory modules

	Add Processor Information to virSysinfoRead() from dmidecode type 4
	* src/util/sysinfo.c: add parsing and formatting of processor
	  information data

	Cleanup virSysinfoRead()
	* src/util/sysinfo.c: Separate BIOSInfo and SystemInfo part from
	                      virSysinfoRead()

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Make sure virnetprotocol.[ch] are in BUILT_SOURCES
	To ensure virnetprotocol.[ch] are generated before any other
	files, add them to BUILT_SOURCES and MAINTAINERCLEANFILES.
	At the same time, move ESX_DRIVER_GENERATED out of DISTCLEAN
	and into MAINTAINERCLEANFILES, since they are included in
	EXTRA_DIST

	* src/Makefile.am: Add virnetprotocol.[ch] to BUILT_SOURCES

2011-06-24  Eric Blake  <eblake@redhat.com>

	maint: typo fixes
	* src/xenxs/xen_sxpr.c (xenParseSxprPCI): Comment fix.
	* tests/object-locking.ml (driverTables): Likewise.
	* tests/testutils.c (virtTestDifferenceBin): Likewise.

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix some bugs in RPC protocol make rules
	The Makefile.am rules for generating RPC protocol had a couple
	of bugs

	 - A instance of remote/rpcgen_fix.pl  was not changed
	   to rpc/genprotocol.pl
	 - A dep from rpc/virnetmessage.h on the generated
	   rpc/virnetprotocol.h was missing
	 - The generated rpc/virnetprotocol.[ch] were not listed
	   in MAINTAINERCLEANFILES

	* Makefile.am: Fix RPC protocol generation

	Add missing translation of error message from QEMU reboot patch
	* src/qemu/qemu_process.c: Add missing _(...)

	Fix job type set in qemuMigrationPrepareDirect/PrepareTunnel
	The qemuMigrationPrepareDirect/PrepareTunnel methods accidentally
	set the domain job to  QEMU_JOB_MIGRATION_OUT when it should have
	been  QEMU_JOB_MIGRATION_IN. This didn't have any ill-effect, but
	it is none-the-less wrong.

	* src/qemu/qemu_migration.c: Fix job type

	Avoid high privileges taint warning for QEMU session driver
	The code emitting taint warnings was mistakenly thinking
	that guests run from the QEMU session driver were tainted
	for having high privileges. This is of course nonsense
	since the session driver is always unprivileged

	* src/qemu/qemu_domain.c: Don't warn for high privileges in
	  non-privileged QEMU

	Allow automatic kill of guests when a connection is closed
	If an application is using libvirt + KVM as a piece of its
	internal infrastructure to perform a specific task, it can
	be desirable to guarentee the VM dies when the virConnectPtr
	disconnects from libvirtd. This ensures the app can't leak
	any VMs it was using. Adding VIR_DOMAIN_START_AUTOKILL as
	a flag when starting guests enables this to be done.

	* include/libvirt/libvirt.h.in: All VIR_DOMAIN_START_AUTOKILL
	* src/qemu/qemu_driver.c: Support automatic killing of guests
	  upon connection close
	* tools/virsh.c: Add --autokill flag to 'start' and 'create'
	  commands

	Automatically kill target QEMU if migration aborts abnormally
	Migration is a multi-step process

	  1. Begin(src)
	  2. Prepare(dst)
	  3. Perform(src)
	  4. Finish(dst)
	  5. Confirm(src)

	At step 2, a QEMU process is lauched in the destination to
	accept the incoming migration. Occasionally the process
	that is controlling the migration workflow aborts, and fails
	to call step 4, Finish. This leaves a QEMU process running
	on the target (albeit with paused CPUs). Unfortunately because
	step 2 actives a job on the QEMU process, it is unkillable by
	normal means.

	By registering the VM for autokill against the src virConnectPtr
	in step 2, we can ensure that the guest is forcefully killed off
	if the connection is closed without step 4 being invoked

	* src/qemu/qemu_migration.c: Register autokill in PrepareDirect
	  and PrepareTunnel. Unregister autokill on successful run
	  of Finish
	* src/qemu/qemu_process.c: Unregister autokill when stopping a
	  process

	Add infrastructure to automatically destroy guests when a connection closes
	Sometimes it is useful to be able to automatically destroy a guest when
	a connection is closed. For example, kill an incoming migration if
	the client managing the migration dies. This introduces a map between
	guest 'uuid' strings and virConnectPtr objects. When a connection is
	closed, any associated guests are killed off.

	* src/qemu/qemu_conf.h: Add autokill hash table to qemu driver
	* src/qemu/qemu_process.c, src/qemu/qemu_process.h: Add APIs
	  for performing autokill of guests associated with a connection
	* src/qemu/qemu_driver.c: Initialize autodestroy map

	Support reboots with the QEMU driver
	For controlled shutdown we issue a 'system_powerdown' command
	to the QEMU monitor. This triggers an ACPI event which (most)
	guest OS wire up to a controlled shutdown. There is no equiv
	ACPI event to trigger a controlled reboot. This patch attempts
	to fake a reboot.

	 - In qemuDomainObjPrivatePtr we have a bool fakeReboot
	   flag.
	 - The virDomainReboot method sets this flag and then
	   triggers a normal 'system_powerdown'.
	 - The QEMU process is started with '-no-shutdown'
	   so that the guest CPUs pause when it powers off the
	   guest
	 - When we receive the 'POWEROFF' event from QEMU JSON
	   monitor if fakeReboot is not set we invoke the
	   qemuProcessKill command and shutdown continues
	   normally
	 - If fakeReboot was set, we spawn a background thread
	   which issues 'system_reset' to perform a warm reboot
	   of the guest hardware. Then it issues 'cont' to
	   start the CPUs again

	* src/qemu/qemu_command.c: Add -no-shutdown flag if
	  we have JSON support
	* src/qemu/qemu_domain.h: Add 'fakeReboot' flag to
	  qemuDomainObjPrivate struct
	* src/qemu/qemu_driver.c: Fake reboot using the
	  system_powerdown command if JSON support is available
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  binding for system_reset command
	* src/qemu/qemu_process.c: Reset the guest & start CPUs if
	  fakeReboot is set

	Move the RPC generator scripts into src/rpc
	Move the daemon/remote_generator.pl to src/rpc/gendispatch.pl
	and move the src/remote/rpcgen_fix.pl to src/rpc/genprotocol.pl

	* daemon/Makefile.am: Update for new name/location of generator
	* src/Makefile.am: Update for new name/location of generator

	Introduce generic RPC client objects
	To facilitate creation of new clients using XDR RPC services,
	pull alot of the remote driver code into a set of reusable
	objects.

	 - virNetClient: Encapsulates a socket connection to a
	   remote RPC server. Handles all the network I/O for
	   reading/writing RPC messages. Delegates RPC encoding
	   and decoding to the registered programs

	 - virNetClientProgram: Handles processing and dispatch
	   of RPC messages for a single RPC (program,version).
	   A program can register to receive async events
	   from a client

	 - virNetClientStream: Handles generic I/O stream
	   integration to RPC layer

	Each new client program now merely needs to define the list of
	RPC procedures & events it wants and their handlers. It does
	not need to deal with any of the network I/O functionality at
	all.

	Introduce generic RPC module for advertising via MDNS
	Allow RPC servers to advertise themselves using MDNS,
	via Avahi

	* src/rpc/virnetserver.c, src/rpc/virnetserver.h: Allow
	  registration of MDNS services via avahi
	* src/rpc/virnetserverservice.c, src/rpc/virnetserverservice.h: Add
	  API to fetch the listen port number
	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add API to
	  fetch the local port number
	* src/rpc/virnetservermdns.c, src/rpc/virnetservermdns.h: Represent
	  an MDNS advertisement

	Introduce generic RPC server objects
	To facilitate creation of new daemons providing XDR RPC services,
	pull a lot of the libvirtd daemon code into a set of reusable
	objects.

	 * virNetServer: A server contains one or more services which
	   accept incoming clients. It maintains the list of active
	   clients. It has a list of RPC programs which can be used
	   by clients. When clients produce a complete RPC message,
	   the server passes this onto the corresponding program for
	   handling, and queues any response back with the client.

	 * virNetServerClient: Encapsulates a single client connection.
	   All I/O for the client is handled, reading & writing RPC
	   messages.

	 * virNetServerProgram: Handles processing and dispatch of
	   RPC method calls for a single RPC (program,version).
	   Multiple programs can be registered with the server.

	 * virNetServerService: Encapsulates socket(s) listening for
	   new connections. Each service listens on a single host/port,
	   but may have multiple sockets if on a dual IPv4/6 host.

	Each new daemon now merely has to define the list of RPC procedures
	& their handlers. It does not need to deal with any network related
	functionality at all.

	Integrate TLS/SASL directly into the socket APIs
	This extends the basic virNetSocket APIs to allow them to have
	a handle to the TLS/SASL session objects, once established.
	This ensures that any data reads/writes are automagically
	passed through the TLS/SASL encryption layers if required.

	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Wire up
	  SASL/TLS encryption

	Generic module for handling SASL authentication & encryption
	This provides two modules for handling SASL

	 * virNetSASLContext provides the process-wide state, currently
	   just a whitelist of usernames on the server and a one time
	   library init call

	 * virNetTLSSession provides the per-connection state, ie the
	   SASL session itself. This also include APIs for providing
	   data encryption/decryption once the session is established

	* src/Makefile.am: Add to libvirt-net-rpc.la
	* src/rpc/virnetsaslcontext.c, src/rpc/virnetsaslcontext.h: Generic
	  SASL handling code

	Generic module for handling TLS encryption and x509 certs
	This provides two modules for handling TLS

	 * virNetTLSContext provides the process-wide state, in particular
	   all the x509 credentials, DH params and x509 whitelists
	 * virNetTLSSession provides the per-connection state, ie the
	   TLS session itself.

	The virNetTLSContext provides APIs for validating a TLS session's
	x509 credentials. The virNetTLSSession includes APIs for performing
	the initial TLS handshake and sending/recving encrypted data

	* src/Makefile.am: Add to libvirt-net-rpc.la
	* src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h: Generic
	  TLS handling code

	Introduce a generic object for using network sockets
	Introduces a simple wrapper around the raw POSIX sockets APIs
	and name resolution APIs. Allows for easy creation of client
	and server sockets with correct usage of name resolution APIs
	for protocol agnostic socket setup.

	It can listen for UNIX and TCP stream sockets.

	It can connect to UNIX, TCP streams directly, or indirectly
	to UNIX sockets via an SSH tunnel or external command

	* src/Makefile.am: Add to libvirt-net-rpc.la
	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Generic
	  sockets APIs
	* tests/Makefile.am: Add socket test
	* tests/virnetsockettest.c: New test case
	* tests/testutils.c: Avoid overriding LIBVIRT_DEBUG settings
	* tests/ssh.c: Dumb helper program for SSH tunnelling tests

	Provide a simple object for encoding/decoding RPC messages
	This provides a new struct that contains a buffer for the RPC
	message header+payload, as well as a decoded copy of the message
	header. There is an API for applying a XDR encoding & decoding
	of the message headers and payloads. There are also APIs for
	maintaining a simple FIFO queue of message instances.

	Expected usage scenarios are:

	To send a message

	   msg = virNetMessageNew()

	   ...fill in msg->header fields..
	   virNetMessageEncodeHeader(msg)
	   ...loook at msg->header fields to determine payload filter
	   virNetMessageEncodePayload(msg, xdrfilter, data)
	   ...send msg->bufferLength worth of data from buffer

	To receive a message

	   msg = virNetMessageNew()
	   ...read VIR_NET_MESSAGE_LEN_MAX of data into buffer
	   virNetMessageDecodeLength(msg)
	   ...read msg->bufferLength-msg->bufferOffset of data into buffer
	   virNetMessageDecodeHeader(msg)
	   ...look at msg->header fields to determine payload filter
	   virNetMessageDecodePayload(msg, xdrfilter, data)
	   ...run payload processor

	* src/Makefile.am: Add to libvirt-net-rpc.la
	* src/rpc/virnetmessage.c, src/rpc/virnetmessage.h: Internal
	  message handling API.
	* testutils.c, testutils.h: Helper for printing binary differences
	* virnetmessagetest.c: Validate all XDR encoding/decoding

	Defines the basics of a generic RPC protocol in XDR
	This patch defines the basics of a generic RPC protocol in XDR.
	This is wire ABI compatible with the original remote_protocol.x.
	It takes everything except for the RPC calls / events from that
	protocol

	 - The basic header virNetMessageHeader (aka remote_message_header)
	 - The error object virNetMessageError  (aka remote_error)
	 - Two dummy objects virNetMessageDomain & virNetMessageNetwork
	   sadly needed to keep virNetMessageError ABI compatible with
	   the old remote_error

	The RPC protocol supports method calls, async events and
	bidirectional data streams as before

	* src/Makefile.am: Add rules for generating RPC code from
	  protocol & define a new libvirt-net-rpc.la helper library
	* src/rpc/virnetprotocol.x: New generic RPC protocol

2011-06-24  Eric Blake  <eblake@redhat.com>

	build: avoid python 2.4 build failure
	On RHEL 5, I got:

	/usr/bin/python ./generator.py /usr/bin/python
	  File "./generator.py", line 427
	    "virStreamFree", # Needed in custom virStream __del__, but free shouldn't
	                   ^
	SyntaxError: invalid syntax

	* python/generator.py (function_skip_python_impl): Use same syntax
	as other skip lists.

	build: avoid compiler failure
	GCC complained about a C99 for-loop declaration outside of C99 mode
	when compiling on RHEL 5.

	* src/qemu/qemu_driver.c (qemudDomainPinVcpuFlags): Avoid C99 for
	loop, since gcc 4.1.2 hates it.

2011-06-24  David S. Wang  <dwang2@cisco.com>

	documenting the 802.1Qbh parameters of a 'direct' interface
	This patch adds documentation about the 802.1Qbh related parameters
	of the virtualport element for 'direct' interfaces.

2011-06-24  Eric Blake  <eblake@redhat.com>

	build: update to latest gnulib
	Gnulib has been busy, with 397 commits; it's easier to update now
	even without any known libvirt issue to be fixed, rather than
	having to analyze an even larger changeset later on.

	* .gnulib: Update to latest, for lots of changes.
	* bootstrap: Synchronize to upstream.

2011-06-23  Stefan Berger  <stefanb@us.ibm.com>

	build: fix compilation on systems missing libnl and new includes
	This patch fixes the compilation of netlink.c and interface.c on those
	systems missing either libnl or that have an older linux/if_link.h
	include file not supporting macvtap or VF_PORTS.

	WITH_MACVTAP is '1' if newer include files were detected, '0' otherwise.

	IFLA_PORT_MAX is defined in linux/if_link.h if yet more functionality is
	supported.

2011-06-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	configure: Make libnl optional unless macvtap is required
	If macvtap is required then libnl has to be available, otherwise
	libnl is optional.

2011-06-23  Cole Robinson  <crobinso@redhat.com>

	python: Generate virStreamFree but don't expose in bindings
	Turns out I was right in removing this the first time :) This is
	needed in our custom __del__ function, but the C code wasn't
	being generated. Add new infrastructure to do what we want

2011-06-23  Eric Blake  <eblake@redhat.com>

	maint: avoid future setgid problems
	* cfg.mk (sc_prohibit_setuid)
	(exclude_file_name_regexp--sc_prohibit_setuid): New rule.
	(VC_LIST_ALWAYS_EXCLUDE_REGEX): Always exempt po files.
	(exclude_file_name_regexp--sc_prohibit_asprintf): Simplify.
	(exclude_file_name_regexp--sc_prohibit_can_not): Drop.
	(exclude_file_name_regexp--sc_prohibit_doubled_word): Likewise.

2011-06-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: Make virConnectClose comply to apibuild.py expectations
	apibuild.py expects a sentence that starts with "Returns"
	describing the return value of a function.

2011-06-23  Osier Yang  <jyang@redhat.com>

	util: Fix memory leak in virJSONParserHandleStartMap

	qemu: Fix memory leak in qemuProcessWaitForMonitor
	Move "VIR_FREE(buf) into label "closelog", so that "buf" could be
	freed before returning.

2011-06-23  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Only check for NUMA availability if required
	We only care about NUMA availability if NUMA configuration is requested
	in domain XML.

2011-06-23  Matthew Booth  <mbooth@redhat.com>

	storage: fix volDelete return when volume still being allocated
	volDelete used to return VIR_ERR_INTERNAL_ERROR when attempting to
	delete a volume which was still being allocated. It should return
	VIR_ERR_OPERATION_INVALID.

	* src/storage/storage_driver.c: Fix return of volDelete.

2011-06-23  Eric Blake  <eblake@redhat.com>

	util: avoid PATH_MAX-sized array
	See previous patch for why this is good...

	* src/util/pci.c (struct _pciDevice, pciGetDevice, pciFreeDevice):
	Manage path dynamically.  Report snprintf overflow.
	* src/util/hostusb.c (struct _usbDevice, usbGetDevice)
	(usbFreeDevice): Likewise.

	xen: avoid PATH_MAX-sized array
	See previous patch for why this is good...

	* src/xen/xen_driver.h (xenXMConfCache): Manage filename
	dynamically.
	* src/xen/xm_internal.c (xenXMConfigCacheAddFile)
	(xenXMConfigFree, xenXMDomainDefineXML): Likewise.

	tests: avoid PATH_MAX-sized array
	See previous patch for why this is good...

	* src/test/test_driver.c (struct _testConn, testOpenFromFile)
	(testClose): Manage path dynamically.

	virStorageVol: avoid PATH_MAX-sized array
	POSIX allows implementations where PATH_MAX is undefined, leading
	to compilation error.  Not to mention that even if it is defined,
	it is often wasteful in relation to the amount of data being stored.

	All clients of vol->key were audited, and found not to care about
	whether key is static or dynamic, except for these offenders:

	* src/datatypes.h (struct _virStorageVol): Manage key dynamically.
	* src/datatypes.c (virReleaseStorageVol): Free key.
	(virGetStorageVol): Copy key.

	maint: add omitted copyright header
	Bug introduced in commit 6a597883.

	* src/util/netlink.h: Add boilerplate.

	docs: fix docs to match behavior of virConnectClose
	* src/libvirt.c (virConnectClose): Mention reference count return.
	Reported by Michal Novotny, analyzed by Matthias Bolte.

2011-06-23  Stefan Berger  <stefanb@us.ibm.com>

	cleanup: make several interface functions commonly available
	In a second cleanup step this patch makes several interface functions from macvtap.c commonly available by moving them into interface.c and prefixing their names with 'iface'. Those functions taking Linux-specific structures as parameters are only visible on Linux.

	ifaceRestoreMacAddress returns the return code from the ifaceSetMacAddr call and display an error message if setting the MAC address did not work. The caller is unchanged and still ignores the return code (which is ok).

	cleanup: make nlComm commonly available
	In a first cleanup step, make nlComm from macvtap.c commonly available
	for other code to use. Since nlComm uses Linux-specific structures as
	parameters it's prototype is only visible on Linux.

2011-06-23  Eric Blake  <eblake@redhat.com>

	maint: remove syntax-check exception
	We weren't using the @FOO@ notation for a Makefile substitution,
	but instead for a sed rule, so using [@]FOO@ instead avoids the
	need to exempt this syntax check.

	* cfg.mk (_makefile_at_at_check_exceptions): Delete.
	* tools/Makefile.am (virt-xml-validate, virt-pki-validate): Avoid
	tripping syntax-check.
	Reported by Daniel P. Berrange.

2011-06-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix use-after-free in handling domain taint flags
	* src/conf/domain_conf.c: Fix use after free

	Remove macvtap dependency on domain configuration
	Files under src/util must not depend on src/conf
	Solve the macvtap problem by moving the definition
	of macvtap modes from domain_conf.h into macvtap.h

	* src/util/macvtap.c, src/util/macvtap.h: Add enum
	  for macvtap modes
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Remove
	  enum for macvtap modes

2011-06-22  Osier Yang  <jyang@redhat.com>

	util: Correct the error prompt string
	virCommandProcessIO: It's reading from stdout or stderr of child,
	but not writing.

	qemu: Fix one memory leak
	* src/qemu/qemu_domain.c: (qemuDomainAppendLog)

	  Free "message" in "cleanup".

2011-06-22  Daniel Veillard  <veillard@redhat.com>

	Fix to python API extractor and API doc generation
	This fixes a number of issues most of them raised by Eric Blake on the
	generated documentation output:
	   - parsing of "long long int" and similar
	   - add parsing of unions within a struct
	   - remove spurious " * " fron comments on structure fields and enums
	   - fix concatenation of base type and name in arrays
	   - extend XSLT to cope with union in structs

	* docs/apibuild.py: fix and extend API extraction tool
	* docs/newapi.xsl: extend the stylesheets to cope with union in
	  public structures

2011-06-22  Michal Privoznik  <mprivozn@redhat.com>

	qemu: domain I/O asynchronous handling
	For virtio disks and interfaces, qemu allows users to enable or disable
	ioeventfd feature. This means, qemu can execute domain code, while
	another thread waits for I/O event. Basically, in some cases it is win,
	in some loss. This feature is available via 'ioeventfd' attribute in disk
	and interface <driver> element. It accepts 'on' and 'off'. Leaving this
	attribute out defaults to hypervisor decision.

2011-06-22  Eric Blake  <eblake@redhat.com>

	build: require newer netcf when it is available
	When building rpms for newer Fedora or RHEL, take advantage of the
	newer netcf packaging to guarantee interface snapshot support.

	* libvirt.spec.in (BuildRequires): Bump minimum version on
	platforms that support netcf 0.1.8.

	virsh: avoid bogus description
	https://bugzilla.redhat.com/show_bug.cgi?id=682121

	Gettext reserves the empty string for internal use, and it must
	not be passed through _().  We were violating this for commands
	that (for whatever reason) used "" for their description.

	* tools/virsh.c (vshCmddefHelp): Don't translate empty string.
	Reported by Tatsuo Kawasaki.

2011-06-21  Dirk Herrendoerfer  <d.herrendoerfer@herrendoerfer.name>

	set and restore MAC address of a NIC when using PASSTHROUGH mode
	The following patch addresses the problem that when a PASSTHROUGH
	mode DIRECT NIC connection is made the MAC address of the NIC is
	not automatically set and reset to the configured VM MAC and
	back again.

	The attached patch fixes this problem by setting and resetting the MAC
	while remembering the previous setting while the VM is running.
	This also works if libvirtd is restarted while the VM is running.

	the patch passes make syntax-check

2011-06-21  Cole Robinson  <crobinso@redhat.com>

	python: Mark event callback wrappers as private
	These functions aren't intended to be called directly by users, so mark
	them as private.

	While we're at it, remove unneeded exception handling, and break some
	long lines.

	python: events: Fix C->Python handle callback prototype
	If registering our own event loop implementation written in python,
	any handles or timeouts callbacks registered by libvirt C code must
	be wrapped in a python function. There is some argument trickery that
	makes this all work, by wrapping the user passed opaque value in
	a tuple, along with the callback function.

	Problem is, the current setup requires the user's event loop to know
	about this trickery, rather than just treating the opaque value
	as truly opaque.

	Fix this in a backwards compatible manner, and adjust the example
	python event loop to do things the proper way.

	python: Add bindings for virEvent*Handle/Timeout

	events: Correct virEventAddTimeout docs

	Promote virEvent*Handle/Timeout to public API
	Since we virEventRegisterDefaultImpl is now a public API, callers need
	a way to invoke the default registered Handle and Timeout functions. We
	already have general functions for these internally, so promote
	them to the public API.

	v2:
	    Actually add APIs to libvirt.h

	python: Implement virStreamSend/RecvAll helpers
	Pure python implementation. The handler callbacks have been altered
	a bit compared to the C API: RecvAll doesn't pass length of the data read
	since that can be trivially obtained from python string objects, and SendAll
	requires the handler to return the string data to send rather than
	store the data in a string pointer.

	python: Implement virStreamSend/Recv
	The return values for the python version are different that the C version
	of virStreamSend: on success we return a string, an error raises an exception,
	and if the stream would block we return int(-2). We need to do this
	since strings aren't passed by reference in python.

2011-06-21  Osier Yang  <jyang@redhat.com>

	conf: Make full use of goto label
	* virDomainDefParse: There is a goto label "no_memory", which
	reports OOM error, and then fallthrough label "error". This
	patch changes things like following:

	    virReportOOMError();
	    goto error;

	into:

	    goto no_memory;

	conf: Fix one memory leak
	Free def->numatune.memory.nodemask in virDomainDefFree.

2011-06-21  Cole Robinson  <crobinso@redhat.com>

	python: Implement bindings for virStreamEventAddCallback
	v2:
	    Don't generate virStreamFree

	python: generator: Don't print warning if nothing to warn about

	python: libvirt-override: use simpler debug
	In a couple instances we have to mark a debug variable as ATTRIBUTE_UNUSED
	to avoid warnings.

	v2:
	    Use #if 0 to comment out debug define

2011-06-21  Eric Blake  <eblake@redhat.com>

	virsh: enhance snapshot-create-as
	Similar to pool-create-as.

	* tools/virsh.c (cmdSnapshotCreateAs): Add --print-xml.
	* tools/virsh.pod: Document it.

	virsh: add snapshot-create-as command
	Producing an xml file just for name and description fields is
	overkill; this makes life easier from virsh.

	* tools/virsh.c (cmdSnapshotCreateAs): New command.
	(snapshotCmds): Install it.
	* tools/virsh.pod: Document it.

	virsh: clarify snapshot vs. save
	* tools/virsh.c (info_snapshot_create, info_save): Clarify
	description.
	* tools/virsh.pod (save): Likewise.

2011-06-20  Daniel P. Berrange  <berrange@redhat.com>

	Fix compile warnings in virsh vcpupin
	The 'char *cur' variable was being assigned from a
	'const char *' string, thus discarding constness.
	As well as causing a compile warning, it masked a
	piece of code which attempts to assign to the
	previously const string.

	* tools/virsh.c: Fix const-ness of 'cur' variable in vcpupin

2011-06-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Allow to annotate arrays with typecasts
	Removes special case code from the generator and handle additional
	methods.

	The generated version of remoteDispatchDomainPinVcpu(Flags) has no
	length check, but this check was useless anyway as it was applied to
	data that was already deserialized from its XDR form.

	remote: Handle functions that return optional strings

	remote: Generate virDomainGetBlockPullInfo
	It was already generatable but skipped.

2011-06-20  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	vcpupin: add vcpupin resetting feature to qemu driver
	Pinning to all physical cpus means resetting, hence it is preferable to
	delete vcpupin setting of XML.

	This patch changes qemu driver to delete vcpupin setting by invoking
	virDomainVcpupinDel API when pinning the specified virtual cpu to
	all host physical cpus.

	vcpupin: add virDomainVcpupinDel function
	This patch add the private API (virDomainVcpupinDel).
	This API can delete the vcpupin setting of a specified virtual cpu.

	vcpupin: add reset option to virsh vcpupin command
	When resetting vcpupin setting, we have to specify all host physical
	cpus as a cpulist parameter of virsh vcpupin command. It's a little
	tedious.

	This patch changes to allow to receive the special keyword 'r' as a cpulist
	parameter of virsh vcpupin command when resetting vcpupin setting.

	If you set the following:

	 # virsh vcpupin VM 0 r

	the vcpu0 will be pinned to all physical cpus.

	vcpupin: improve vcpupin definition of virsh vcpupin
	When using vcpupin command, we have to speficy comma-separated list as cpulist,
	but this is tedious in case the number of phsycal cpus is large.
	This patch improves this by introducing special markup "-" and "^" which are
	similar to XML schema of "cpuset" attribute.

	The example:

	 # virsh vcpupin Guest 0 0-15,^8

	 is identical to

	 # virsh vcpupin Guest 0 0,1,2,3,4,5,6,7,9,10,11,12,13,14,15

	NOTE: The expression is sequentially evaluated, so "0-15,^8" is not identical
	to "^8,0-15".

2011-06-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix preprocessor indentation in nodeinfo.c

	Move XenAPI driver to correct spec file section
	The XenAPI driver works like the ESX and PHyp driver by using its
	own HTTPS based remote protocol.

2011-06-20  Osier Yang  <jyang@redhat.com>

	numatune: Add tests for numatune XML
	Only add tests for qemuxmlargvtest.c, as there is no qemu command line
	for numatune XML, just want to make sure the XML could be validated
	well.

	numatune: Support NUMA memory tuning in qemu driver
	Implemented as setting NUMA policy between fork and exec as a hook,
	using libnuma. Only support memory tuning on domain process currently.

	For the nodemask out of range, will report soft warning instead of
	hard error in libvirt layer. (Kernel will be silent as long as one
	of set bit in the nodemask is valid on the host. E.g. For a host
	has two NUMA nodes, kernel will be silent for nodemask "01010101").
	So, soft warning is the only thing libvirt can do, as one might want
	to specify the numa policy prior to a node that doesn't exist yet,
	however, it may come as hotplug soon.

	numatune: Support persistent XML for numatune
	* src/conf/domain_conf.h: Introduce one new struct for representing
	NUMA tuning related stuffs.

	* src/conf/domain_conf.c: Parse and format numatune XML.

	numatune: Add doc for new numatune XML

	numatune: Define XML schema
	Example XML:

	<numatune>
	  <memory mode="strict" nodeset="0-10,^4"/>
	</numatune>

	Please enter the commit message for your changes. Lines starting

2011-06-20  Hu Tao  <hutao@cn.fujitsu.com>

	Update qemuDomainSetBlkioParameters to use flags

	update qemuDomainGetBlkioParameters to use flags

	Add new parameters for blkiotune
	Add --config, --live and --current for command blkiotune

2011-06-20  Wen Congyang  <wency@cn.fujitsu.com>

	build: fix building error when building without libvirtd
	When building libvirt without libvirtd, we will receive the following error
	message:

	make[3]: Entering directory `/home/wency/rpmbuild/BUILD/libvirt-0.9.2/tools'
	  CC     virsh-virsh.o
	  CC     virsh-console.o
	  GEN    virt-xml-validate
	  GEN    virt-pki-validate
	  CCLD   virsh
	./src/.libs/libvirt.so: undefined reference to `numa_available'
	./src/.libs/libvirt.so: undefined reference to `numa_max_node'
	collect2: ld returned 1 exit status

	The reason is that: we check numactl only when building qemu driver, and qemu
	driver will not be built when bulding without libvirtd. So with_numactl's
	value is check and we will not link libnuma.so.

	In the other function, we call numa_available() and numa_max_node() only
	when HAVE_NUMACTL is 1. We should do the same check in the function nodeGetMemoryStats().

2011-06-20  Jamie Strandboge  <jamie@canonical.com>

	apparmor: implement AppArmorSetFDLabel()
	During a savevm operation, libvirt will now use fd migration if qemu
	supports it. When the AppArmor driver is enabled, AppArmorSetFDLabel()
	is used but since this function simply returns '0', the dynamic AppArmor
	profile is not updated and AppArmor blocks access to the save file. This
	patch implements AppArmorSetFDLabel() to get the pathname of the file by
	resolving the fd symlink in /proc, and then gives that pathname to
	reload_profile(), which fixes 'virsh save' when AppArmor is enabled.

	Reference: https://launchpad.net/bugs/795800

2011-06-17  Daniel P. Berrange  <berrange@redhat.com>

	Add missing checks for NULL in domain lock manager
	The domain lock manager forgot to include a bunch of checks
	for NULL which could occur on OOM

	* src/locking/domain_lock.c: Add checks for NULL

	Fix errno return in safezero()
	Most of the safezero() implementations return -1 on error,
	setting errno. The safezero() impl using posix_fallocate()
	though returned a positive errno value on error (due to
	the unusual API contract of posix_fallocate() compared to
	most syscall APIs).

	* src/util/util.c: Ensure safezero() returns -1 and sets
	  errno on error.
	* src/storage/storage_backend.c: Change safezero != 0 to
	  < 0 for detecting errors

	Add missing error reporting when loading mac filter config for QEMU
	If the 'mac_filter' configuration parameter is enabled, and there
	is a failure to enable filtering, no error is reported back to
	the caller. Also fix some bogus whitespace indentation for
	hugetlbfs_mount

	* src/qemu/qemu_conf.c: Add missing error reporting

2011-06-17  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Add support for virDomainGetControlInfo

	qemu: Implement virDomainGetControlInfo

	Wire protocol and remote driver for virDomainGetControlInfo

	Introduce virDomainGetControlInfo API
	The API can be used to query current state of an interface to VMM used
	to control a domain. In QEMU world this translates into monitor
	connection.

2011-06-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix documentation of virStreamRecv
	virStreamRecv is for reading.

	Also add some missing punctuation to virStreamSend's documentation.

2011-06-16  Eric Blake  <eblake@redhat.com>

	sendkey: use consistent API convention
	Even though rpc uses 'unsigned int' for the _len parameter that
	passes the length of item<length>, the public libvirt APIs all
	use 'int' and filter out lengths < 0, except for virDomainSendKey.

	* include/libvirt/libvirt.h.in (virDomainSendKey): All other APIs
	use int for array length.
	* src/libvirt.c (virDomainSendKey): Adjust.
	* src/driver.h (virDrvDomainSendKey): Likewise.
	* daemon/remote_generator.pl: Likewise.

	build: export correct function names
	Detected by autobuild.sh, when targetting mingw.
	Introduced in commit 98bfdff.

	* src/libvirt_private.syms: Fix typos.

	build: avoid compiler warning on non-Linux
	Detected by autobuild.sh when cross-building for mingw.
	Introduced in commits ce76e85 and af35cec.

	* src/nodeinfo.c (nodeGetCPUStats, nodeGetMemoryStats): Mark
	parameters as potentially unused.

2011-06-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Handle struct returning functions better (part 2)
	Commit 64000eabedf2 is part 1, that only covered the daemon side by
	accident. Part 2 covers the client side too.

	Fix apibuild.py warnings about missing comment headers
	Also improve wording of some comments.

	remote generator: Handle struct returning functions better
	The position of the struct parameter in the function signature
	differs. Instead of hardcoding the handling for this add an annotation
	to the .x file to define the position.

2011-06-15  Daniel Gollub  <gollub@b1-systems.de>

	support for Xen HVM Viridian (Hyper-V) enlightenment interface
	Introduce libvirt support for Xen HVM Viridian (Hyper-V) enlightenment
	interface guest feature.

	 src/conf/domain_conf.c     |    3 ++-
	 src/conf/domain_conf.h     |    1 +
	 src/xen/xen_hypervisor.c   |   11 +++++++++++
	 src/xenapi/xenapi_driver.c |    2 ++
	 src/xenapi/xenapi_utils.c  |    2 ++
	 src/xenxs/xen_sxpr.c       |    4 ++++
	 src/xenxs/xen_xm.c         |   12 +++++++++++-
	 7 files changed, 33 insertions(+), 2 deletions(-)

2011-06-15  Eric Blake  <eblake@redhat.com>

	virsh: reduce complexity in argv iteration
	This reduces things from O(n^2) to O(n).

	* tools/virsh.c (vshCommandOptArgv): Change signature.
	(cmdEcho): Update caller.
	Based on a patch by Lai Jiangshan.

2011-06-15  Daniel P. Berrange  <berrange@redhat.com>

	Add support for network filter code in LXC driver
	The LXC driver networking uses veth device pairs. These can
	be easily hooked into the network filtering code.

	* src/lxc/lxc_driver.c: Add calls to setup/teardown nwfilter

	Fix allocation of veth's to not skip an index
	The algorithm for autoassigning vethXXX devices, was always
	skipping over the starting dev index when finding a free
	name for the guest device. This should only be done if the host
	device was autoallocated.

	* src/lxc/veth.c: Don't skip over veth indexes

2011-06-15  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Translate boot config into bootindex if possible
	Prefer bootindex=N option for -device over the old way -boot ORDER
	possibly accompanied with boot=on option for -drive. This gives us full
	control over which device will actually be used for booting guest OS.
	Moreover, if qemu doesn't support boot=on, this is the only way to boot
	of certain disks in some configurations (such as virtio disks when used
	together IDE disks) without transforming domain XML to use per device
	boot elements.

2011-06-15  Adam Litke  <agl@us.ibm.com>

	Asynchronous event for BlockPull completion
	When an operation started by virDomainBlockPullAll completes (either with
	success or with failure), raise an event to indicate the final status.  This
	allows an API user to avoid polling on virDomainBlockPullInfo if they would
	prefer to use the event mechanism.

	* daemon/remote.c: Dispatch events to client
	* include/libvirt/libvirt.h.in: Define event ID and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle the new event
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for block_stream completion and emit a libvirt block pull event
	* src/remote/remote_driver.c: Receive and dispatch events to application
	* src/remote/remote_protocol.x: Wire protocol definition for the event
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for BLOCK_STREAM_COMPLETED event
	  from QEMU monitor

	Enable virDomainBlockPull in the python API.
	virDomainBlockPullAll and virDomainBlockPullAbort are handled automatically.
	virDomainBlockPull and virDomainBlockPullInfo require manual overrides since
	they return a custom type.

	* python/generator.py: reenable bindings for this entry point
	* python/libvirt-override-api.xml python/libvirt-override.c:
	  manual overrides

	Acked-by: Daniel P. Berrange <berrange@redhat.com>

	Enable the virDomainBlockPull API in virsh
	Define two new virsh commands:
	 * blockpull: Perform block pull operations (incremental plus start
	              and stop continuous streams)
	 * blockpullinfo: Retrieve progress info for continuous block pull

	Share print_job_progress() with the migration code.

	* tools/virsh.c: implement the new commands

	Implement virDomainBlockPull for the qemu driver
	The virDomainBlockPull* family of commands are enabled by the
	'block_stream' and 'info block_stream' qemu monitor commands.

	* src/qemu/qemu_driver.c src/qemu/qemu_monitor_text.[ch]: implement disk
	  streaming by using the stream and info stream text monitor commands
	* src/qemu/qemu_monitor_json.[ch]: implement commands using the qmp monitor

	Acked-by: Daniel P. Berrange <berrange@redhat.com>

	Add virDomainBlockPull support to the remote driver
	The generator can handle DomainBlockPullAll and DomainBlockPullAbort.
	DomainBlockPull and DomainBlockPullInfo must be written by hand.

	* src/remote/remote_protocol.x: provide defines for the new entry points
	* src/remote/remote_driver.c daemon/remote.c: implement the client and
	  server side
	* src/remote_protocol-structs: structure definitions for protocol verification

	virDomainBlockPull: Implement the main entry points
	* src/libvirt.c: implement the main entry points

	Acked-by: Daniel P. Berrange <berrange@redhat.com>

	Add new API virDomainBlockPull* to headers
	Set up the types for the block pull functions and insert them into the
	virDriver structure definition.  Symbols are exported in this patch to prevent
	documentation compile failures.

	* include/libvirt/libvirt.h.in: new API
	* src/driver.h: add the new entry to the driver structure
	* python/generator.py: fix compiler errors, the actual python bindings are
	  implemented later
	* src/libvirt_public.syms: export symbols

2011-06-15  Marc-André Lureau  <marcandre.lureau@gmail.com>

	spice: add <clipboard copypaste='yes|no'> option
	From a security pov copy and paste between the guest and the client is not
	always desirable. So we need to be able to enable/disable this. The best place
	to do this from an administration pov is on the hypervisor, so the qemu cmdline
	is getting a spice disable-copy-paste option, see bug 693645. Example qemu
	invocation:
	qemu -spice port=5932,disable-ticketing,disable-copy-paste

	https://bugzilla.redhat.com/show_bug.cgi?id=693661

2011-06-15  Minoru Usui  <usui@mxm.nes.nec.co.jp>

	virNodeGetMemoryStats: Implement linux support

	virNodeGetMemoryStats: Implement virsh support

	virNodeGetMemoryStats: Implement remote protocol

	virNodeGetMemoryStats: Implement public API

	virNodeGetMemoryStats: Define internal driver API

	virNodeGetMemoryStats: Expose new API

	virNodeGetCPUStats: Implement linux support

	virNodeGetCPUStats: Implement virsh support

	virNodeGetCPUStats: Implement remote protocol

	virNodeGetCPUTime: Implement public API

	virNodeGetCPUStats: Define internal driver API

	virNodeGetCPUStats: Expose new API

2011-06-15  Guido Günther  <agx@sigxcpu.org>

	Skip nodeinfo test on non intel architectures
	since the testfiles assume a /proc/cpuinfo specific to this
	architecture. We e.g. can't parse the number of cores on other
	architectures.

2011-06-15  Michael Chapman  <mike@very.puzzling.org>

	Fix autostart flag when loading running domains
	Drivers load running persistent and transient domain configs before
	inactive persistent domain configs, however only the latter would set a
	domain's autostart flag. This mismatch between the loaded and on-disk
	state could later cause problems with "virsh autostart":

	  # virsh autostart example
	  error: Failed to mark domain example as autostarted
	  error: Failed to create symlink '/etc/libvirt/qemu/autostart/example.xml to '/etc/libvirt/qemu/example.xml': File exists

	This patch ensures the autostart flag is set correctly even when the
	domain is already defined.

	Fixes:

	  https://bugzilla.redhat.com/show_bug.cgi?id=632100
	  https://bugzilla.redhat.com/show_bug.cgi?id=675319

2011-06-15  Lai Jiangshan  <laijs@cn.fujitsu.com>

	send-key: Implementing the remote protocol

	send-key: Implementing the public API

	send-key: Defining the internal API

	send-key: Defining the public API
	Add public virDomainSendKey() and enum libvirt_keycode_set
	for the @codeset.

	Python version of virDomainSendKey() has not been implemented yet,
	it will be done soon.

	remote generator: Handle (unsigned) int arrays

	add VSH_OFLAG_REQ_OPT options
	A VSH_OFLAG_REQ_OPT option means --optionname is required when used.
	It will kill any ambiguity, even a !VSH_OFLAG_REQ option listed before
	a VSH_OFLAG_REQ option, if the !VSH_OFLAG_REQ option is a
	VSH_OFLAG_REQ_OPT option.

	It will help us use optional argument with VSH_OT_ARGV argument.

	allow name for VSH_OT_ARGV options
	A name will improve the usege, example

	# virsh help echo
	  NAME
	    echo - echo arguments

	  SYNOPSIS
	    echo [--shell] [--xml] [<string>]...

	  DESCRIPTION
	    Echo back arguments, possibly with quoting.

	  OPTIONS
	    --shell          escape for shell use
	    --xml            escape for XML use
	    <string>         arguments to echo

	"[<string>]..." is added to SYNOPSIS.
	"<string>         arguments to echo" is added to OPTIONS.

2011-06-15  Ohad Levy  <ohadlevy@gmail.com>

	docs: updated list of applications using libvirt.
	Added:
	* Virt ruby bindings
	* Foreman for provisioning and webui.

2011-06-14  Eric Blake  <eblake@redhat.com>

	storage: avoid an intermediate malloc
	Suggested here:
	https://www.redhat.com/archives/libvir-list/2011-May/msg00594.html

	* src/storage/storage_backend.c (virStorageBackendCreateQemuImg):
	Generate size inline.

	command: avoid double close
	Previously, the parent process opened 'null' to /dev/null, then
	the child process closes 'null' as well as 'childout'.  But if
	childout was set to be null, then this is a double close.  At
	least the double close was confined to the child process after a
	fork, and therefore there is no risk of another thread opening
	an fd of the same value to be bitten by the double close, but it
	is always better to avoid double-close to begin with.

	Additionally, if all three fds were specified, then opening
	'null' was wasted.

	This patch fixes things to lazily open null on the first use,
	then guarantees it gets closed exactly once.

	* src/util/command.c (getDevNull): New helper function.
	(virExecWithHook): Use it to avoid spurious opens and double close.

	command: reduce duplicated debug messages
	This also reduces malloc pressure for invoking a child when
	VIR_DEBUG is enabled.

	* src/util/command.c (virExecWithHook): Drop debug, since the only
	caller (virCommandRunAsync) also prints debug info.

	docs: improve VIR_DOMAIN_AFFECT_CURRENT description
	* include/libvirt/libvirt.h.in (virDomainModificationImpact): Reword.

2011-06-14  Cole Robinson  <crobinso@redhat.com>

	qemu: Fix parsing 'info chardev'
	If qemu supports -chardev, our char frontend aliases are ex. 'charserial0'
	not just 'serial0'. Typically we don't use this code path because the
	pty's are scraped from stdout.

	qemu: Scrape stdout for virtio console pty
	Currently we forget to do this and have to fallback to info chardev (which
	also fails, see following patch)

2011-06-14  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Add daemon version reporting
	'virsh version' might report against which version of libvirtd is
	running.

2011-06-14  Guido Günther  <agx@sigxcpu.org>

	nodeinfo: remove superflous braces
	that break compilation on non intel architectures:

	mips:
	https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=mips&ver=0.9.2-1&stamp=1307570195
	powerpc:
	https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=powerpc&ver=0.9.2-1&stamp=1307550913
	s390:
	https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=s390&ver=0.9.2-1&stamp=1307641748
	sparc:
	https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=sparc&ver=0.9.2-1&stamp=1307552926

2011-06-14  Osier Yang  <jyang@redhat.com>

	util: Cleanup indention problem in virterror.c
	Push under trivial rule.

	qemu: Parse current balloon value returned by query_balloon
	Qemu once supported following memory stats which will returned by
	"query_balloon":

	    stat_put(dict, "actual", actual);
	    stat_put(dict, "mem_swapped_in", dev->stats[VIRTIO_BALLOON_S_SWAP_IN]);
	    stat_put(dict, "mem_swapped_out", dev->stats[VIRTIO_BALLOON_S_SWAP_OUT]);
	    stat_put(dict, "major_page_faults", dev->stats[VIRTIO_BALLOON_S_MAJFLT]);
	    stat_put(dict, "minor_page_faults", dev->stats[VIRTIO_BALLOON_S_MINFLT]);
	    stat_put(dict, "free_mem", dev->stats[VIRTIO_BALLOON_S_MEMFREE]);
	    stat_put(dict, "total_mem", dev->stats[VIRTIO_BALLOON_S_MEMTOT]);

	But it later disabled all the stats except "actual" by commit
	07b0403dfc2b2ac179ae5b48105096cc2d03375a.

	libvirt doesn't parse "actual", so user will always see a empty result
	with "virsh dommemstat $domain". Even qemu haven't disabled the stats,
	we should support parsing "actual".

2011-06-14  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	vcpupin: Fix cpu affinity setting bug of qemu driver
	There is the case where cpu affinites for vcpu of qemu doesn't work
	correctly. For example, if only one vcpupin setting entry is provided
	and its setting is not for vcpu0, it doesn't work.

	   # virsh dumpxml VM
	   ...
	   <vcpu>4</vcpu>
	   <cputune>
	     <vcpupin vcpu='3' cpuset='9-11'/>
	   </cputune>
	   ...

	   # virsh start VM
	   Domain VM started

	   # virsh vcpuinfo VM
	   VCPU:           0
	   CPU:            31
	   State:          running
	   CPU time:       2.5s
	   CPU Affinity:   yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

	   VCPU:           1
	   CPU:            12
	   State:          running
	   CPU time:       0.9s
	   CPU Affinity:   yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

	   VCPU:           2
	   CPU:            30
	   State:          running
	   CPU time:       1.5s
	   CPU Affinity:   yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

	   VCPU:           3
	   CPU:            13
	   State:          running
	   CPU time:       1.7s
	   CPU Affinity:   yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

	This patch fixes this problem.

2011-06-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix dlopen dependency
	Since the addition of the lock manager framework in 6a943419c528fdd7
	dlopen is always required, but the checks in configure wasn't changed
	to reflect that. This didn't show up directly because the VirtualBox
	driver linking dlopen in covered it. But disabling the VirtualBox
	driver makes the build fail due to missing dlopen.

	Change the dlopen check in configure to pick up dlopen when available.

	Reported by Ruben Kerkhof.

2011-06-14  Hu Tao  <hutao@cn.fujitsu.com>

	Deprecate several CURRENT/LIVE/CONFIG enums
	This patch deprecates following enums:

	VIR_DOMAIN_MEM_CURRENT
	VIR_DOMAIN_MEM_LIVE
	VIR_DOMAIN_MEM_CONFIG

	VIR_DOMAIN_VCPU_LIVE
	VIR_DOMAIN_VCPU_CONFIG

	VIR_DOMAIN_DEVICE_MODIFY_CURRENT
	VIR_DOMAIN_DEVICE_MODIFY_LIVE
	VIR_DOMAIN_DEVICE_MODIFY_CONFIG

	And modify internal codes to use virDomainModificationImpact.

2011-06-14  Stefan Berger  <stefanb@us.ibm.com>

	qemu: Faster response time to qemu startup errors
	The below patch decreases the response time of libvirt to errors reported by Qemu upon startup by checking whether the qemu process is still alive while polling for the local socket to show up.

	This patch also introduces a special handling of signal for the Win32 part of virKillProcess.

2011-06-14  Eric Blake  <eblake@redhat.com>

	build: update to latest gnulib
	* .gnulib: Update to latest, for more strerror_r fixes.

2011-06-13  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	vcpupin: add the new option to "virsh vcpupin" command
	This patch adds the new option (--live, --config and --current) to
	"virsh vcpupin" command. The behavior of above aption is the same as
	that of "virsh setmem", "virsh setvcpus", and whatnot.
	When the --config option is specified, the command affects a persistent
	domain, while --live option is specified, it affects a running (live) domain.
	The --current option cannot be used with --config or --live at the same
	time, and when --current is specified, it affects a "current" domain.

	vcpupin: implement the remote protocol to address the new API
	This patch implements the remote protocol for the new API
	(virDomainPinVcpuFlags).

	vcpupin: implement the code to address the new API in the qemu driver
	This patch implements the new API (virDomainPinVcpuFlags) in the qemu
	driver.

	vcpupin: introduce a new libvirt API (virDomainPinVcpuFlags)
	This patch introduces a new libvirt API virDomainPinVcpuFlags,
	a direct extension from the existing virDomainPinVcpu

2011-06-13  Jiri Denemark  <jdenemar@redhat.com>

	Use virTimeMs when appropriate

	Introduce virTimeMs for getting current time in ms

	test: Remove unused timeval

2011-06-13  Wen Congyang  <wency@cn.fujitsu.com>

	tests: add a test for multi function PCI device

	support multifunction PCI device
	If qemu supports multi function PCI device, the format of the PCI address passed
	to qemu is "bus=pci.0,multifunction=on,addr=slot.function".

	If qemu does not support multi function PCI device, the format of the PCI address
	passed to qemu is "bus=pci.0,addr=slot".

	the hotplugged PCI device should use the whole slot
	Hot pluging/unpluging multi PCI device is not supported now. So the function
	of hotplugged PCI device must be 0. When we hot unplug it, we should set release
	all functions in the slot.

	assign the whole slot to the PCI device that has no address
	If user does not specify the PCI address, we should auto assign an unused slot.

	Reimplement qemuDomainPCIAddressReserveSlot(): reserve all functions in the slot
	We will support multi function PCI device. So we should reserve all functions in
	the slot if we want to reserve a slot.

	the key of hash table should include the function value
	We save all used PCI address in the hash table. The key is generated by domain,
	bus and slot now. We will support multi function PCI device, so the key should
	be generated by domain, bus, slot and function.

	prevent hot unplugging multi function PCI device
	We do not support to hot unplug multi function PCI device now. If the device is
	one function of multi function PCI device, we shoul not allow to hot unplugg
	it.

	check whether qemu supports multi function PCI device
	qemu supports multi function PCI device at least version 0.13.0.

2011-06-10  Matthew Booth  <mbooth@redhat.com>

	xenapi: Improve error message on session failure
	XenAPI session login can fail for a number of reasons, but currently no
	specific
	reason is displayed to the user, e.g.:

	virsh -c XenAPI://citrix-xen.example.com/
	Enter username for citrix-xen.example.com: root
	Enter root's password for citrix-xen.example.com:
	error: authentication failed: (null)
	error: failed to connect to the hypervisor

	This patch displays the session error description on failure.

2011-06-10  Osier Yang  <jyang@redhat.com>

	qemu: Fix one type in the error prompt string
	s/hostdevwork/hostdev/

2011-06-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	Move VMware Workstation/Player driver to correct spec file section
	The VMware driver works like the OpenVZ driver by using a commandline
	tool for management. It dosen't use it's own remote protocol.

2011-06-08  Eric Blake  <eblake@redhat.com>

	virt-aa-helper: add missing include
	Regression introduced in commit 02e8691.

	* src/security/virt-aa-helper.c (includes): Reflect move of virRun.

	daemon: plug memory leak
	Detected by Coverity.  Commit ef21beda was incomplete; it solved
	a leak one one path, but not on the other.

	* daemon/libvirtd.c (qemudSetLogging): Avoid leak on success.

	build: break some long lines
	As long as I was already touching the function...

	* src/qemu/qemu_hotplug.c (qemuDomainChangeGraphics): Line wrap.

	qemu: add missing break statement
	Detected by Coverity.  Bug introduced in commit 9d73efd (v0.8.8).

	* src/qemu/qemu_hotplug.c (qemuDomainChangeGraphics): Don't report
	error on success.

	build: silence coverity false positives
	Coverity complained about these intentional fallthrough cases, but
	not about other cases that were explicitly marked with nice comments.

	For some reason, Coverity doesn't seem smart enough to parse the
	up-front English comment in virsh about intentional fallthrough :)

	* tools/virsh.c (cmdVolSize): Mark fallthrough in a more typical
	fashion.
	* src/conf/nwfilter_conf.c (virNWFilterRuleDefDetailsFormat)
	(virNWFilterRuleDetailsParse): Mark explicit fallthrough.

	esx: avoid dead code
	Detected by Coverity.  The beginning of the function already filtered
	out NULL objectContentList as invalid.  Further investigation shows:

	esxVI_RetrieveProperties is generated and returns a list of objects
	that match the given propertyFilterSpec.
	esxVI_LookupObjectContentByType then tests whether the result
	corresponds to the expected occurrence and reports an error otherwise.
	This simplifies the callers of  esxVI_LookupObjectContentByType, but
	due to the missing dereference the check was never performed because
	the code thought that at least one item was obtained. NULL represents
	an empty list. This is a potential segfault fix because callers of
	esxVI_LookupObjectContentByType that specified "required" occurrence
	assume *objectContentList to be non-NULL when
	esxVI_LookupObjectContentByType succeeds.

	* src/esx/esx_vi.c (esxVI_LookupObjectContentByType): Check
	correct pointer.

	secret: drop dead code
	Detected by Coverity.  The only ways to get to the cleanup label
	were by an early abort (list still unassigned) or after successfully
	transferring list to dest, so there is no list to clean up.

	* src/secret/secret_driver.c (loadSecrets): Kill dead code.

	qemu: reorder checks for safety
	Detected by Coverity.  All existing callers happen to be in
	range, so this isn't too serious.

	* src/qemu/qemu_cgroup.c (qemuCgroupControllerActive): Check
	bounds before dereference.

	uuid: annotate non-null requirements
	Coverity already saw through a NULL dereference without these
	annotations, and gcc is still too puny to do good NULL analysis.
	But clang still benefits (and is easier to run than coverity),
	not to mention that adding this bit of documentation to the code
	may help future developers remember the constraints.

	* src/util/uuid.h (virGetHostUUID, virUUIDFormat): Document
	restrictions, for improved static analysis.

	debug: avoid null dereference on uuid lookup api
	Detected by Coverity.  Commit a98d8f0d tried to make uuid debugging
	more robust, but missed some APIs.  And on the APIs that it visited,
	the mere act of preparing the debug message ends up dereferencing
	uuid prior to the null check.  Which means the APIs which are supposed
	to gracefully reject NULL arguments now end up with SIGSEGV.

	* src/libvirt.c (VIR_UUID_DEBUG): New macro.
	(virDomainLookupByUUID, virDomainLookupByUUIDString)
	(virNetworkLookupByUUID, virNetworkLookupByUUIDString)
	(virStoragePoolLookupByUUID, virStoragePoolLookupByUUIDString)
	(virSecretLookupByUUID, virSecretLookupByUUIDString)
	(virNWFilterLookupByUUID, virNWFilterLookupByUUIDString): Avoid
	null dereference.

	python: avoid unlikely sign extension bug
	Detected by Coverity.  cpumap was allocated with a value of
	(unsigned short)*(int), which is an int computation, and then
	promotes to size_t.  On a 64-bit platform, this fails if bit
	32 of the product is set (because of sign extension giving
	a HUGE value to malloc), even though a naive programmer would
	assume that since the first value is unsigned, the product
	is also unsigned and at most 4GB would be allocated.

	Won't bite in practice (the product should never be that large),
	but worth using the right types to begin with, so that we are
	now computing (unsigned short)*(size_t).

	* python/libvirt-override.c (libvirt_virDomainGetVcpus): Use
	correct type.

	build: silence coverity false positive
	Similar in nature to commit fd21ecfd, which shut up valgrind.

	sigaction is apparently a nasty interface for analyzer tools,
	at least for how many false positives it generates.

	* src/util/command.c (virExecWithHook): Initialize entire var, since
	coverity gripes about the (unused and non-standard) sa_restorer.

	storage: avoid mishandling backing store > 2GB
	Detected by Coverity.  The code was doing math on shifted unsigned
	char (which promotes to int), then promoting that to unsigned long
	during assignment to size.  On 64-bit platforms, this risks sign
	extending values of size > 2GiB.  Bug present since commit
	489fd3 (v0.6.0).

	I'm not sure if a specially-crafted bogus qcow2 image could
	exploit this, although it's probably not possible, since we
	were already checking for the computed results being within
	range of our fixed-size buffer.

	* src/util/storage_file.c (qcowXGetBackingStore): Avoid sign
	extension.

	build: detect Coverity 5.3.0
	Coverity 5.3.0 still outputs lots of COVERITY_* variables, but no
	longer modifies COVERITY_BUILD_COMMAND in the environment.  Pick
	one that seems likely to stay around.

	* configure.ac (STATIC_ANALYSIS): Detect newer Coverity.

2011-06-08  Osier Yang  <jyang@redhat.com>

	build: Fix typos in configure.ac

	virsh: Expose virDomainMigrateSetMaxSpeed API to virsh
	API virDomainMigrateSetMaxSpeed was introduced since 0.9.0, but
	no command in virsh yet.

2011-06-08  Cole Robinson  <crobinso@redhat.com>

	lxc: Ensure container <init> actually exists
	Since we can't really get useful error reporting from virCommandExec since
	it needs to be the last thing we do.

	lxc: Verify root fs exists before mounting
	Otherwise the following virFileMakePath will create the directory for
	us and fail further ahead, which probably isn't intended.

	lxc: controller: Improve container error reporting
	Add a handshake with the cloned container process to try and detect
	if it fails to start.

	lxc: Improve guest startup error reporting
	Add a simple handshake with the lxc_controller process so we can detect
	process startup failures. We do this by adding a new --handshake cli arg
	to lxc_controller for passing a file descriptor. If the process fails to
	launch, we scrape all output from the logfile and report it to the user.

	lxc: Refactor controller command building
	Arranges things similar to the qemu driver. Will allow us to more easily
	report command error output.

	lxc: Don't report error in Wait/SendContinue
	We will reuse these shortly, and each use should have a different error
	message.

	lxc: Drop container stdio as late as possible
	Makes it more likely we get useful error output in the logs

	Move virRun, virExec*, virFork to util/command
	Seems reasonable to have all command wrappers in the same place

	v2:
	    Dont move SetInherit

	v3:
	    Comment spelling fix
	    Adjust WARN0 comment
	    Remove spurious #include movement
	    Don't include sys/types.h
	    Combine virExec enums

2011-06-07  Cole Robinson  <crobinso@redhat.com>

	util: Implement virRun as a wrapper around virCommand
	v2:
	    Simplify command building
	    Handle command building failure

	v3:
	    Remove unneeded NULL check

	util: Remove unused virExec wrapper
	v3:
	    Remove obsolete comment

	qemu: Convert virExec usage to virCommand
	v2:
	    Have virCommand cleanup intermediate process for us

	v3:
	    Preserve original FD closing behavior

2011-06-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Remove duplicated invalid-argument checks
	Those checks are already performed at the public API level.

2011-06-07  Osier Yang  <jyang@redhat.com>

	docs: Add doc for video element
	For backwards compatibility, if no <video> is set but there is a
	<graphics> tag, then we add a default <video> according to the
	guest type. Add docs to tell the user about this to not make
	them confused. Especially if they remove the video (such as via
	"virsh edit"), it will be surprised for them to see the video
	element is still in domain XML.

	Use VIR_USE_CPU instead of new wheel

2011-06-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	Avoid virGetVersion failure on specific driver support configurations
	virGetVersion itself doesn't take a virConnectPtr, but in order to obtain
	the hypervisor version against which libvirt was compiled it is used in
	combination with virConnectGetType like this:

	hvType = virConnectGetType(conn)
	virGetVersion(&libVer, hvType, &typeVer)

	When virConnectGetType is called on a remote connection then the remote
	driver returns the type of the underlying driver on the server side, for
	example QEMU. Then virGetVersion compares hvType to a set of strings that
	depend on configure options and returns LIBVIR_VERSION_NUMBER in most
	cases. Now this fails in case libvirt on the client side is just compiled
	with the remote driver enabled only and the server side has the actual
	driver such as the QEMU driver. It just happens to work when the actual
	driver is enabled on client and server side. But that's not always true.
	I noticed this on FreeBSD:

	freebsd# virsh -c qemu+tcp://192.168.178.22/system version
	Compiled against library: libvir 0.9.2
	error: failed to get the library version
	error: this function is not supported by the connection driver: virGetVersion

	This is not FreeBSD specific, happens on Windows as well due to the
	similar driver support configuration. The problem is that virConnectGetType
	returns QEMU, but virGetVersion on the client side only accepts Remote
	as hvType due to all other drivers being disabled on the client side.

	Daniel P. Berrange suggested to get rid of all the conditional code in
	virGetVersion, ignoring the hvType and always setting typeVer to
	LIBVIR_VERSION_NUMBER. virConnectGetVersion is supposed to be used to
	obtain the hypervisor version.

2011-06-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: Make hvsupport.pl pick up the host device drivers
	Annotate the ESX device driver dummy.

	Refactor the udev and hal device driver strcuts to match the
	common annotation pattern.

2011-06-06  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.2
	* configure.ac docs/news.html.in libvirt.spec.in: update for release
	* po/*.po*: updated translations and regenerated

2011-06-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix driver method version annotations
	Change the driver comments for proper extraction and values by
	the scripts used for documentation

2011-06-06  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU p2p v2 migration when run from a v3 client
	When peer-2-peer migration was invoked by a client supporting
	v3, but where the target server only supported v2, we'd not
	correctly shutdown the guest.

	* src/qemu/qemu_migration.c: Ensure guest is shutdown in
	  v2 peer 2 peer migration

2011-06-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Fix typo in error message

2011-06-04  Daniel P. Berrange  <berrange@redhat.com>

	Don't raise an error if the migration cookie is NULL
	The v2 migration protocol doesn't use cookies, so we should not
	be raising an error if the cookie parameters are NULL.

	* src/qemu/qemu_migration.c: Don't raise error if cookie is NULL

	Fix check of virKillProcess return status
	The error code for virKillProcess is returned in the errno variable
	not the return value. THis mistake caused the logs to be filled with
	errors when shutting down QEMU processes

	* src/qemu/qemu_process.c: Fix process kill check.

2011-06-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Fix version extraction on Windows for newer VirtualBox versions
	VirtualBox 4.0.8 changed the registry key layout. Before the version
	number was in a Version key. Now the Version key contains %VER% and
	the actual version number is in VersionExt now.

	Move value lookup code into its own function: vboxLookupRegistryValue.

2011-06-04  Eric Blake  <eblake@redhat.com>

	API: consolidate common unreleased enums
	This commit is safe precisely because there has been no release
	for any of the enum values being deleted (they were added post-0.9.1).

	After the 0.9.2 release, we can then take advantage of
	virDomainModificationImpact in more places.

	* include/libvirt/libvirt.h.in (virDomainModificationImpact): New
	enum.
	(virDomainSchedParameterFlags, virMemoryParamFlags): Delete, since
	these were never released, and the new enum works fine here.
	* src/libvirt.c	(virDomainGetMemoryParameters)
	(virDomainSetMemoryParameters)
	(virDomainGetSchedulerParametersFlags)
	(virDomainSetSchedulerParametersFlags): Update documentation.
	* src/qemu/qemu_driver.c (qemuDomainSetMemoryParameters)
	(qemuDomainGetMemoryParameters, qemuSetSchedulerParametersFlags)
	(qemuSetSchedulerParameters, qemuGetSchedulerParametersFlags)
	(qemuGetSchedulerParameters): Adjust clients.
	* tools/virsh.c (cmdSchedinfo, cmdMemtune): Likewise.
	Based on ideas by Daniel Veillard and Hu Tao.

2011-06-04  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid use after free in qemuCaps parsing

	virsh: Document nodeinfo output

2011-06-04  Laine Stump  <laine@laine.org>

	security driver: ignore EINVAL when chowning an image file
	This fixes:

	  https://bugzilla.redhat.com/show_bug.cgi?id=702044
	  https://bugzilla.redhat.com/show_bug.cgi?id=709454

	Both of these complain of a failure to use an image file that resides
	on a read-only NFS volume. The function in the DAC security driver
	that chowns image files to the qemu user:group before using them
	already has special cases to ignore failure of chown on read-only file
	systems, and in a few other cases, but it hadn't been checking for
	EINVAL, which is what is returned if the qemu user doesn't even exist
	on the NFS server.

	Since the explanation of EINVAL in the chown man page almost exactly
	matches the log message already present for the case of EOPNOTSUPP,
	I've just added EINVAL to that same conditional.

2011-06-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	Make dlopen usage in lock manager conditional
	This fixes a build failure on MinGW, due to MinGW not supporting dlopen.

2011-06-03  Neil Wilson  <neil@aldur.co.uk>

	Correct 'cputune' documentation example.

2011-06-03  Eric Blake  <eblake@redhat.com>

	build: silence coverity false positive
	Coverity couldn't see that priv is NULL on failure.  But on failure,
	we might as well guarantee that callers don't try to free uninitialized
	memory.

	* src/remote/remote_driver.c (remoteGenericOpen): Even on failure,
	pass priv back to caller.

	build: silence coverity false positive
	Coverity complained that infd could be -1 at the point where it is
	passed to write, when in reality, this code can only be reached if
	infd is non-negative.

	* src/util/command.c (virCommandProcessIO): Help out coverity.

	migrate: detect xml incompatibility
	Detected by Coverity.  Bug introduced in 08106e2044 (unreleased).

	* src/conf/domain_conf.c (virDomainChannelDefCheckABIStability):
	Use correct sizeof operand.

	event: avoid memory leak on cleanup
	Detected by Coverity.  Introduced in commit aaf2b70, and turned into
	a regression in the next few commits through 4e6e6672 (unreleased).

	* src/conf/domain_event.c (virDomainEventStateFree): Free object,
	per documentation.

	qemu: avoid memory leak on vcpupin
	Detected by Coverity.  This leaked a cpumap on every iteration
	of the loop.  Leak introduced in commit 1cc4d02 (v0.9.0).

	* src/qemu/qemu_process.c (qemuProcessSetVcpuAffinites): Plug
	leak, and hoist allocation outside loop.

	remote: avoid leak on failure
	Detected by Coverity.  Only possible in OOM situations.

	* daemon/remote.c (remoteDispatchDomainScreenshot): Plug leak.

	lock: avoid leak on failure
	Detected by Coverity.  Only possible on OOM situations.

	* src/locking/lock_manager.c (virLockManagerPluginNew): Plug leak.

	storage: avoid memory leak on stat failure
	Spotted by coverity.  Triggers on failed stat, although I'm not sure
	how easy that condition is, so I'm not sure if this is a runtime
	memory hog.  Regression introduced in commit 8077d64 (unreleased).

	* src/util/storage_file.c (virStorageFileGetMetadataFromFD):
	Reduce need for malloc, avoiding a leak.

	storage: avoid memory leak
	Coverity detected that options was being set by strdup but never
	freed.  But why even bother with an options variable?  The options
	parameter never changes!  Leak present since commit 44948f5b (0.7.0).

	This function could probably be rewritten to take better advantage
	of virCommand, but that is more invasive.

	* src/storage/storage_backend_fs.c
	(virStorageBackendFileSystemMount): Avoid wasted strdup, and
	guarantee proper cleanup on all paths.

	libvirtd: avoid leak on failure
	Spotted by Coverity.  Only possible on an OOM condition, so
	unlikely to bite in the wild.

	* daemon/libvirtd.c (qemudSetLogging): Don't leak memory.

	command: avoid leak on failure
	Detected by Coverity.  While it is possible on OOM condition, as
	well as with bad code that passes binary == NULL, it is unlikely
	to be encountered in the wild.

	* src/util/command.c (virCommandNewArgList): Don't leak memory.

2011-06-03  Daniel P. Berrange  <berrange@redhat.com>

	Explicitly set VM state to paused after migration completes
	In v3 migration, once migration is completed, the VM needs
	to be left in a paused state until after Finish3 has been
	executed on the target. Only then will the VM be killed
	off. When using non-JSON QEMU monitor though, we don't
	receive any 'STOP' event from QEMU, so we need to manually
	set our state offline & thus release lock manager leases.
	It doesn't hurt to run this on the JSON case too, just in
	case the event gets lost somehow

	* src/qemu/qemu_migration.c: Explicitly set VM state to
	  paused when migration completes

	Fix regressions BlockStats/Info APIs in QEMU driver
	The change 18c2a592064d69499f70428e498f4a3cb5161cda caused
	some regressions in behaviour of virDomainBlockStats
	and virDomainBlockInfo in the QEMU driver.

	The virDomainBlockInfo API stopped working for inactive
	guests if querying a block device.

	The virDomainBlockStats API did not promptly report
	an error if the guest was not running in some cases.

	* src/qemu/qemu_driver.c: Fix inactive guest handling
	  in BlockStats/Info APIs

2011-06-03  Jim Fehlig  <jfehlig@novell.com>

	Fix minor issues in libxenlight managed save
	There were a few minor issues in commit 5b6c961e
	- leak managed save path
	- leak managed save fd
	- functions that open an fd should also close it

2011-06-03  Heath Petersen  <HeathPetersen@Kandre.com>

	uml: correct command line networking parameters
	I have been finding that some UML command line networking parameters are
	being generated incorrectly.

	For more information, see
	https://bugzilla.redhat.com/show_bug.cgi?id=706295 .

2011-06-03  Eric Blake  <eblake@redhat.com>

	docs: document iface-* commands
	I intentionally set things up so 'virsh help interface' lists
	commands in alphabetical order, but 'man virsh' lists them in
	topical order; this matches our practice on some other commands.

	* tools/virsh.pod: Document all iface commands.
	* tools/virsh.c (ifaceCmds): Sort.

2011-06-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix auditing of disk hotunplug operations
	The qemuAuditDisk calls in disk hotunplug operations were being
	passed 'ret >= 0', but the code which sets ret to 0 was not yet
	executed, and the error path had already jumped to the 'cleanup'
	label. This meant hotunplug failures were never audited, and
	hotunplug success was audited as a failure

	* src/qemu/qemu_hotplug.c: Fix auditing of hotunplug

	Avoid crash on NULL pointer in lock driver impls during hotplug
	When virLockDriverAcquire is invoked during hotplug the state
	parameter will be left as NULL.

	* src/locking/lock_driver_nop.c,
	  src/locking/lock_driver_sanlock.c: Don't reference NULL state
	  parameter

	Fix return value in lock manager hotplug methods
	Refactoring of the lock manager hotplug methods lost the
	ret = 0 assignment for successful return path

	* src/locking/domain_lock.c: Add missing ret = 0 assignments

	Make sure virDomainSave/virDomainManagedSave reset id to -1
	After successfull virDomainSave/virDomainManagedSave calls
	the guest will no longer be active, so the domain ID must
	be reset to -1

	* daemon/remote_generator.pl: Special case virDomainSave &
	  virDomainManagedSave for same reason as virDomainDestroy

	Fix handling of VIR_EVENT_HANDLE_ERROR in QEMU monitor
	Commit 4454a9efc728b91e791b1f14c26ea23a19d57f48 introduced bad
	behaviour on the VIR_EVENT_HANDLE_ERROR condition. This condition
	is only hit when an invalid FD is used in poll() (typically due
	to a double-close bug). The QEMU monitor code was treating this
	condition as non-fatal, and thus libvirt would poll() in a fast
	loop forever burning 100% CPU. VIR_EVENT_HANDLE_ERROR must be
	handled in the same way as VIR_EVENT_HANDLE_HANGUP, killing the
	QEMU instance.

	* src/qemu/qemu_monitor.c: Treat VIR_EVENT_HANDLE_ERROR as EOF

	Add call to sanlock_restrict() in QEMU lock driver
	In between fork and exec, a connection to sanlock is acquired
	and the socket file descriptor is intionally leaked to the
	child process. sanlock watches this FD for POLL_HANGUP to
	detect when QEMU has exited. We don't want a rogus/compromised
	QEMU from issuing sanlock RPC calls on the leaked FD though,
	since that could be used to DOS other guests. By calling
	sanlock_restrict() on the socket before exec() we can lock
	it down.

	* configure.ac: Check for sanlock_restrict API
	* src/locking/domain_lock.c: Restrict lock acquired in
	  process startup phase
	* src/locking/lock_driver.h: Add VIR_LOCK_MANAGER_ACQUIRE_RESTRICT
	* src/locking/lock_driver_sanlock.c: Add call to sanlock_restrict
	  when requested by VIR_LOCK_MANAGER_ACQUIRE_RESTRICT flag

2011-06-02  Eric Blake  <eblake@redhat.com>

	build: fix VPATH build break from previous patch
	Partial revert of commit c3c30d4de9d.

	* docs/Makefile.am (internals/%.html.tmp): Restore MKDIR_P; it is
	needed for intermediate file after all.
	Reported by Daniel P. Berrange.

2011-06-02  Michal Privoznik  <mprivozn@redhat.com>

	screenshot: Expose the new API in virsh
	* tools/virsh.c: Add screenshot command
	* tools/virsh.pod: Document new command
	* src/libvirt.c: Fix off-be-one error

2011-06-02  Daniel Veillard  <veillard@redhat.com>

	libxl : fix the version for the managed save APIs

2011-06-02  Markus Groß  <gross@univention.de>

	libxl: adds managed save and restore support
	Based on the equivalent qemu driver code

	* src/libxl/libxl_driver.c: refactor the Start save and restore
	  routines of the driver and adds the new entry points for
	  managed saves handling

	libxl: get maximum memory of running domain
	* src/libxl/libxl_driver.c: fix the libxlDomainGetInfo to return the
	  maximum memory for running domain

2011-06-02  Daniel P. Berrange  <berrange@redhat.com>

	Add a plugin for the 'sanlock' project
	Sanlock is a project that implements a disk-paxos locking
	algorithm. This is suitable for cluster deployments with
	shared storage.

	* src/Makefile.am: Add dlopen plugin for sanlock
	* src/locking/lock_driver_sanlock.c: Sanlock driver
	* configure.ac: Check for sanlock
	* libvirt.spec.in: Add a libvirt-lock-sanlock RPM

	Allow leases to be hotpluged with QEMU guests
	* src/conf/domain_conf.c, src/conf/domain_conf.h: APIs for
	  inserting/finding/removing virDomainLeaseDefPtr instances
	* src/qemu/qemu_driver.c: Wire up hotplug/unplug for leases
	* src/qemu/qemu_hotplug.h, src/qemu/qemu_hotplug.c: Support
	  for hotplug and unplug of leases

	Support passing QEMU lock state to dest during migration
	Some lock managers associate state with leases, allowing a process
	to temporarily release its leases, and re-acquire them later, safe
	in the knowledge that no other process has acquired + released the
	leases in between.

	This is already used between suspend/resume operations, and must
	also be used across migration. This passes the lockstate in the
	migration cookie. If the lock manager uses lockstate, then it
	becomes compulsory to use the migration v3 protocol to get the
	cookie support.

	* src/qemu/qemu_driver.c: Validate that migration v2 protocol is
	  not used if lock manager needs state transfer
	* src/qemu/qemu_migration.c: Transfer lock state in migration
	  cookie XML

	Integrate the QEMU driver with the lock manager infrastructure
	The QEMU integrates with the lock manager instructure in a number
	of key places

	 * During startup, a lock is acquired in between the fork & exec
	 * During startup, the libvirtd process acquires a lock before
	   setting file labelling
	 * During shutdown, the libvirtd process acquires a lock
	   before restoring file labelling
	 * During hotplug, unplug & media change the libvirtd process
	   holds a lock while setting/restoring labels

	The main content lock is only ever held by the QEMU child process,
	or libvirtd during VM shutdown. The rest of the operations only
	require libvirtd to hold the metadata locks, relying on the active
	QEMU still holding the content lock.

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h,
	  src/qemu/libvirtd_qemu.aug, src/qemu/test_libvirtd_qemu.aug:
	  Add config parameter for configuring lock managers
	* src/qemu/qemu_driver.c: Add calls to the lock manager

	Add initial docs about the lock managers

	Add higher level lock API for domain objects
	To facilitate use of the locking plugins from hypervisor drivers,
	introduce a higher level API for locking virDomainObjPtr instances.
	In includes APIs targetted to VM startup, and hotplug/unplug

	* src/Makefile.am: Add domain lock API
	* src/locking/domain_lock.c, src/locking/domain_lock.h: High
	  level API for domain locking

	Add a 'nop' lock driver implementation.
	To allow hypervisor drivers to assume that a lock driver impl
	will be guaranteed to exist, provide a 'nop' impl that is
	compiled into the library

	* src/Makefile.am: Add nop driver
	* src/locking/lock_driver_nop.c, src/locking/lock_driver_nop.h:
	  Nop lock driver implementation
	* src/locking/lock_manager.c: Enable direct access of 'nop'
	  driver, instead of dlopen()ing it.

	Basic framework for lock manager plugins
	Define the basic framework lock manager plugins. The
	basic plugin API for 3rd parties to implemented is
	defined in

	  src/locking/lock_driver.h

	This allows dlopen()able modules for alternative locking
	schemes, however, we do not install the header. This
	requires lock plugins to be in-tree allowing changing of
	the lock manager plugin API in future.

	The libvirt code for loading & calling into plugins
	is in

	  src/locking/lock_manager.{c,h}

	* include/libvirt/virterror.h, src/util/virterror.c: Add
	  VIR_FROM_LOCKING
	* src/locking/lock_driver.h: API for lock driver plugins
	  to implement
	* src/locking/lock_manager.c, src/locking/lock_manager.h:
	  Internal API for managing locking
	* src/Makefile.am: Add locking code

	Support leases in guest XML and lock manager
	A lock manager may operate in various modes. The direct mode of
	operation is to obtain locks based on the resources associated
	with devices in the XML. The indirect mode is where the app
	creating the domain provides explicit leases for each resource
	that needs to be locked. This XML extension allows for listing
	resources in the XML

	  <devices>
	     ...
	     <lease>
	       <lockspace>somearea</lockspace>
	       <key>thequickbrownfoxjumpsoverthelazydog</key>
	       <target path='/some/lease/path' offset='23432'/>
	     </lease>
	     ...
	  </devices>

	The 'lockspace' is a unique identifier for the lockspace which
	the lease is associated

	The 'key' is a unique identifier for the resource associated
	with the lease.

	The 'target' is the file on disk where the leases are held.

	* docs/schemas/domain.rng: Add lease schema
	* src/conf/domain_conf.c, src/conf/domain_conf.h: parsing and
	  formatting for leases
	* tests/qemuxml2argvdata/qemuxml2argv-lease.args,
	  tests/qemuxml2argvdata/qemuxml2argv-lease.xml,
	  tests/qemuxml2xmltest.c: Test XML handling for leases

	Allow handshake with child process during startup
	Allow the parent process to perform a bi-directional handshake
	with the child process during fork/exec. The child process
	will fork and do its initial setup. Immediately prior to the
	exec(), it will stop & wait for a handshake from the parent
	process. The parent process will spawn the child and wait
	until the child reaches the handshake point. It will do
	whatever extra setup work is required, before signalling the
	child to continue.

	The implementation of this is done using two pairs of blocking
	pipes. The first pair is used to block the parent, until the
	child writes a single byte. Then the second pair pair is used
	to block the child, until the parent confirms with another
	single byte.

	* src/util/command.c, src/util/command.h,
	  src/libvirt_private.syms: Add APIs to perform a handshake

2011-06-02  Eric Blake  <eblake@redhat.com>

	security: plug regression introduced in disk probe logic
	Regression introduced in commit d6623003 (v0.8.8) - using the
	wrong sizeof operand meant that security manager private data
	was overlaying the allowDiskFormatProbing member of struct
	_virSecurityManager.  This reopens disk probing, which was
	supposed to be prevented by the solution to CVE-2010-2238.

	* src/security/security_manager.c
	(virSecurityManagerGetPrivateData): Use correct offset.

	tests: really fix QEMU XML-2-ARGV graphics-spice-timeout test
	Alas, /usr/bin/kvm is also not directly supported by testutilsqemu.c.

	In fact, _any_ test that uses <cpu match=...> has to use our faked
	qemu.sh in order to properly answer the 'qemu -cpu ?' probe done
	during qemu command line building.

	* tests/qemuxml2argvdata/*graphics-spice-timeout*: Switch emulator, again.

	build: avoid corrupting / in RHEL 5
	I noticed this while building from libvirt.git on RHEL 5.6:

	Generating internals/command.html.tmp
	mkdir: cannot create directory `/internals': Permission denied

	If I had been building as root instead, this pollutes /.

	Older autoconf lacks $(builddir), but it is rigorously equal to '.'
	in newer autoconf, so we could use '$(MKDIR_P) internals' instead.

	However, since internals/command.html is part of the tarball, we
	_already_ build it in $(srcdir), not $(builddir) during VPATH
	builds, so the mkdir is wasted effort!

	* docs/Makefile.am (internals/%.html.tmp): Drop unused mkdir.

2011-06-02  Jiri Denemark  <jdenemar@redhat.com>

	tests: Add a test for correct disk device ordering

	Fix order of disks and controllers
	Commit 2d6adabd53c8f1858191d521dc9b4948d1205955 replaced qsorting disk
	and controller devices with inserting them at the right position. That
	was to fix unnecessary reordering of devices. However, when parsing
	domain XML devices are just taken in the order in which they appear in
	the XML since. Use the correct insertion algorithm to honor device
	target.

2011-06-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix QEMU XML-2-ARGV graphics-spice-timeout test
	The test used an emulator that is not supported in testutilsqemu.c.
	Switch from qemu-kvm to kvm to fix this.

2011-06-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Handle some virTypedParameterPtr using functions
	This doesn't cover the getters that allow to query nparams yet.

	apibuild: Restrict long usage to existing functions and structs
	New APIs have to use long long instead of long.

	Also make apibuild errors fatal.

	remote generator: Legacy support for hyper to long mappings
	Remove some special case code that took care of mapping hyper to the
	correct C types.

	As the list of procedures that is allowed to map hyper to long is fixed
	put it in the generator instead annotations in the .x files. This
	results in simpler .x file parsing code.

	Use macros for hyper to long assignments that perform overflow checks
	when long is smaller than hyper. Map hyper to long long by default.

	Suggested by Eric Blake.

2011-06-01  Daniel P. Berrange  <berrange@redhat.com>

	Remove call to deprecated gnutls_certificate_type_set_priority
	The gnutls_certificate_type_set_priority method is deprecated.
	Since we already set the default gnutls priority, and do not
	support OpenGPG credentials in any case, it was not serving
	any useful purpose and can be removed

	* src/remote/remote_driver.c: Remove src/remote/remote_driver.c
	  call

2011-06-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	Use common parameter order for remote(De)SerializeTypedParameters
	We commonly use "value, length" order, let's stick to this.

	openvz: Add simple test for openvzReadNetworkConf
	Convert openvzLocateConfFile to a replaceable function pointer to
	allow testing the config file parsing without rewriting the whole
	OpenVZ config parsing to a more testable structure.

	openvz: Set virtType to openvz in openvzLoadDomains
	Otherwise virsh dumpxml will report <domain type='qemu'> instead
	of the expected <domain type='openvz'>.

2011-06-01  Osier Yang  <jyang@redhat.com>

	util: Fix incorrect error in PCI functions
	Substitute VIR_ERR_NO_SUPPORT with VIR_ERR_INTERNAL_ERROR. Error
	like following is not what user want to see.

	error : pciDeviceIsAssignable:1487 : this function is not supported
	by the connection driver: Device 0000:07:10.0 is behind a switch
	lacking ACS and cannot be assigned

2011-06-01  Eric Blake  <eblake@redhat.com>

	maint: use consistent file name for threading notes
	* daemon/THREADING.txt: Rename...
	* daemon/THREADS.txt: ...to match qemu thread notes.
	* daemon/Makefile.am (EXTRA_DIST): Reflect rename.

2011-06-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	openvz: Restore original EOF handling in openvzGetProcessInfo
	This function is also affected by getline conversion. But this
	didn't result in a regression in general, because the difference
	would only affect the behavior of the function when the line in
	/proc/vz/vestat for the given vpsid wasn't found. Under normal
	conditions this should not happen.

	openvz: Handle getline failures in openvzReadConfigParam properly
	The regression fix in 3aab7f2d6b068f0 altered the error handling.
	getline returns -1 on failure to read a line (including EOF). The
	original openvzReadConfigParam function using openvz_readline only
	treated EOF as not-found. The current getline version treats all
	getline failures as not-found.

	This patch fixes this and distinguishes EOF from other getline
	failures.

2011-06-01  Eric Blake  <eblake@redhat.com>

	* .gitignore: Exempt a new test binary.

2011-06-01  Cole Robinson  <crobinso@redhat.com>

	storage: List directory volumes for dir/fs/netfs pools
	Since directories can be used for <filesystem> passthrough, they are
	basically storage volumes.

	v2:
	    Skip ., .., lost+found dirs

	v3:
	    Use gnulib last_component

	v4:
	    Use gnulib "dirname.h", not system <dirname.h>
	    Don't skip lost+found

2011-05-31  Michal Privoznik  <mprivozn@redhat.com>

	tests: Add more complex domain scheme test data

	tests: Test for SPICE compression options
	and check regression

2011-05-31  Matthias Bolte  <matthias.bolte@googlemail.com>

	Ignore backward compatibility macros in apibuild.py
	This fixes this three warnings from the parser by allowing the parser
	to ignore some macros in the same way as it can ignore functions.

	Parsing ./../include/libvirt/libvirt.h
	Misformatted macro comment for _virSchedParameter
	 Expecting '* _virSchedParameter:' got '* virSchedParameter:'
	Misformatted macro comment for _virBlkioParameter
	 Expecting '* _virBlkioParameter:' got '* virBlkioParameter:'
	Misformatted macro comment for _virMemoryParameter
	 Expecting '* _virMemoryParameter:' got '* virMemoryParameter:'

2011-05-31  Michal Privoznik  <mprivozn@redhat.com>

	conf: Fix incorrect spice graphic XML format on compression options
	If spice graphics has no <channel> elements, the output graphics XML
	is messed up. To prevent this, we need to end the <graphics> element
	just before adding any compression selecting elements.

2011-05-31  Daniel P. Berrange  <berrange@redhat.com>

	Fix sysinfo/virsh build problems on Win32
	The virSysinfoIsEqual method was mistakenly inside a #ifndef WIN32
	conditional.

	The existing virSysinfoFormat is also stubbed out on Win32, even
	though the code works without any trouble. This breaks XML output
	on Win32, so the stub is removed.

	virsh migrate mistakenly had some variables inside the conditional

	* src/util/sysinfo.c: Build virSysinfoIsEqual on Win32 and remove
	  Win32 stub for virSysinfoFormat
	* tools/virsh.c: Fix variable declaration on Win32

2011-05-31  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	openvz: fix bridge devices parsing in openvzReadNetworkConf()
	strchrnul() was called on the wrong string so it returned
	the same result for each iteration.

2011-05-31  Daniel P. Berrange  <berrange@redhat.com>

	Ensure hvsupport.html.in is built before HTML validation
	In a parallel make, HTML validation tries to run before
	hvsupport.html.in has been built.

	* docs/Makefile.am: List hvsupport.html.in as a built source

	Allow custom XML to be passed in during migration
	Update the qemuDomainMigrateBegin method so that it accepts
	an optional incoming XML document. This will be validated
	for ABI compatibility against the current domain config,
	and if this check passes, will be passed back out for use
	by the qemuDomainMigratePrepare method on the target

	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h,
	  src/qemu/qemu_migration.c: Allow custom XML to be passed

	Allow virsh to pass in a custom XML document for migration
	Switch virsh migrate over to use virDomainMigrate2 and
	virDomainMigrateToURI2. This is still compatible with
	older libvirts, because these methods dynamically choose
	whether to perform v1, v2 or v3 migration based on declared
	RPC support from the libvirtd instances

	Add a --xml arg which allows the user to pass in a custom
	XML document. This XML document must be ABI compatible
	with the current *live* XML document for the running guest
	on the source host. ABI compatibility will be enforced by
	any driver supporting this function

	* tools/virsh.c: Add '--xml' arg to migrate command

	Add an API for comparing the ABI of two guest configurations
	To allow a client app to pass in custom XML during migration
	of a guest it is neccessary to ensure the guest ABI remains
	unchanged. The virDomainDefCheckABIStablity method accepts
	two virDomainDefPtr structs and compares everything in them
	that could impact the guest machine ABI

	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/libvirt_private.syms: Add virDomainDefCheckABIStablity
	* src/conf/cpu_conf.c, src/conf/cpu_conf.h: Add virCPUDefIsEqual
	* src/util/sysinfo.c, src/util/sysinfo.h: Add virSysinfoIsEqual

	Remove unused 'target' field in virDomainHostdevDef
	The virDomainHostdevDef struct contains a 'char *target'
	field. This is set to 'NULL' when parsing XML and never
	used / set anywhere else. Clearly it is bogus & unused

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Remove
	  target from virDomainHostdevDef

2011-05-31  Osier Yang  <jyang@redhat.com>

	lxc: Seperate domain config loading
	This patch seperate the domain config loading just as qemu driver
	does, first loading config of running or trasient domains, then
	of persistent inactive domains. And only try to reconnect the
	monitor of running domains, so that it won't always throws errors
	saying can't connect to domain monitor.

	And as "virDomainLoadConfig->virDomainAssignDef->virDomainObjAssignDef",
	already do things like "vm->newDef = def", removed the codes
	in "lxcReconnectVM" that does the same work.

2011-05-31  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix virTypedParameter alias comments
	Remove the Domain prefix from the comments.

	openvz: Automatically disable on non-Linux systems
	As OpenVZ is Linux specific.

2011-05-31  Markus Groß  <gross@univention.de>

	Support maximum and current memory flags in libxl driver
	Add support to set the maximum memory of the domain.
	Also add support to change the memory of the current
	state of the domain, which translates to a running
	domain or the config of the domain.

	Based on the code from the qemu driver.

	Add domainSave/Restore to libxl driver
	v3:
	* initialize xml pointer to avoid segfault
	* throw error message if domain is paused as
	  libxenlight itself will pause it

	v2:
	* header is now padded and has a version field
	* the correct restore function from libxl is used
	* only create the restore event once in libxlVmStart

	Add domainCoreDump to libxl driver
	v2:
	* incorporated Jim Fehlig's review

	Populate domid field of devices for libxenlight
	This patch fixes the population of the
	libxenlight data structures. Now the devices
	should be removed correctly from the xenstore
	if they are detached.

2011-05-29  Daniel P. Berrange  <berrange@redhat.com>

	Issue full error messages when processing QEMU monitor I/O
	Currently the QEMU monitor I/O handler code uses errno values
	to report errors. This results in a sub-optimal error messages
	on certain conditions, in particular when parsing JSON strings
	malformed data simply results in 'EINVAL'.

	This changes the code to use the standard libvirt error reporting
	APIs. The virError is stored against the qemuMonitorPtr struct,
	and when a monitor API is run, any existing stored error is copied
	into that thread's error local

	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_text.c: Use
	  virError APIs for all monitor I/O handling code

	Don't kill QEMU process when a monitor I/O parsing error occurs
	Currently whenever there is any failure with parsing the monitor,
	this is treated in the same was as end-of-file (ie QEMU quit).
	The domain is terminated, if not already dead.

	With this change, failures in parsing the monitor stream do not
	result in the death of QEMU. The guest continues running unchanged,
	but all further use of the monitor will be disabled.

	The VMM_FAILURE event will be emitted, and the mgmt application
	can decide when to kill/restart the guest to re-gain control

	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Run a
	  different callback for monitor EOF vs error conditions.
	* src/qemu/qemu_process.c: Emit VMM_FAILURE event when monitor
	  fails

	Introduce a new event emitted when a virtualization failure occurs
	This introduces a new domain

	  VIR_DOMAIN_EVENT_ID_CONTROL_ERROR

	Which uses the existing generic callback

	typedef void (*virConnectDomainEventGenericCallback)(virConnectPtr conn,
	                                                     virDomainPtr dom,
	                                                     void *opaque);

	This event is intended to be emitted when there is a failure in
	some part of the domain virtualization system. Whether the domain
	continues to run/exist after the failure is an implementation
	detail specific to the hypervisor.

	The idea is that with some types of failure, hypervisors may
	prefer to leave the domain running in a "degraded" mode of
	operation. For example, if something goes wrong with the QEMU
	monitor, it is possible to leave the guest OS running quite
	happily. The mgmt app will simply loose the ability todo various
	tasks. The mgmt app can then choose how/when to deal with the
	failure that occured.
	* daemon/remote.c: Dispatch of new event
	* examples/domain-events/events-c/event-test.c: Demo catch
	  of event
	* include/libvirt/libvirt.h.in: Define event ID and callback
	* src/conf/domain_event.c, src/conf/domain_event.h: Internal
	  event handling
	* src/remote/remote_driver.c: Receipt of new event from daemon
	* src/remote/remote_protocol.x: Wire protocol for new event
	* src/remote_protocol-structs: add new event for checks

2011-05-29  Eric Blake  <eblake@redhat.com>

	sched: provide new API shims for remaining drivers
	Well, the remaining drivers that already had the get/set
	scheduler parameter functionality to begin with.

	For now, this blindly treats VIR_DOMAIN_SCHEDINFO_CURRENT as
	the only supported operation for these 5 domains; it will
	take domain-specific patches if more specific behavior is
	preferred.

	* src/esx/esx_driver.c (esxDomainGetSchedulerParameters)
	(esxDomainSetSchedulerParameters): Move guts...
	(esxDomainGetSchedulerParametersFlags)
	(esxDomainSetSchedulerParametersFlags): ...to new functions.
	* src/libxl/libxl_driver.c (libxlDomainGetSchedulerParameters)
	(libxlDomainSetSchedulerParameters)
	(libxlDomainGetSchedulerParametersFlags)
	(libxlDomainSetSchedulerParametersFlags): Likewise.
	* src/lxc/lxc_driver.c (lxcGetSchedulerParameters)
	(lxcSetSchedulerParameters, lxcGetSchedulerParametersFlags)
	(lxcSetSchedulerParametersFlags): Likewise.
	* src/test/test_driver.c (testDomainGetSchedulerParams)
	(testDomainSetSchedulerParams, testDomainGetSchedulerParamsFlags)
	(testDomainSetSchedulerParamsFlags): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainGetSchedulerParameters)
	(xenUnifiedDomainSetSchedulerParameters)
	(xenUnifiedDomainGetSchedulerParametersFlags)
	(xenUnifiedDomainSetSchedulerParametersFlags): Likewise.

	virsh: improve schedinfo querying ability
	Since we can now set just --live or --config, we also need to be
	able to query that back.

	In the case of setting both --live and --config, it shouldn't matter
	which value we read back; otherwise, since querying treats the two
	flags as mutually exclusive, so does this patch.

	* tools/virsh.c (cmdSchedinfo): Use new API where appropriate.

	remote: introduce remoteGetSchedulerParametersFlags
	* daemon/remote.c (remoteDispatchDomainGetSchedulerParameters):
	New function.
	* src/remote/remote_driver.c (remoteDomainGetSchedulerParameters):
	Likewise.
	* src/remote/remote_protocol.x
	(remote_domain_get_scheduler_parameters_flags_args)
	(remote_domain_get_scheduler_parameters_flags_ret): New types.
	(remote_procedure): New RPC.
	* src/remote_protocol-structs: Likewise.

	qemu: introduce qemuGetSchedulerParametersFlags
	* src/qemu/qemu_driver.c (qemuGetSchedulerParameters): Move
	guts...
	(qemuGetSchedulerParametersFlags): ...to new callback, and honor
	flags more accurately.

	sched: introduce virDomainGetSchedulerParametersFlags
	If we can choose live or config when setting, then we need to
	be able to choose which one we are querying.

	Also, make the documentation clear that set must use a non-empty
	subset (some of the hypervisors fail if params is NULL).

	* include/libvirt/libvirt.h.in
	(virDomainGetSchedulerParametersFlags): New prototype.
	* src/libvirt.c (virDomainGetSchedulerParametersFlags): Implement
	it.
	* src/libvirt_public.syms: Export it.
	* python/generator.py (skip_impl): Don't auto-generate.
	* src/driver.h (virDrvDomainGetSchedulerParametersFlags): New
	callback.

	remote: consolidate typed parameter handling
	* src/remote/remote_protocol.x (remote_typed_param_value)
	(remote_typed_param):  New types.
	(remote_sched_param_value, remote_sched_param)
	(remote_blkio_param_value, remote_blkio_param)
	(remote_memory_param_value, remote_memory_param): Delete.
	(remote_domain_get_scheduler_parameters_ret)
	(remote_domain_set_scheduler_parameters_args)
	(remote_domain_set_scheduler_parameters_flags_args)
	(remote_domain_set_blkio_parameters_args)
	(remote_domain_get_blkio_parameters_ret)
	(remote_domain_set_memory_parameters_args)
	(remote_domain_get_memory_parameters_ret): Update clients.
	* src/remote_protocol-structs: Likewise.
	* src/remote/remote_driver.c (remoteSerializeTypedParameters)
	(remoteDeserializeTypedParameters): New functions.
	(remoteDomainSetMemoryParameters)
	(remoteDomainGetMemoryParameters, remoteDomainSetBlkioParameters)
	(remoteDomainGetBlkioParameters)
	(remoteDomainGetSchedulerParameters)
	(remoteDomainSetSchedulerParameters)
	(remoteDomainSetSchedulerParametersFlags): Update clients.
	* daemon/remote.c (remoteSerializeTypedParameters)
	(remoteDeserializeTypedParameters): New functions.
	(remoteDispatchDomainGetSchedulerParameters)
	(remoteDispatchDomainSetSchedulerParameters)
	(remoteDispatchDomainSetSchedulerParametersFlags)
	(remoteDispatchDomainSetMemoryParameters)
	(remoteDispatchDomainGetMemoryParameters)
	(remoteDispatchDomainSetBlkioParameters)
	(remoteDispatchDomainGetBlkioParameters): Update clients.

	maint: prefer newer API names internally
	Rather mechanical in nature.

	* src/driver.h: Use newer virTypedParameter API names.
	* src/libvirt.c: Likewise.
	* daemon/remote.c: Likewise.
	* src/esx/esx_driver.c: Likewise.
	* src/libxl/libxl_driver.c: Likewise.
	* src/lxc/lxc_driver.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.
	* src/remote/remote_driver.c: Likewise.
	* src/test/test_driver.c: Likewise.
	* src/xen/xen_driver.c: Likewise.
	* src/xen/xen_hypervisor.c: Likewise.
	* src/xen/xen_hypervisor.h: Likewise.
	* src/xen/xend_internal.c: Likewise.
	* tools/virsh.c: Likewise.

	libvirt.h: avoid regression, and document preferred name
	Commit 824dcaff was a regression (thankfully unreleased) for any
	client code that used 'struct _virSchedParameter' directly rather
	than the preferred virSchedParameter typedef.  Adding a #define
	avoids even that API change, while rearranging the file makes it
	clear what the old vs. new API is.

	* include/libvirt/libvirt.h.in: Rearrange older names to the
	bottom and improve documentation on preferred names.
	(virDomainGetSchedulerParameters, virDomainSetSchedulerParameters)
	(virDomainSetSchedulerParametersFlags)
	(virDomainSetBlkioParameters, virDomainGetBlkioParameters)
	(virDomainSetMemoryParameters, virDomainGetMemoryParameters):
	Use newer type names.
	* python/libvirt-override.c: Adjust code generation to cope.
	Suggested by Daniel P. Berrange.

2011-05-29  Daniel Veillard  <veillard@redhat.com>

	Fix a make check error
	Apparently introdunced in commit 376e1d9420b
	the generator produces u_int flags not unsigned int flags.

	* src/remote_protocol-structs: fix to the actual expected type and
	  alignment

2011-05-29  Richard Laager  <rlaager@wiktel.com>

	Fix virExecWithHook Prototype
	This was necessary to get libvirt to build on Solaris 11 Express and
	seems correct (as it makes this match the definition in util.c):

2011-05-28  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: reorder locks
	This patch reorders the locks for the nwfilter updates and the access
	the nwfilter objects. In the case that the IP address learning thread
	was instantiating filters while an update happened, the previous order
	lead to a deadlock.

2011-05-28  Laine Stump  <laine@laine.org>

	interface: reformat error logs
	It was suggested during review of a different patch that the libvirt
	interface driver API's should have "netcf:" in their log
	messages. This patch eliminates that from all interface driver API
	functions, and also eliminates the extra " - " in the case that netcf
	returns no details in its error info (which *never* happens at
	present, but could happen sometime in the future.

2011-05-28  Michal Privoznik  <mprivozn@redhat.com>

	interface: implement a test driver for network config transaction API.

	interface: Implement driver methods for network config transaction API
	This is the functionality at the end of the libvirt part of the call
	chain - for each function, the corresponding netcf API is called.

	interface: expose network config transaction API to virsh
	This implements the commands iface-begin, iface-commit, and iface-rollback,
	which simply call the corresponding functions in the libvirt API.

	interface: implement remote protocol for network config transaction API

	interface: implement public APIs for libvirt transactional network changes

	interface: define internal driver API for network config transactions

	interface: new public API for network config change transactions
	This is the API agreed on in:

	  https://www.redhat.com/archives/libvir-list/2011-May/msg00026.html

	(with a slight name change to use "...begin" rather than
	"...start"). This implements transactional changes to the host network
	config. When a transaction is begun with ncf_change_begin(), all other
	netcf APIs will continue to work as they always have, but a snapshot
	of the existing config will be taken, allowing reversion (rollback,
	using ncf_change_rollback()) to the exact state of config at the time
	ncf_change_begin() was called. Alternately, if it's determined that
	the new changes are acceptable, ncf_change_commit() can be called,
	which will eliminate the snapshot and make the changes permanent.

	As a failsafe measure, if neither ncf_change_commit() or
	ncf_change_rollback() is called by the next time the system reboots,
	the netcf-transaction initscript will be automatically called to
	rollback the changes.

2011-05-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	openvz: Fix regression in openvzGetVPSUUID
	Commit f044376530f313a replaced openvz_readline with getline and
	changed EOF-handling in the openvzGetVPSUUID.

	This patch restores original EOF-handling.

	Reported by Jean-Baptiste Rouault.

	Add sexpr.c to the list of file with translatable messages
	This should have been in the last commit.

	sexpr: Improve serialization error reporting

	Fix build with --with-driver-modules enabled
	Export a bunch of missing symbols and link the remote driver to gnulib.

2011-05-27  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: implement the new flags for setting memory parameters
	* src/qemu/qemu_driver.c: update qemuDomainSetMemoryParameters to
	  look at the flag parameter and depending on it save the config
	  or the live amount

	qemu: implement the new flags for getting memory parameters
	* src/qemu/qemu_driver.c: update qemuDomainGetMemoryParameters to
	  look at the flag parameter and depending on it read the config
	  or the live amount

	Add new flags for setting memory parameters
	The new flags allow to pick current state, config or the live
	parameter, with current being the existing API default (0).
	This also hooks this to --config, --live, --current parameters for
	the memtune virsh command

	* include/libvirt/libvirt.h.in: defines the new flags
	* tools/virsh.c: adds support at virsh level
	* tools/virsh.pod: updates virsh documentation

2011-05-27  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	qemu : support persistent add/delete network interface
	This patch allows to modify interfaces of domain(qemu)
	* src/conf/domain_conf.c src/conf/domain_conf.h src/libvirt_private.syms:
	  (virDomainNetInsert)     : Insert a network device to domain definition.
	  (virDomainNetIndexByMac) : Returns an index of net device in array.
	  (virDomainNetRemoveByMac): Remove a NIC of passed MAC address.
	* src/qemu/qemu_driver.c
	  (qemuDomainAttachDeviceConfig): add codes for NIC.
	  (qemuDomainDetachDeviceConfig): add codes for NIC.

2011-05-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix regression in absolute file name handling
	Before commit 145d6cb05c45f4 (in August 2010) absolute file names
	in VMX and domain XML configs were handled correctly. But this got
	lost during the refactoring. The test cases didn't highlight this
	problem because they have their own set of file name handling
	functions. The actual ones require a real connection to an ESX
	server. Also the test case functions always worked correctly.

	Fix the regression and add a new in-the-wild VMX file that contains
	such a problematic absolute path. Even though this test case won't
	protect against new regressions.

	Reported by lofic (IRC nick)

	openvz: Add simple testcase for config file parsing function
	This testcase passes before the regression is added in f0443765, fails
	after that commit and passes again after the regression was fixed.

2011-05-27  Hu Tao  <hutao@cn.fujitsu.com>

	don't check flags in virDomainSetSchedulerParametersFlags
	drivers implementing domainSetSchedulerParametersFlags should check
	flags themselves.

2011-05-27  Taisuke Yamada  <tai@rakugaki.org>

	openvz: Fix regression in config file parsing
	As reported by Diego Blanco in

	  https://bugzilla.redhat.com/show_bug.cgi?id=702602

	commit f0443765 which replaced openvz_readline to getline(3)
	broke OpenVZ driver as it changed semantics of EOF-handling
	when parsing OpenVZ configuration.

	There're several other issues reported with current OpenVZ driver:

	 #1: unclear error message when parsing "CPUS=" line
	 #2: openvz driver goes into crashing loop
	 #3: "NETIF=" line in configuration is not parsed correctly
	 #4: aborts even when optional parameter is missing
	 #5: there's a potential memory leak

	This updated patch to fix #[145]. This patch does not fix #[23]
	as I haven't verified these yet, but this at least got me to run
	OpenVZ on libvirt once again.

2011-05-27  Eric Blake  <eblake@redhat.com>

	audit: fix minor off-by-one
	Coverity spotted this off-by-one.  Thankfully, no one in libvirt
	was ever calling virAuditSend with an argument of 3.

	* src/util/virtaudit.c (virAuditSend): Use correct comparison.

2011-05-27  Federico Simoncelli  <fsimonce@redhat.com>

	qemu: allow blkstat/blkinfo calls during migration
	Originally most of libvirt domain-specific calls were blocking
	during a migration.
	A new mechanism to allow specific calls (blkstat/blkinfo) to be
	executed in such condition has been implemented.
	In the long term it'd be desirable to get a more general
	solution to mark further APIs as migration safe, without needing
	special case code.

	 * src/qemu/qemu_migration.c: add some additional job signal
	   flags for doing blkstat/blkinfo during a migration
	 * src/qemu/qemu_domain.c: add a condition variable that can be
	   used to efficiently wait for the migration code to clear the
	   signal flag
	 * src/qemu/qemu_driver.c: execute blkstat/blkinfo using the
	   job signal flags during migration

2011-05-26  Markus Groß  <gross@univention.de>

	Add disk attach/detach support to libxl driver
	Based on the device attach/detach code from the QEMU driver,
	but using the new functions to create the structures associated.
	* src/libxl/libxl_driver.c: implements domainAttachDevice,
	  domainAttachDeviceFlags, domainDetachDevice, domainDetachDeviceFlags
	  and domainUpdateDeviceFlags

	Fix libxl vm def handling on domU cleanup
	* src/libxl/libxl_driver.c: in libxlVmCleanup, free up the
	  newDef definition if present overwise it would be leaked.

	Refactored libxl datastructure instantiation
	Create 3 new function refactored from previous list ones and
	exports them internally to the driver

	* src/libxl/libxl_conf.c src/libxl/libxl_conf.h: create libxlMakeDisk,
	  libxlMakeNic libxlMakeVfb out of the exsting static List functions
	  and exports them

	Fix modifying disk devices in qemu driver
	When modifying the disk devices of a live domain and the domain
	configuration, the function qemuDomainAttachDeviceConfig
	first sets dev->data->disk to NULL. Later qemuDomainAttachDeviceLive
	accesses dev->data.disk and causes a segfault.
	* src/qemu/qemu_driver.c: fix qemuDomainModifyDeviceFlags() accordingly

2011-05-26  Michal Privoznik  <mprivozn@redhat.com>

	schema: Add graphics element passwdValidTo attribute to schema
	We support this in code, but forgot to add this to RNG schema as well.
	According to documentation, the value match the dateTime type.

2011-05-26  Eric Blake  <eblake@redhat.com>

	build: fix 'make dist' for ./configure --without-remote
	Anything generated that must end up in the tarball must either
	have unconditional rules for generation (remote_protocol.c) or
	must live in libvirt.git for the case where the person running
	'make dist' has disabled the configure options that control the
	rebuild of the generated file (remote_protocol-structs).

	* src/Makefile.am (remote_protocol-structs): Add a dependency and
	document why it must live in git.
	($(srcdir)/remote/%_protocol.c, $(srcdir)/remote/%_protocol.c):
	Unconditionally generate.

2011-05-26  Richard W.M. Jones  <rjones@redhat.com>

	json: Avoid passing large positive 64 bit integers to QMP.
	http://lists.gnu.org/archive/html/qemu-devel/2011-05/threads.html#02162

	Currently, qemu silently clips any JSON integer in the range
	0x8000000000000000 - 0xffffffffffffffff (all numbers in this range
	will be clipped to 0x7fffffffffffffff == LLONG_MAX).

	To avoid this, pass these as signed 64 bit integers in the QMP
	request.

2011-05-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix sign mismatches between public API, driver API and XDR protocol
	In most cases this affects flags parameters that are unsigned in the
	public and driver API but signed in the XDR protocol. Switch the
	XDR protocol to unsigned for those.

	A counterexample is virNWFilterGetXMLDesc. Its flags parameter is signed
	in the public API and XDR protocol, but unsigned in the driver API.

	remote generator: Fix XDR sign mismatch for virNodeGet(Cells)FreeMemory
	virNodeGetFreeMemory used unsigned long long in the public API but
	signed hyper in the XDR protocol. Convert the XDR protocol to use
	unsigned hyper.

	As explained by Eric before, this doesn't affect the on-the-wire protocol.

	remote generator: Handle stream-using functions
	Extend procedure annotation in the .x file for stream handling.

	Adds a missing remoteStreamRelease call to remoteDomainScreenshot
	error path.

	remote generator: Make call-by-reference handling stricter
	Several functions return values by reference parameters. This is realized
	by passing the members of remote_CALL_ret by reference to the called
	function.

	The position of this parameters in the function signature follows some
	patterns with some exceptions. This patterns and exceptions are hardcoded
	in the generator.

	Add an insert@<offset> annotation to the remote_CALL_ret struct members
	for functions that return lists to remove some of the hardcoded patterns
	and exceptions.

	remote generator: Rename virNodeGetCellsFreeMemory parameters to common pattern
	This allows to remove some special case code from the generator.

	remote generator: Handle virDomainCreateWithFlags
	Add special case code for updating a given domain object instead of
	returning a new one.

	virsh: time_t is not a long on FreeBSD
	localtime_r expects time_t.

	time_t is not a long on FreeBSD, switch internal type to long long

	Allow to explicitly disable the secrets a directory storage driver

2011-05-26  Eric Blake  <eblake@redhat.com>

	build: avoid strerror_r pitfalls
	In particular, this guarantees that virStrerror always gives a
	useful result.

	* .gnulib: Update to latest, for (lots of) strerror_r fixes.

2011-05-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix the signature of virDomainMigrateFinish3 for error reporting
	The current virDomainMigrateFinish3 method signature attempts to
	distinguish two types of errors, by allowing return with ret== 0,
	but ddomain == NULL, to indicate a failure to start the guest.
	This is flawed, because when ret == 0, there is no way for the
	virErrorPtr details to be sent back to the client.

	Change the signature of virDomainMigrateFinish3 so it simply
	returns a virDomainPtr, in the same way as virDomainMigrateFinish2
	The disk locking code will protect against the only possible
	failure mode this doesn't account for (loosing conenctivity to
	libvirtd after Finish3 starts the CPUs, but before the client
	sees the reply for Finish3).

	* src/driver.h, src/libvirt.c, src/libvirt_internal.h: Change
	  virDomainMigrateFinish3 to return a virDomainPtr instead of int
	* src/remote/remote_driver.c, src/remote/remote_protocol.x,
	  daemon/remote.c, src/qemu/qemu_driver.c, src/qemu/qemu_migration.c:
	  Update for API change

	Fix preservation of errors across migration steps
	When doing migration, if an error occurs in Perform, it must not
	be overwritten during Finish/Confirm steps. If an error occurs
	in Finish, it must not be overwritten in Confirm.

	Previous commit a9d12c2444e43a0d3e5135eb15b4b62a7c011427 added
	code to qemudDomainMigrateFinish2 to preserve the error. This
	is not the right place, because it is not applicable in non-p2p
	migration. The src/libvirt.c virDomainMigrateV2/3 methods need
	code to preserve errors for non-p2p migration, while the
	doPeer2PeerMigrate2 and doPeer2PeerMigrate3 methods contain
	code to preverse errors for p2p migration.

	Remove the bogus error preservation from qemudDomainMigrateFinish2
	and qemudDomainMigrateFinish3.

	Fix virDomainMigrateV3 and doPeer2PeerMigrate3 so that they
	preserve any error hit during the Finish3 step, before invoking
	Confirm3.

	Finally if qemuMigrationFinish fails to resume the CPUs, it must
	preserve the error before tearing down the VM, so that VM cleanup
	doesn't overwrite it.

	* src/libvirt.c: Preserve error before invoking Confirm3
	* src/qemu/qemu_driver.c: Remove bogus error preservation
	  code in qemudDomainMigrateFinish2/qemudDomainMigrateFinish3
	* src/qemu/qemu_migration.c: Preserve error before invoking Confirm3
	  and after resume fails in qemuMigrationFinish.

	Improve debug logging of migration APIs
	* src/libvirt.c: Add further debug lines in helper APIs for
	  migration
	* src/qemu/qemu_migration.c: Add debug lines for all internal
	  migration API parameters

	Fix error propagation in finish method for v3 migration
	Even when failing to start CPUs, the finish method was returning
	a success result. Fix this so that the QEMU process is killed
	off when finish fails under v3 protocol. Also rename the
	killOnFinish boolean to 'v3proto' to make it clearer that this
	is a tunable based on the migration protocol version

	* src/qemu/qemu_driver.c: Update for API change
	* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Kill
	  VM in qemuMigrationFinish if failing to start CPUs

	Fix SPICE seamless migration hostname
	The SPICE seamless migration process requires data to be passed
	back from the target host, to the source host via a cookie.
	The cookie includes the target host's hostname, but this was not
	stored, merely validated. This patch explicitly records the
	remote hostname after parsing the cookie, and uses it when
	initiating the SPICE migration

	* qemu/qemu_migration.c: Fix SPICE seamless migration hostname

	Fix resume on destination when doing non-live tunnelled migration
	Before running perform in peer-2-peer migration, the current
	guest state must be recorded, so that non-live migration can
	currently unpause a running guest on completion.

	* src/qemu/qemu_migration.c: Move check for offline guest
	  to fix non-live migration

	Introduce two method migration APIs
	There are two pieces of information which are desirable for
	migration, which cannot be supplied by applications

	 - The explicit QEMU migration URI, while using Peer2Peer
	   migration
	 - An override for the target VM XML

	This introduces two new public APIs to support these extra
	parameters. There is no need for extra wire protocool changes,
	since this is supported by the v3 migration enhancements

	* include/libvirt/libvirt.h.in,
	  src/libvirt.c, src/libvirt_public.syms: Add virDomainMigrate2
	  and virDomainMigrateToURI2

	Add a second URI parameter to virDomainMigratePerform3 method
	The virDomainMigratePerform3 currently has a single URI parameter
	whose meaning varies. It is either

	 - A QEMU migration URI (normal migration)
	 - A libvirtd connection URI (peer2peer migration)

	Unfortunately when using peer2peer migration, without also
	using tunnelled migration, it is possible that both URIs are
	required.

	This adds a second URI parameter to the virDomainMigratePerform3
	method, to cope with this scenario. Each parameter how has a fixed
	meaning.

	NB, there is no way to actually take advantage of this yet,
	since virDomainMigrate/virDomainMigrateToURI do not have any
	way to provide the 2 separate URIs

	* daemon/remote.c, src/remote/remote_driver.c,
	  src/remote/remote_protocol.x, src/remote_protocol-structs: Add
	  the second URI parameter to perform3 message
	* src/driver.h, src/libvirt.c, src/libvirt_internal.h: Add
	  the second URI parameter to Perform3 method
	* src/libvirt_internal.h, src/qemu/qemu_migration.c,
	  src/qemu/qemu_migration.h: Update to handle URIs correctly

	Extend v3 migration protocol to allow app supplied XML for target
	This extends the v3 migration protocol such that the
	virDomainMigrateBegin3 and virDomainMigratePerform3
	methods accept an application supplied XML config for
	the target VM.

	If the 'xmlin' parameter is NULL, then Begin3 uses the
	current guest XML as normal. A driver implementing the
	Begin3 method should either reject all non-NULL 'xmlin'
	parameters, or strictly validate that the app supplied
	XML does not change guest ABI.

	The Perform3 method also needed the xmlin parameter to
	cope with the Peer2Peer migration sequence.

	NB it is not yet possible to use this capability since
	neither of the public virDomainMigrate/virDomainMigrateToURI
	methods have a way to pass in XML.

	* daemon/remote.c, src/remote/remote_driver.c,
	  src/remote/remote_protocol.x, src/remote_protocol-structs:
	  Add 'remote_string xmlin' parameter to begin3/perform3
	  RPC messages
	* src/libvirt.c, src/driver.h, src/libvirt_internal.h: Add
	  'const char *xmlin' parameter to Begin3/Perform3 methods
	* src/qemu/qemu_driver.c, src/qemu/qemu_migration.c,
	  src/qemu/qemu_migration.h: Pass xmlin parameter around
	  migration methods

2011-05-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Report an error when auth pointer is missing instead of declining
	Otherwise an attempt to use virConnectOpen or virConnectOpenAuth without
	auth pointer results in the driver declining the URI and libvirt falling
	back to the remote driver for an esx:// URI.

2011-05-25  Jim Fehlig  <jfehlig@novell.com>

	Fix initialization of current vcpus in libxl driver
	The cur_vcpus member of struct libxl_domain_build_info was incorrectly
	initialized to the number of vcpus, when it should have been interpreted
	as a bitmap, where bit X corresponds to online/offline status of vcpuX.

	To complicate matters, cur_vcpus is an int, so only 32 vcpus can be
	set online.  Add a check to ensure vcpus does not exceed this limit.

	V2: Eric Blake noted a compilation pitfal when '1 << 32' on an int.
	    Account for vcpus == 32.

2011-05-25  Eric Blake  <eblake@redhat.com>

	build: fix VIR_DEBUG on mingw
	We don't use the gnulib vsnprintf replacement, which means that
	on mingw, vsnprintf doesn't support %zn or %lln.

	And as it turns out, VIR_GET_VAR_STR was a rather inefficient
	reimplementation of virVasprintf logic.

	* src/util/logging.c (VIR_GET_VAR_STR): Drop.
	(virLogMessage): Inline a simpler version here.
	* src/util/virterror.c (VIR_GET_VAR_STR, virRaiseErrorFull):
	Likewise.
	Reported by Matthias Bolte.

2011-05-24  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't change ownership of file when appending to it
	Saving domain to previously created file changes also its ownership.
	This is certainly not what users want if some conditions are met:
	it is a regular, local file and dynamic_ownership is off.

2011-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix accidental revert of .gnulib update
	Change f88af9dc16cf891f88bb925885bdf5e328cf44df accidentally
	reverted the .gnulib update from f3cfc99e794bd77479878fc224c6581b61d57dbd

	* .gnulib: Update to 2c25c9ebe8db1415bfde25f0a451767332c8cf59

2011-05-24  Laine Stump  <laine@laine.org>

	qemu: fix typo in name - should be VHOST_NET, not VNET_HOST
	NB: the enum that uses the string vnet-host (now changed to vhost-net)
	is used in XML, but fortunately that hasn't been in an official
	release yet, so it can still be fixed.

2011-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU -vnc arg generation with raw IPv6 addresses
	Since -vnc uses ':' to separate the address from the port, raw
	IPv6 addresses need to be escaped like [addr]:port

	* src/qemu/qemu_command.c: Escape raw IPv6 addresses with []
	* tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc.args,
	  tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc.xml: Tweak
	  to test Ipv6 escaping
	* docs/schemas/domain.rng: Allow Ipv6 addresses, or hostnames
	  in <graphics> listen attributes

	Fix peer2peer migration with transient VMs
	The qemuMigrationConfirm method shouldn't deal with final VM
	cleanup, since it can be called from the peer2peer migration,
	which expects to still use the 'vm' object afterwards.

	Push the cleanup code out of qemuMigrationConfirm, into its
	caller, qemuDomainMigrateConfirm3

	* src/qemu/qemu_driver.c: Add VM cleanup code to
	  qemuDomainMigrateConfirm3
	* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Remove
	  job handling cleanup from qemuMigrationConfirm

	Perform feature flag compat checking in QEMU migration cookies
	To allow new mandatory migration cookie data to be introduced,
	add support for checking supported feature flags when parsing
	migration cookie.

	* src/qemu/qemu_migration.c: Feature flag checking in migration
	  cookie parsing

2011-05-24  Jiri Denemark  <jdenemar@redhat.com>

	Replace all remaining setgid/setuid calls with virSetUIDGID
	Two additional places need initgroups call to properly work in an
	environment where the UID is allowed to open/create stuff through its
	supplementary groups.

	util: Keep errno set to the root error after when returning from virSetUIDGID

2011-05-24  Michal Privoznik  <mprivozn@redhat.com>

	python: Don't free must-not-free variables
	py_str() function call PyString_AsString(). As written in documentation,
	the caller must not free the returned value, because it points to some
	internal structures.

	storage: Add comment to picking return value of qemu-img
	Commit d7b2679253504d6defa9fc7159b572cfd6a25a95 introduced
	a return value picking of qemu-img on '-h', but without any comment.

2011-05-24  Alon Levy  <alevy@redhat.com>

	spice: support streaming-video parameter
	This adds a streaming-video=filter|all|off attribute. It is used to change
	the behavior of video stream detection in spice, the default is filter (the
	default for libvirt is not to specify it - the actual default is defined in
	libspice-server.so).

	Usage:

	    <graphics type='spice' autoport='yes'>
	      <streaming mode='off'/>
	    </graphics>

	Tested with the above and with tests/qemuxml2argvtest.

2011-05-24  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: enable filtering of gratuitous ARP packets
	This patch enables filtering of gratuitous ARP packets using the following XML:

	<rule action='accept' direction='in' priority='425'>
	<arp gratuitous='true'/>
	</rule>

2011-05-24  Laine Stump  <laine@laine.org>

	qemu: don't require is_kvm for vhost-net support
	This was discussed in:

	  https://www.redhat.com/archives/libvir-list/2011-May/msg01370.html

	The capabilities code only sets the flag to allow use of vhost-net if
	kvm is detected (set if the help string contains "(qemu-kvm-" or
	"(kvm-"), but actually vhost-net is available in some qemu builds that
	don't have kvm in their name, so just checking for ",vhost=" is enough.

2011-05-24  Doug Goldstein  <cardoe@cardoe.com>

	Use per-user TLS certificates when possible
	When using TLS authentication and operating as the non-root user,
	initially attempt to use that specific user's TLS certificates before
	attempting to use the system wide TLS certificates.

2011-05-23  Michal Privoznik  <mprivozn@redhat.com>

	python: Fix typo in bindings
	This typo caused a bug in which we wanted to free() invalid pointer.

	storage: pick return value of qemu-img
	qemu-img returns non-zero status on -h. Therefore we need to
	provide virCommandRun() a non-NULL exit status pointer.

2011-05-22  Wen Congyang  <wency@cn.fujitsu.com>

	build: generate files when building without libvirtd
	Steps to reproduce this problem:
	1. # ./autogen.sh --without-libvirtd
	2. # make dist
	   ...
	   make[1]: Entering directory `/home/wency/source/libvirt-nodaemon/daemon'
	   make[1]: *** No rule to make target `remote_dispatch_prototypes.h', needed by `distdir'.  Stop.
	   make[1]: Leaving directory `/home/wency/source/libvirt-nodaemon/daemon'
	   make: *** [distdir] Error 1

2011-05-21  Osier Yang  <jyang@redhat.com>

	docs: Fix error syntax of vcpupin example XML
	Lacks of "/", push this directly in trivial rule.

2011-05-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Add special case for virConnectGetType

2011-05-20  Richard W.M. Jones  <rjones@redhat.com>

	libvirt.spec: /var/cache/libvirt should be 0711.
	This allows qemu to create files in /var/cache/libvirt/qemu/, and
	specifically is required to fix virDomainMemoryPeek.

	remote: remove bogus virDomainFree.

	qemudDomainMemoryPeek: change ownership/selinux label on temporary file.
	Otherwise qemu is unable to write to it, with the error:

	libvir: QEMU error : internal error unable to execute QEMU command 'memsave': Could not open '/var/cache/libvirt/qemu/qemu.mem.RRNvLv'

2011-05-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Don't rely on $_ being stable over a large function
	Replace $calls{$_} with $call in the dispatch bodies generator function.

	No functional change included.

2011-05-20  Eric Blake  <eblake@redhat.com>

	build: require newer gettext
	Now that RHEL 5.6 ships with gettext 0.17, we can get out of the
	stone age and use the newer gettext capabilities and improved
	macros for certain configure tests.

	* configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.17.
	(MKINSTALLDIRS): Delete hack that is no longer needed.
	* bootstrap.conf (buildreq): Check for minimum gettext version.
	Based on a report by Wen Congyang.

2011-05-20  Supriya Kannery  <supriyak@in.ibm.com>

	virsh: Use Env variables for debug level and logfile
	Use variables VIRSH_DEBUG and VIRSH_LOG_FILE for controlling virsh logging.

2011-05-19  Daniel P. Berrange  <berrange@redhat.com>

	Don't generate cookies with v2 migration protocol.
	The v2 migration protocol had a limit on cookie length that was
	too small to be useful for QEMU. Avoid generating cookies with
	v2 protocol, so that old libvirtd can still reliably migrate a
	guest to new libvirtd uses v2 protocol.

	* src/qemu/qemu_driver.c: Avoid migration cookies with v2
	  migration

	Fix QEMU migration cookie crash for guests with no graphics
	When generating a cookie for a guest with no data, the
	QEMU_MIGRATION_COOKIE_GRAPHICS flag was set even if no
	graphics data was added. Avoid setting the flag unless
	it was needed, also add a safety check for mig->graphics
	being non-NULL

	* src/qemu/qemu_migration.c: Avoid cookie crash for guest
	  with no graphics

	Ensure p2p and direct migration use the new v3 protocol if available
	The internal virDomainMigratePeer2Peer and virDomainMigrateDirect
	helper methods were not checking whether the target supports the
	v3 migration protocol.

	* src/libvirt.c: Use v3 migration protocol for p2p/direct
	  migration if available.

	Blank out the 'listenAddr' parameter if empty string
	Some bogus apps are generating a VNC/SPICE/RFB listen attribute
	with no content. This then causes a failure with the graphics
	migration cookie parsing. Blank out the 'listenAddr' parameter
	after parsing domain XML if it is the empty string, so the host
	default takes over

	* src/qemu/qemu_migration.c: Blank out listenAddr parameter
	  if empty

2011-05-19  Eric Blake  <eblake@redhat.com>

	remote: remove special case for getting version
	The on-the-wire protocol is identical; XDR guarantees that
	both 'hyper' and 'unsigned hyper' are transmitted as 8 bytes.

	* src/remote/remote_protocol.x (remote_get_version_ret)
	(remote_get_lib_version_ret): Match public API.
	* daemon/remote_generator.pl: Drop special case.
	* src/remote_protocol-structs: Reflect updated type.

	build: silence clang false positive
	Clang couldn't quite see that the same condition of
	(flags & VIR_DOMAIN_MEM_CONFIG) is used twice, such that
	the second block is guaranteed that def was assigned in
	the first block.

	* src/libxl/libxl_driver.c (libxlDomainSetMemoryFlags): Add a hint
	for clang.

	virsh: optimize creation of default connection
	Ramon de Carvalho Valle reported a problem with:
	virsh connect qemu:///system
	as a non-root user.  The real root problem appears to be a regression
	in libvirtd being auto-started on the default qemu:///session URI;
	however, the symptom points to an independent flaw in virsh - we
	shouldn't be wasting efforts on making a connection if we aren't going
	to be using that connection.  Fixing virsh avoids Ramon's issue, while
	I work in the meantime to fix the real libvirtd regression.

	This patch looks big, but that's because 'gcc -Wmissing-field-initializers'
	gets triggered by './autobuild.sh --enable-compile-warnings=error', so I
	had to add 0 initialization to everyone (rather than my preference of
	just adding the non-zero flags to virshCmds and to cmdConnect).

	Meanwhile, if you use 'virsh -c URI', the connection must succeed; this
	patch _only_ optimizes the default connection to be deferred to a later
	point where we know if a particular command to be run needs a connection.

	* tools/virsh.c (VSH_CMD_FLAG_NOCONNECT): New flag.
	(vshCmdDef): Add new flags field.
	(vshCommandRun): Honor new flag.
	(domManagementCmds, domMonitoringCmds, storagePoolCmds)
	(storageVolCmds, networkCmds, nodedevCmds, ifaceCmds)
	(nwfilterCmds, secretCmds, virshCmds, snapshotCmds)
	(hostAndHypervisorCmds): Populate new field.
	(vshReconnect): Don't warn on initial connection.

2011-05-19  Matthias Bolte  <matthias.bolte@googlemail.com>

	Improve invalid argument checks for the public API

	Clarify that virDomainGet(Memory|Blkio)Parameters doesn't support subsets
	Improve invalid argument checks in the size query case. The drivers already
	relied on this unchecked behavior.

	Relax the implementation of virDomainGet(Memory|Blkio)MemoryParameters
	in the drivers and allow to pass more memory than necessary for all
	parameters.

	Clarify that virDomainSet(Memory|Blkio)Parameters can take parameter subsets

	Clarify that virDomainSetSchedulerParameters(Flags) can take subsets
	Add invalid argument checks for params and nparams to the public API
	and remove them from the drivers (e.g. xend).

	Add subset handling to libxl and test drivers.

	Clarify the semantic of virDomainGetSchedulerParameters arguments
	params and nparams are essential and cannot be NULL. Check this in
	libvirt.c and remove redundant checks from the drivers (e.g. xend).

	Instead of enforcing that nparams must point to exact same value as
	returned by virDomainGetSchedulerType relax this to a lower bound
	check. This is what some drivers (e.g. xen hypervisor and esx)
	already did. Other drivers (e.g. xend) didn't check nparams at all
	and assumed that there is enough space in params.

	Unify the behavior in all drivers to a lower bound check and update
	nparams to the number of valid values in params on success.

	Clarify semantic of nparams argument of virDomainGetSchedulerType
	Some drivers assumed it can be NULL (e.g. qemu and lxc) and check it
	before assigning to it, other drivers assumed it must be non-NULL
	(e.g. test and esx) and just assigned to it.

	Unify this to nparams being optional and document it.

2011-05-18  Cole Robinson  <crobinso@redhat.com>

	Fix messages using VIR_ERR_XML_ERROR
	This error code has existed since the dawn of time, yet the messages it
	generates are almost universally busted. Here's a small sampling:

	src/conf/domain_conf.c:4889 : XML description for missing root element is not well formed or invalid
	src/conf/domain_conf.c:4951 : XML description for unknown device type is not well formed or invalid
	src/conf/domain_conf.c:5460 : XML description for maximum vcpus must be an integer is not well formed or invalid
	src/conf/domain_conf.c:5468 : XML description for invalid maxvcpus %(count)lu is not well formed or invalid

	Fix up the error code to instead be

	XML error: <msg>

	Adjust the few locations that were using the original correctly (or shouldn't
	have been using the error code at all).

	v2:
	    Fix wording of error code without a passed argument

2011-05-18  Eric Blake  <eblake@redhat.com>

	libvirt.h: consolidate typed parameter handling
	The new type is identical to the three old types that it replaces,
	and by creating a common type, this allows future patches to share
	common code that manipulates typed parameters.

	This change is backwards-compatible in API (recompilation works
	without any edits) and ABI (an older client that has not been
	recompiled uses the same layout) for code using only public
	names; only code using private names (those beginning with _)
	will have to adapt.

	* include/libvirt/libvirt.h.in (virTypedParameterType)
	(VIR_TYPED_PARAM_FIELD_LENGTH, _virTypedParameter): New enum,
	macro, and type.
	(virSchedParameter, virBlkioParameter, virMemoryParameter):
	Rewrite in terms of a common type, while keeping all old public
	names for backwards compatibility.
	(struct _virSchedParameter, struct _virBlkioParameter)
	(struct _virMemoryParameter): Delete - these are private names.
	* python/generator.py (enum): Cope with the refactoring.

	build: update to latest gnulib
	* .gnulib: Update, for bootstrap and other fixes.
	* bootstrap: Resynchronize with gnulib.

2011-05-18  Dirk Herrendorefer  <d.herrendoerfer@herrendoerfer.name>

	Add support for 'passthru' mode for direct network interfaces
	starting with kernel 2.6.38 macvtap supports a 'passthru' mode for
	attaching virtual functions of a SRIOV capable network card directly to a VM.
	This patch adds the capability to configure such a device.

2011-05-18  Michal Privoznik  <mprivozn@redhat.com>

	qemu: fix typo in spice migration code
	This typo caused XPath returning improper value and thus not
	working spice after migration.

2011-05-18  Hu Tao  <hutao@cn.fujitsu.com>

	virsh: add parameters --live, --config and --current to cmd schedinfo
	This enables user to modify cpu.shares even when domain is inactive.

	remote: introduce remoteSetSchedulerParametersFlags
	support for virDomainSetSchedulerParametersFlags of remote driver.

	qemu: introduce qemuSetSchedulerParametersFlags
	Support for virDomainSetSchedulerParametersFlags of qemu driver.

2011-05-18  Eric Blake  <eblake@redhat.com>

	sched: adjust parameter values to make current = 0
	See virDomainMemoryModFlags for precedent.

	* include/libvirt/libvirt.h.in (virDomainSchedParameterFlags): Set
	CURRENT as a synonym to 0.

2011-05-17  Hu Tao  <hutao@cn.fujitsu.com>

	introduce virDomainSetSchedulerParametersFlags
	This new function allows aditional flags to be passed into from
	the virsh command line.

2011-05-17  Eric Blake  <eblake@redhat.com>

	build: drop unused <sys/syslimits.h> header
	<sys/syslimits.h> is not standardized, so portable programs should
	not need to rely on it.  If there really is something that we need
	where <sys/syslimits.h> provided the limit but <limits.h> did not,
	then that would be a candidate for fixing in gnulib.  But this patch
	did not turn up any compilation failures on Linux.

	* src/internal.h (includes): Drop unused header.
	* daemon/libvirtd.h (includes): Likewise.
	* configure.ac (AC_CHECK_HEADERS): Likewise.
	Based on a report by Matthias Bolte.

2011-05-17  Daniel P. Berrange  <berrange@redhat.com>

	Fix prototype of virRun for Win32 targets
	* src/util/util.c: Fix virRun prototype

2011-05-17  Eric Blake  <eblake@redhat.com>

	build: tolerate unlimited group size
	POSIX allows sysconf(_SC_GETPW_R_SIZE_MAX) to return -1 if there
	is no fixed limit, and requires ERANGE errors to track real size.
	Model our behavior after the example in POSIX itself:
	http://pubs.opengroup.org/onlinepubs/9699919799/functions/getpwuid_r.html

	Also, on error for get*_r functions, errno is undefined, and the
	real error was the return value.

	* src/util/util.c (virGetUserEnt, virGetUserID, virGetGroupID)
	(virSetUIDGID):  Cope with sysconf failure or too small buffer.
	Reported by Matthias Bolte.

	openvz: fix logic bug in previous patch
	We want to free names on failure, not on success.

	* src/openvz/openvz_driver.c (openvzListDefinedDomains): Use
	correct condition.

2011-05-17  Cole Robinson  <crobinso@redhat.com>

	storage_backend: Convert virRunWithHook usage to virCommand
	virRunWithHook is now unused, so we can drop it. Tested w/ raw + qcow2
	volume creation and copying.

	v2:
	    Use opaque data to skip hook second time around
	    Simply command building

	v3:
	    Drop explicit FindFileInPath

	storage_backend: Fix error reporting with regex helper
	Some clients overwrite the error from the regex helper, or do half-baked
	error reporting with the exitstatus.

	storage: Covert regex helpers to virCommand
	v2:
	    Simplify command creation
	    Add a missing virCommandFree
	    Use virCommand auto-cleanup for async process

	openvz: Convert virExec usage to virCommand
	v2:
	    Use virCommand's autocleanup

	v3:
	    Don't free 'names' on success

	storage: iscsi: Convert virExec to virCommand
	v2:
	    Use virCommand auto-cleanup

2011-05-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix error reporting in stream creation code
	virStreamNew needs to dispatch the error that virGetStream reports
	on failure.

	remoteCreateClientStream can fail due to virStreamNew or due to
	VIR_ALLOC. Report OOM error for VIR_ALLOC failure to report errors
	in all error cases.

	Remove OOM error reporting from remoteCreateClientStream callers.

	remote generator, client: Add more special case handling
	For virDomainDestroy and virDrvSupportsFeature.

	remote generator, client: Handle functions that return an optional string

	esx: Simplify some esxVI_Boolean to bool

	esx: Convert autoAnswer from esxVI_Boolean to a simple bool
	Just true/false is good enough for it. Also use it directly from the
	parsed URI instead of caching it in esxPrivate.

	esx: Fix race condition in esxVI_EnsureSession
	When the session has expired then multiple threads can race while
	reestablishing it.

	This race condition is not that critical as it requires a special usage
	pattern to be triggered. It can only happen when an application doesn't
	do API calls for quite some time (the session expires after 30 min
	inactivity) and then multiple threads doing simultaneous API calls and
	end up doing simultaneous calls to esxVI_EnsureSession.

2011-05-17  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Correctly initialize libvirt
	virsh didn't call virInitialize(), which (among other things)
	initializes virLastErr thread local variable. As a result of that, virsh
	could just segfault in virEventRegisterDefaultImpl() since that is the
	first call that touches (resets) virLastErr.

	I have no idea what lucky coincidence made this bug visible but I was
	able to reproduce it in 100% cases but only in one specific environment
	which included building in sandbox.

2011-05-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Whitespace cleanup in the generator
	Break long lines and change spacing of keyword arguments to match
	Python style standards better.

	No functional change included.

2011-05-17  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak of mime type string in screenshot dispatcher
	* daemon/remote.c: Free mime string

	Remove obsolete remoteDispatchOOMError method
	No new code should be using remoteDispatchOOMError()

	* daemon/dispatch.c, daemon/dispatch.h: Remove remoteDispatchOOMError

2011-05-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Change some alignments in the input file
	No functional change included.

	esx: Change generated method parameter autobinding
	Instead of specifying the type of the managed object directly specify
	the ServiceContent member name. This way the mapping dictionary can be
	removed.

2011-05-17  Daniel P. Berrange  <berrange@redhat.com>

	Fix remote dispatcher for screenshot command
	* daemon/remote.c: Update screenshot dispatcher to follow
	  standard practice

2011-05-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	virsh: Report an error when virGetUserDirectory fails
	Otherwise virsh shows the interactive greeting and then silently exists
	instead of entering interactive mode.

2011-05-17  Eric Blake  <eblake@redhat.com>

	maint: mark more perl scripts executable
	* src/remote/rpcgen_fix.pl: Add executable bit.
	* tests/oomtrace.pl: Likewise.

	maint: mark perl script executable
	* docs/hvsupport.pl: Add execute bit.

2011-05-16  Eric Blake  <eblake@redhat.com>

	maint: ignore generated file
	* .gitignore: Ignore recently added file.

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Add missing initialization to 'ret' in qemu migration
	* src/qemu/qemu_migration.c: Add missing 'ret' initializer
	  in qemuMigrationCookieXMLParseStr

	Disable virCommandExec on Win32
	Mingw execve() has a broken signature. Disable this
	function until gnulib fixes the signature, since we
	don't really need this on Win32 anyway.

	* src/util/command.c: Disable virCommandExec on Win32

	Improve error message when XDR marshalling fails
	When failing to marshall an XDR message, include the
	full program/version/status/proc/type info, to allow
	easier debugging & diagnosis of the problem.

	* src/remote/remote_driver.c: Improve error when marshalling
	  fails

	Run tunnelled migration IO in separate thread
	By running the doTunnelSendAll code in a separate thread, the
	main thread can do qemuMigrationWaitForCompletion as with
	normal migration. This in turn ensures that job signals work
	correctly and that progress monitoring can be done

	* src/qemu/qemu_migration.c: Run tunnelled migration in
	  separate thread

	Don't overwrite error when stream send fails
	virStreamSend already sets an error message, so don't
	overwrite it

	* src/qemu/qemu_migration.c: Remove bogus error report

	Close all sockets before cancelling QEMU migration
	Cancelling the QEMU migration may cause QEMU to flush pending
	data on the migration socket. This may in turn block QEMU if
	nothing reads from the other end of the socket. Closing the
	socket before cancelling QEMU migration avoids this possible
	deadlock.

	* src/qemu/qemu_migration.c: Close sockets before cancelling
	  migration on failure

	Ensure we always read a full buffer in tunnelled migration
	The 'nbytes' variable was not re-initialized to the
	buffer size on each iteration of the tunnelled migration
	loop. While saferead() will ensure a full read, except
	on EOF, it is clearer to use the real buffer size

	* src/qemu/qemu_migration.c: Always read full buffer of data

	Make tunnelled migration honour resource restriction
	The doTunnelMigrate method forgot to set the bandwidth
	resource restriction

	* src/qemu/qemu_migration.c: Set resource restriction

	Refactor migration completion loop to allow code reuse
	The qemuMigrationWaitForCompletion method contains a loop which
	repeatedly queries QEMU to check migration progress, and also
	processes job signals (pause, setspeed, setbandwidth, cancel).

	The tunnelled migration loop does not currently support this
	functionality, but should. Refactor the code to allow it to
	be used with tunnelled migration.

	Implement migration v3 protocol in QEMU driver
	Implement the v3 migration protocol, which has two extra
	steps, 'begin' on the source host and 'confirm' on the
	source host. All other methods also gain both input and
	output cookies to allow bi-directional data passing at
	all stages.

	The QEMU peer2peer migration method gains another impl
	to provide the v3 migration. This finally allows migration
	cookies to work with tunnelled migration, which is required
	for Spice seamless migration & the lock manager transfer

	* src/qemu/qemu_driver.c: Wire up migrate v3 APIs
	* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Add
	  begin & confirm methods, and peer2peer impl of v3

	Merge tunnel & non-tunnel migration impl into one
	Merge the doNonTunnelMigrate2 and doTunnelMigrate2 methods
	into one doPeer2PeerMigrate2 method, since they are substantially
	the same. With the introduction of v3 migration, this will be
	even more important, to avoid massive code duplication.

	* src/qemu/qemu_migration.c: Merge tunnel & non-tunnel migration

	Fix VM teardown if prepare returns invalid URI in v2 migration
	The v2 migration protocol was accidentally missing out the
	finish step, when prepare succeeded, but returned an invalid
	URI

	* src/libvirt.c: Teardown VM if prepare returns invalid URI

	Refactor tunnelled migration methods
	To facilitate the introduction of the v3 migration protocol,
	the doTunnelMigrate method is refactored into two pieces. One
	piece is intended to mirror the flow of virDomainMigrateVersion2,
	while the other is the helper for setting up sockets and processing
	the data.

	Previously socket setup would be done before the 'prepare' step,
	so errors could be dealt with immediately, avoiding need to shut
	off the destination QEMU. In the new split, socket setup is done
	after the 'prepare' step. This is not a serious problem, since
	the control flow already requires calling 'finish' to tear down
	the destination QEMU upon several errors.

	* src/qemu/qemu_migration.c:

	Wire up SPICE client relocation with QEMU migration
	Use the graphics information from the QEMU migration cookie to
	issue a 'client_migrate_info' monitor command to QEMU. This causes
	the SPICE client to automatically reconnect to the target host
	when migration completes

	* src/qemu/qemu_migration.c: Set data for SPICE client relocation
	  before starting migration on src
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  new qemuMonitorGraphicsRelocate() command

	Pass graphics setup from dst back to src via migration cookies
	Extend the QEMU migration cookie structure to allow information
	about the destination host graphics setup to be passed by to
	the source host. This will enable seamless migration of any
	connected graphics clients

	* src/qemu/qemu_migration.c: Add graphics info to migration
	  cookies
	* daemon/libvirtd.c: Always initialize gnutls to enable
	  x509 cert parsing in QEMU

	Introduce migration cookies to QEMU driver
	The migration protocol has support for a 'cookie' parameter which
	is an opaque array of bytes as far as libvirt is concerned. Drivers
	may use this for passing around arbitrary extra data they might
	need during migration. The QEMU driver needs to do a few things:

	 - Pass hostname/uuid to allow strict protection against localhost
	   migration attempts
	 - Pass SPICE/VNC server port from the target back to the source to
	   allow seamless relocation of client sessions
	 - Pass lock driver state from source to destination

	This patch introduces the basic glue for handling cookies
	but only includes the host/guest UUID & name.

	* src/libvirt_private.syms: Export virXMLParseStrHelper
	* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Parsing
	  and formatting of migration cookies
	* src/qemu/qemu_driver.c: Pass in cookie parameters where possible
	* src/remote/remote_protocol.h, src/remote/remote_protocol.x: Change
	  cookie max length to 16384 bytes

	Fix locking with qemuMigrationPrepareTunnel method
	The qemuMigrationPrepareTunnel method should not unlock the
	qemu driver, since that is the caller's job.

	* src/qemu/qemu_migration.c: Fix qemuMigrationPrepareTunnel
	  unlocking of QEMU driver

	Remote driver implementation of new migration API
	* src/remote/remote_protocol.x: Define wire protocol for migration
	  protocol v3
	* daemon/remote.c: Server side dispatch
	* src/remote/remote_driver.c: Client side serialization
	* src/remote/remote_protocol.c, src/remote/remote_protocol.h,
	  daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h,
	  daemon/remote_dispatch_ret.h, daemon/remote_dispatch_table.h:
	  Re-generate files
	* src/remote_protocol-structs: Declare new ABIs

	Introduce yet another migration version in API.
	Migration just seems to go from bad to worse. We already had to
	introduce a second migration protocol when adding the QEMU driver,
	since the one from Xen was insufficiently flexible to cope with
	passing the data the QEMU driver required.

	It turns out that this protocol still has some flaws that we
	need to address. The current sequence is

	 *  Src: DumpXML
	          - Generate XML to pass to dst

	 *  Dst: Prepare
	          - Get ready to accept incoming VM
	          - Generate optional cookie to pass to src

	 *  Src: Perform
	          - Start migration and wait for send completion
	          - Kill off VM if successful, resume if failed

	 *  Dst: Finish
	          - Wait for recv completion and check status
	          - Kill off VM if unsuccessful

	The problems with this are:

	 - Since the first step is a generic 'DumpXML' call, we can't
	   add in other migration specific data. eg, we can't include
	   any VM lease data from lock manager plugins
	 - Since the first step is a generic 'DumpXML' call, we can't
	   emit any 'migration begin' event on the source, or have
	   any hook that runs right at the start of the process
	 - Since there is no final step on the source, if the Finish
	   method fails to receive all migration data & has to kill
	   the VM, then there's no way to resume the original VM
	   on the source

	This patch attempts to introduce a version 3 that uses the
	improved 5 step sequence

	 *  Src: Begin
	          - Generate XML to pass to dst
	          - Generate optional cookie to pass to dst

	 *  Dst: Prepare
	          - Get ready to accept incoming VM
	          - Generate optional cookie to pass to src

	 *  Src: Perform
	          - Start migration and wait for send completion
	          - Generate optional cookie to pass to dst

	 *  Dst: Finish
	          - Wait for recv completion and check status
	          - Kill off VM if failed, resume if success
	          - Generate optional cookie to pass to src

	 *  Src: Confirm
	          - Kill off VM if success, resume if failed

	The API is designed to allow both input and output cookies
	in all methods where applicable. This lets us pass around
	arbitrary extra driver specific data between src & dst during
	migration. Combined with the extra 'Begin' method this lets
	us pass lease information from source to dst at the start of
	migration

	Moving the killing of the source VM out of Perform and
	into Confirm, means we can now recover if the dst host
	can't successfully Finish receiving migration data.

	Automatically generate the hvsupport.html.in file from source files
	The hvsupport.html.in file is forever out of date. By annotating
	the driver struct tables in each driver with version information,
	we can auto-generate the hvsupport.html.in file. Annotating the
	drivers will be mandatory for new patches, ensuring hvsupport.html.in
	is never out of date again.

	* docs/hvsupport.html.in: Delete
	* hvsupport.pl: Script to generate hvsupport.html.in
	* Makefile.am: Autogenerate hvsupport.html.in

	Add many version number annotations to drivers
	Add many version number annotations to the internal driver
	tables, to allow hvsupport.html to display more accurate
	information

	Convert all driver struct intializers to C99 style
	Change all the driver struct initializers to use the
	C99 style, leaving out unused fields. This will make
	it possible to add new APIs without changing every
	driver. eg change:

	    qemudDomainResume, /* domainResume */
	    qemudDomainShutdown, /* domainShutdown */
	    NULL, /* domainReboot */
	    qemudDomainDestroy, /* domainDestroy */

	to

	    .domainResume = qemudDomainResume,
	    .domainShutdown = qemudDomainShutdown,
	    .domainDestroy = qemudDomainDestroy,

	And get rid of any existing C99 style initializersr which
	set NULL, eg change

	     .listPools          = vboxStorageListPools,
	     .numOfDefinedPools  = NULL,
	     .listDefinedPools   = NULL,
	     .findPoolSources    = NULL,
	     .poolLookupByName   = vboxStoragePoolLookupByName,

	to

	     .listPools          = vboxStorageListPools,
	     .poolLookupByName   = vboxStoragePoolLookupByName,

	Tweak driver naming for consistency with public API
	Fix some driver names:

	  s/virDrvCPUCompare/virDrvCompareCPU/
	  s/virDrvCPUBaseline/virDrvBaselineCPU/
	  s/virDrvQemuDomainMonitorCommand/virDrvDomainQemuMonitorCommand/
	  s/virDrvSecretNumOfSecrets/virDrvNumOfSecrets/
	  s/virDrvSecretListSecrets/virDrvListSecrets/

	And some driver struct field names:

	  s/getFreeMemory/nodeGetFreeMemory/

2011-05-16  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Update domain state when reconnecting monitor
	A qemu domain can get paused when libvirtd is stopped (e.g., because of
	I/O error) so we should check its current state when reconnecting to it.

	Implement domain state reason
	Only in drivers which use virDomainObj, drivers that query hypervisor
	for domain status need to be updated separately in case their hypervisor
	supports this functionality.

	The reason is also saved into domain state XML so if a domain is not
	running (i.e., no state XML exists) the reason will be lost by libvirtd
	restart. I think this is an acceptable limitation.

	Implement basic virDomainGetState in all drivers
	Reason is currently always set to 0 (i.e., *_UNKNOWN).

	virsh: Prefer virDomainGetState over virDomainGetInfo

	Wire protocol format and remote driver for virDomainGetState

	virDomainGetState public API implementation

	Internal driver API for virDomainGetState

	virDomainGetState public API
	This API is supposed to replace virDomainGetInfo when the only purpose
	of calling it is getting current domain status.

2011-05-14  Eric Blake  <eblake@redhat.com>

	phyp: avoid a crash
	This has been present since the introduction of phypAttachDevice
	in commit 444fd07a.

	* src/phyp/phyp_driver.c (phypAttachDevice): Don't dereference
	NULL.

	stream: avoid use-after-free
	virFDStreamClose used a mutex after it was freed, and failed
	to destroy that mutex on its last use.

	* src/fdstream.c (virFDStreamFree): Inline into sole caller...
	(virFDStreamClose): ...to avoid use-after-free and leak.
	Reported by Matthias Bolte.

2011-05-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Refactor common code in the generator
	Move common code from Property and Parameter into new Member class.

	Rename the other base class to Type.

	esx: Improve dynamic cast detection in the generator
	Detect it based on usage as parameter, return type and member of other
	object types.

	esx: Improve list usage detection in the generator
	Detect it based on usage as parameter and return type too.

	esx: Remove 1000 lines of generated but unused code
	Don't make all object and enum types (de)serializable by default.
	Detect this from the input file instead.

	esx: Generate implicit _this macros
	Several vSphere API methods are called on global objects like the
	FileManager, the PerformanceManager or the SearchIndex. The generator
	input file allows to mark such methods and the generator generates
	such method in a way that automatically handles marked parameter. This
	is done by some special macros. Those were manually written and this
	patch moves them to the generator.

	esx: Move the Event type from the VI generator to manually written code
	Accept all types on deserialization in order to accept all Event subtypes.

	This will be used for the upcoming domain event support.

2011-05-14  Wen Congyang  <wency@cn.fujitsu.com>

	test: all test_scripts should be part of tarball when building without libvirtd
	Steps to reproduce this problem:
	1. # ./autogen.sh --without-libvirtd
	2. # make dist
	3. # rpmbuild --nodeps --define "_sourcedir `pwd`" -ba libvirt.spec
	   ...
	   make  check-TESTS
	   make[1]: Entering directory `/home/wency/rpmbuild/BUILD/libvirt-0.9.1/tests'
	   make[1]: *** No rule to make target `test_conf.sh', needed by `check-TESTS'.  Stop.
	   make[1]: Leaving directory `/home/wency/rpmbuild/BUILD/libvirt-0.9.1/tests'
	   make: *** [check-am] Error 2
	   error: Bad exit status from /var/tmp/rpm-tmp.7Rb9PV (%check)

	build: probes.d and libvirtd.stp should be part of tarball
	Steps to reproduce this problem:
	1. # ./autogen.sh --without-libvirtd
	2. # make dist
	3. # rpmbuild --nodeps --define "_sourcedir `pwd`" -ba libvirt.spec
	   ...
	   make[2]: Entering directory `/home/wency/rpmbuild/BUILD/libvirt-0.9.1/daemon'
	   make[2]: *** No rule to make target `probes.d', needed by `probes.h'.  Stop.
	   make[2]: Leaving directory `/home/wency/rpmbuild/BUILD/libvirt-0.9.1/daemon'
	   make[1]: *** [all-recursive] Error 1
	   make[1]: Leaving directory `/home/wency/rpmbuild/BUILD/libvirt-0.9.1'
	   make: *** [all] Error 2
	   error: Bad exit status from /var/tmp/rpm-tmp.WkAD7a (%build)

2011-05-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	command: Fix compilation on FreeBSD
	kill, SIGTERM and SIGKILL require additional header.

	virsh: Fix uninitialized variable warning
	Reported on FreeBSD only.

	apparmor: Fix compilation by removing remains from virCommand conversion
	Commit aaf20355b87d3bfda7579a7f6a4a978e848635c3 was incomplete here and
	missed to remove some parts.

	configure: Fix mpath check on non-Linux systems

2011-05-14  Cole Robinson  <crobinso@redhat.com>

	remote: Convert SSH tunnel to virCommand

	storage: Convert qemu-img -help parsing to virCommand

	apparmor: Convert virExec usage to virCommand
	Untested

	util: Combine __virExec and virExecWithHook
	All callers were expecting argv logging, so the split is unneeded.

	v2:
	    Reindent new virExecWithHook call

	remote_driver: Convert virExecDaemonize usage to virCommand
	And drop the now unused virExecDaemonize

2011-05-14  Eric Blake  <eblake@redhat.com>

	remote: keep 'make check' happy
	* src/remote_protocol-structs (remote_domain_screenshot_args): Use
	spelling preferred by dwarves.

	libxl: fix typos in previous patch
	* src/libxl/libxl_driver.c (libxlDomainEventFlush, libxlShutdown)
	(libxlStartup): Fix typos.

2011-05-13  Cole Robinson  <crobinso@redhat.com>

	remote: Use virDomainEventState helpers
	One functionality change here is that we no longer force enable the event
	timeout for every queued event, only enable it for the first event after
	the queue has been flushed. This is how other drivers have already done it,
	and I haven't encountered problems in practice.

	v3:
	    Adjust for new virDomainEventStateNew argument

	libxl: Convert to virDomainEventState

	test: Use virDomainEventState helpers
	v3:
	    Adjust for new virDomainEventStateNew argument

	lxc: Use virDomainEventState helpers
	v3:
	    Adjust for new virDomainEventStateNew argument

	qemu: Use virDomainEventState helpers
	v2:
	    Drop libvirt_private.syms changes

	v3:
	    Adjust for new virDomainEventStateNew argument

	domain_event: Add common domain event queue/flush helpers
	The same code for queueing, flushing, and deregistering events exists
	in multiple drivers, which will soon use these common functions.

	v2:
	    Adjust libvirt_private.syms
	    isDispatching bool fixes
	    NONNULL tagging

	v3:
	    Add requireTimer parameter to virDomainEventStateNew

	domain_event: Add virDomainEventState structure
	This structure will be used to unify lots of duplicated event handling code
	across the state drivers.

	v2:
	    Check for state == NULL in StateFree
	    Add NONNULL tagging
	    Use bool for isDispatching

	xml: Use virXMLParse* helpers everywhere
	virt-aa-helper isn't even compile tested since I don't have the setup for
	it.

	v2:
	    virt-aa-helper fixes from Eric

	domain: Require <init> for container guests
	Use capabilities to allow a driver to register a default <init> if none
	is specified in the XML. Openvz was already open-coding this to be /sbin/init

	LXC currently falls over if no init is specified, so an explicit error is
	an improvement IMO.

	(Side note: I don't think we can set a default value for LXC. If we use
	/sbin/init but the user doesn't specify a separate root FS for their guest,
	the container will rerun the host's init which can be traumatic :). For
	virt-install I'm thinking of defaulting to /sbin/init if a root FS has
	been specified, otherwise require the user to manually specify <init>)

	xml: Make sure virXpathNodeSet always sets an error
	And update callers to actually respect the error

2011-05-13  Michal Privoznik  <mprivozn@redhat.com>

	vbox: Implement the driver methods
	* src/vbox/vbox_tmpl.c: New vboxDomainScreenshot() function

	qemu: Implement the driver methods
	* src/qemu/qemu_driver.c: new qemuDomainScreenshot() function
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
	  Monitor command

	virFDStream: Add option for delete file after it's opening
	This is needed if we want to transfer a temporary file. If the
	transfer is done with iohelper, we might run into a race condition,
	where we unlink() file before iohelper is executed.

	* src/fdstream.c, src/fdstream.h,
	  src/util/iohelper.c: Add new option
	* src/lxc/lxc_driver.c, src/qemu/qemu_driver.c,
	  src/storage/storage_driver.c, src/uml/uml_driver.c,
	  src/xen/xen_driver.c: Expand existing function calls

	screenshot: Implementing the remote protocol
	* src/remote/remote_protocol.x: Wire protocol definition
	* daemon/remote.c: Daemon part
	* src/remote/remote_driver.c: Client part
	* src/remote_protocol-structs: Add structures

	screenshot: Implementing the public API
	* src/libvirt.c: new function virDomainScreenshot

	screenshot: Defining the internal API
	* src/driver.h: Stub code for new API
	* src/esx/esx_driver.c, src/libxl/libxl_driver.c,
	  src/lxc/lxc_driver.c, src/openvz/openvz_driver.c,
	  src/phyp/phyp_driver.c, src/qemu/qemu_driver.c,
	  rc/remote/remote_driver.c, rc/test/test_driver.c,
	  src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/vmware/vmware_driver.c, src/xen/xen_driver.c,
	  src/xen/xen_driver.h, src/xen/xen_hypervisor.c,
	  src/xen/xen_inotify.c, src/xen/xend_internal.c,
	  src/xen/xm_internal.c, src/xen/xs_internal.c,
	  src/xenapi/xenapi_driver.c: Add dummy entries in driver
	  table for new APIs

	screenshot: Defining the public API
	Add public API for taking screenshots of current domain console.

	* include/libvirt/libvirt.h.in: add virDomainScreenshot
	* src/libvirt_public.syms: Export new symbol

2011-05-12  Wen Congyang  <wency@cn.fujitsu.com>

	build: avoid compiler warning during configure
	There is no need to redefine _GNU_SOURCE in tests that occur after
	gl_INIT, since that macro already AC_DEFINE'd it for us.

2011-05-12  Osier Yang  <jyang@redhat.com>

	docs: Fix documentation for cputune parameters
	This re-adds the example section originally written by Osier Yang,
	and indicates the version in which the cputune parameters became
	available in libvirt.

2011-05-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Add skipgen/autogen flags to .x files
	Make procedure parsing more robust, by allowing arbitrary
	amounts of whitespaces.

	Also make some error messages more verbose.

2011-05-12  Eric Blake  <eblake@redhat.com>

	nwfilter: drop unused flag argument
	The public API and RPC over-the-wire format have no flags argument,
	so neither should the internal callback API.  This simplifies the
	RPC generator.

	* src/driver.h (virDrvNWFilterDefineXML): Drop argument that does
	not match public API.
	* src/nwfilter/nwfilter_driver.c (nwfilterDefine): Likewise.
	* src/libvirt.c (virNWFilterDefineXML): Likewise.
	* daemon/remote_generator.pl: Drop special case.

	maint: omit translation for all VIR_INFO
	We were 31/73 on whether to translate; since less than 50% translated
	and since VIR_INFO is less than VIR_WARN which also doesn't translate,
	this makes sense.

	* cfg.mk (sc_prohibit_gettext_markup): Add VIR_INFO, since it
	falls between WARN and DEBUG.
	* daemon/libvirtd.c (qemudDispatchSignalEvent, remoteCheckAccess)
	(qemudDispatchServer): Adjust offenders.
	* daemon/remote.c (remoteDispatchAuthPolkit): Likewise.
	* src/network/bridge_driver.c (networkReloadIptablesRules)
	(networkStartNetworkDaemon, networkShutdownNetworkDaemon)
	(networkCreate, networkDefine, networkUndefine): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainDefine)
	(qemudDomainUndefine): Likewise.
	* src/storage/storage_driver.c (storagePoolCreate)
	(storagePoolDefine, storagePoolUndefine, storagePoolStart)
	(storagePoolDestroy, storagePoolDelete, storageVolumeCreateXML)
	(storageVolumeCreateXMLFrom, storageVolumeDelete): Likewise.
	* src/util/bridge.c (brProbeVnetHdr): Likewise.
	* po/POTFILES.in: Drop src/util/bridge.c.

	build: wrap macro body in one-shot do-while loop
	* src/libvirt.c (VIR_DOMAIN_DEBUG_1): Convert to single statement.
	Suggested by Jiri Denemark.

	build: drop need for VIR_DOMAIN_DEBUG0()
	This one's tricker than the VIR_DEBUG0() removal, but the end
	result is still C99 compliant, and reasonable with enough comments.

	* src/libvirt.c (VIR_ARG10, VIR_HAS_COMMA)
	(VIR_DOMAIN_DEBUG_EXPAND, VIR_DOMAIN_DEBUG_PASTE): New macros.
	(VIR_DOMAIN_DEBUG): Rewrite to handle one argument, moving
	multi-argument guts to...
	(VIR_DOMAIN_DEBUG_1): New macro.
	(VIR_DOMAIN_DEBUG0): Rename to VIR_DOMAIN_DEBUG_0.

2011-05-12  Christophe Fergeau  <cfergeau@redhat.com>

	fix xdr detection and use with recent glibc
	glibc 2.13.90 has obsoleted its rpc implementation in favour of
	the one provided by the TI-RPC library:

	> * The RPC implementation in libc is obsoleted.  Old programs keep working
	>   but new programs cannot be linked with the routines in libc anymore.
	>   Programs in need of RPC functionality must be linked against TI-RPC.
	>   The TI-RPC implemtation is IPv6 enabled and there are other benefits.
	>
	>   Visible changes of this change include (obviously) the inability to
	>   link
	>   programs using RPC functions without referencing the TI-RPC library,
	>   the
	>   removal of the RPC headers from the glibc headers, and the lack of
	>   symbols defined in <rpc/netdb.h> when <netdb.h> is installed.
	>   Implemented by Ulrich Drepper.
	(from glibc NEWS)

	Thus with recent glibc, we need to try linking with -ltirpc when looking
	for the XDR functions. The daemon also needs to use XDR_CFLAGS to be able
	to find the XDR headers stored in /usr/include/tirpc.

	When using TI-RPC, there are some warnings about redundant declarations, but
	the fix probably belongs in other modules:

	/usr/include/tirpc/rpc/rpcent.h:68:13: warning: redundant redeclaration of
	'setrpcent' [-Wredundant-decls]
	/usr/include/rpc/netdb.h:53:13: note: previous declaration of 'setrpcent'
	was here

	/usr/include/tirpc/rpc/rpcent.h:69:13: warning: redundant redeclaration of
	'endrpcent' [-Wredundant-decls]
	/usr/include/rpc/netdb.h:54:13: note: previous declaration of 'endrpcent'
	was here

	/usr/include/tirpc/rpc/rpc.h:84:12: warning: redundant redeclaration of
	'bindresvport' [-Wredundant-decls]
	/usr/include/netinet/in.h:440:12: note: previous declaration of
	'bindresvport' was here

2011-05-12  Eric Blake  <eblake@redhat.com>

	build: avoid gcc preprocessor extensions
	Use of ',##__VA_ARGS__' is a gcc extension not guaranteed by
	C99; thankfully, we can avoid it by lumping the format argument
	into the var-args set.

	* src/util/logging.h (VIR_DEBUG_INT, VIR_INFO_INT, VIR_WARN_INT)
	(VIR_ERROR_INT, VIR_DEBUG, VIR_INFO, VIR_WARN, VIR_ERROR): Stick
	to C99 var-arg macro syntax.
	* examples/domain-events/events-c/event-test.c (VIR_DEBUG):
	Simplify.

2011-05-12  Lai Jiangshan  <laijs@cn.fujitsu.com>

	libvirt,logging: cleanup VIR_XXX0()
	These VIR_XXXX0 APIs make us confused, use the non-0-suffix APIs instead.

	How do these coversions works? The magic is using the gcc extension of ##.
	When __VA_ARGS__ is empty, "##" will swallow the "," in "fmt," to
	avoid compile error.

	example: origin				after CPP
		high_level_api("%d", a_int)	low_level_api("%d", a_int)
		high_level_api("a  string")	low_level_api("a  string")

	About 400 conversions.

	8 special conversions:
	VIR_XXXX0("") -> VIR_XXXX("msg") (avoid empty format) 2 conversions
	VIR_XXXX0(string_literal_with_%) -> VIR_XXXX(%->%%) 0 conversions
	VIR_XXXX0(non_string_literal) -> VIR_XXXX("%s", non_string_literal)
	  (for security) 6 conversions

2011-05-12  Eric Blake  <eblake@redhat.com>

	maint: avoid a couple of gnulib regressions
	Double-close regression in upstream gnulib fclose was introduced
	to libvirt in commit 9d8e01a1d.

	Meanwhile, adding rpcgen as a bootstrap prerequisite in commit
	fb1e8d9c prevented RHEL 5 from running bootstrap.

	* .gnulib: Update to latest, for fclose and bootstrap fixes.
	* bootstrap: Synchronize from upstream.

	node_device: avoid null dereference on error
	If we plow on after udev_device_get_syspath fails, we will hit a NULL
	dereference.  Clang found one due to strdup later in udevSetParent,
	but in fact we hit a NULL dereference sooner because of the use of
	STREQ within virNodeDeviceFindBySysfsPath.

	* src/conf/node_device_conf.h (virNodeDeviceFindBySysfsPath): Mark
	path argument non-null.
	* src/node_device/node_device_udev.c (udevSetParent): Avoid null
	dereference.

	build: remove some dead assignments
	No syntactic effect; this merely silences some clang warnings.

	* src/libxl/libxl_driver.c (libxlDomainSetVcpusFlags): Drop
	redundant ret=0 statement.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextDriveDel):
	Likewise.

2011-05-11  Eric Blake  <eblake@redhat.com>

	tests: avoid crash when run under gcov
	Running ./autobuild.sh failed when gcov is installed, because
	commandtest ended up crashing during gcov's getenv() call after
	exit() had already started.  I traced this nasty bug back to
	a scoping issue present since the test introduction.

	* tests/commandtest.c (mymain): Move newenv...
	(newenv): ...to a scope that is still useful during exit().

	build: fix VPATH build with distributed generated files
	* daemon/Makefile.am (DAEMON_GENERATED, remote_dispatch_*.h)
	(qemu_dispatch_*.h): Update to live in srcdir, since they are
	distributed.
	Detected by Daniel P. Berrange's autobuilder.

	docs: avoid double 'the'
	* docs/testsuites.html.in: Keep 'make syntax-check' happy.

2011-05-11  Daniel Veillard  <veillard@redhat.com>

	Add documentation about test suites
	Create a new top level entry, add a new page listing the 3
	test suites, and then one page for the TCK and one page for
	libvirt-test-API

2011-05-11  Daniel P. Berrange  <berrange@redhat.com>

	Allow destroying QEMU VM even if a job is active
	Introduce a virProcessKill function that can be safely called
	even when the job mutex is held. This allows virDomainDestroy
	to kill any VM even if it is asleep in a monitor job. The PID
	will die and the thread asleep on the monitor will then wake
	up releasing the job mutex.

	* src/qemu/qemu_driver.c: Kill process before using qemuProcessStop
	  to ensure job is released
	* src/qemu/qemu_process.c: Add virProcessKill for killing off
	  QEMU processes

	Add support for YAJL version 2 API/ABI
	Version 2.0.0 or yajl changed API. It is fairly trivial for us to
	cope with both APIs in libvirt, so adapt.

	* configure.ac: Probe for yajl2 API
	* src/util/json.c: Conditional support for yajl2 API

2011-05-11  Paolo Bonzini  <pbonzini@redhat.com>

	libxl: support enabling the HPET
	libxl accepts hpet configuration in its domain info struct.  Parse the
	domain definition's <clock> element in order to set the value.


	Apologies from Eric Blake, for mistakenly committing the broken
	intermediate version.

	libxl: support enabling the HPET
	libxl accepts hpet configuration in its domain info struct.  Parse the
	domain definition's <clock> element in order to set the value.

	xen: parse and generate hpet item in sxpr
	Recent versions of Xen disable the virtual HPET by default.  This is
	usually more precise because tick policies are not implemented for
	the HPET in Xen.  However, there may be several reasons to control
	the HPET manually: 1) to test the emulation; 2) because distros may
	provide the knob while leaving the default to "enabled" for compatibility
	reasons.

	This patch provides support for the hpet item in both sexpr and xm
	formats, and translates it to a <timer> element.

2011-05-11  Doug Goldstein  <cardoe@gentoo.org>

	docs: updates to CA cert and client cert/key info
	Update the documentation to mention that the CA certificate and the
	client cert/key pair can come from the user's location or the global
	location independent of each other.

	virsh: flexibility in CA cert and user cert/key
	Allow the CA certificate to come from the user's home directory or from
	the global location independently of the client certificate/key pair.

	Mostly for the case when each user on a system has their own cert/key
	pair but the system as a whole shares the same CA.

2011-05-11  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Make parsing stricter
	Anchor matches at the beginning of a line.

	Specialize some general matches.

	Add some comments to special cases.

	remote generator: Unify unsigned int notation in .x files
	Rename u_int and unsigned to unsigned int. This gets rid of some special
	case code in the generator.

	remote generator: Fix comment ignoring regex

	Rename internal DumpXML functions to GetXMLDesc
	This matches the public API and helps to get rid of some special
	case code in the remote generator.

	Rename driver API functions and XDR protocol structs.

	No functional change included outside of the remote generator.

2011-05-11  Lai Jiangshan  <laijs@cn.fujitsu.com>

	qemu,inject-nmi: Implement the driver methods

	inject-nmi: Expose the new API in virsh

	inject-nmi: Implementing the remote protocol

	inject-nmi: Implementing the public API

	inject-nmi: Defining the internal API

	inject-nmi: Defining the public API

2011-05-11  Cole Robinson  <crobinso@redhat.com>

	lxc: container: Build init cmd before we close stdout
	That way we can log the 'init' argv for debugging.

	lxc: container: Convert <init> exec to virCommand

	command: Add virCommandExec helper
	Actually execs the argv/env we've generated, replacing the current process.
	Kind of has a limited usage, but allows us to use virCommand in LXC
	driver to launch the 'init' process

	lxc: driver: Improve logging when launching emulator
	Log the full command line and a timestamp like we do for QEMU

	lxc: driver: Convert emulator launching to virCommand
	v2:
	    Shorten a few virCommand calls
	    s/remain/retain/

	command: Add virCommandEnvAddFormat
	Similar to virCommandArgAddFormat. We will use this shortly.

	v2:
	    Convert virCommandEnvAddPair to use the new function

2011-05-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix two uninitialized variable warnings
	gcc only reports them when compiling with -O3.

	apparmor: Fix uninitalized variable warning in virt-aa-helper

2011-05-10  Eric Blake  <eblake@redhat.com>

	build: translate generated strings
	Make sure that xgettext scans generated files for translatable
	strings, rather than just files stored in libvirt.git.

	* .gnulib: Update, for bootstrap and syntax-check fixes.
	* bootstrap: Resynchronize with gnulib.
	* cfg.mk (generated_files): Define.
	* po/POTFILES.in: Add more files with _().

2011-05-10  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus assert() from migration code
	assert() is forbidden in libvirt code, and these two cases would
	in fact never execute due to earlier error checks.

	* src/libvirt.c: Remove assert() usage

2011-05-09  Daniel P. Berrange  <berrange@redhat.com>

	Pull in gnulib fnmatch module
	The libvirtd daemon uses fnmatch. Although we don't yet build
	it on Win32, we should use gnulib's fnmatch module to ensure
	portability to all platforms.

	* bootstrap.conf: Add fnmatch

2011-05-09  Jiri Denemark  <jdenemar@redhat.com>

	json: Fix *GetBoolean functions
	They were not used anywhere so far so nobody noticed they are broken.

2011-05-09  Eric Blake  <eblake@redhat.com>

	build: rebuild generated files after rpcgen_fix.pl tweak
	Noticed this while trying to run rpcgen on cygwin.

	* src/Makefile.am ($(srcdir)/remote/%_protocol.h)
	($(srcdir)/remote/%_protocol.c): Add a dependency.

	build: fix VPATH builds
	* src/Makefile.am (REMOTE_DRIVER_GENERATED): Generated files
	should live in $(srcdir). Update rules to reflect this.

2011-05-09  Daniel Veillard  <veillard@redhat.com>

	Re-add libvirt.spec to tarball to allwo "make rpm"
	Commit e6972165 broke "make rpm" and rpmbuild -ta tarball

2011-05-07  Daniel P. Berrange  <berrange@redhat.com>

	build: Remove all generated RPC files from GIT
	Stop storing the generated files for the remote protocol client
	and server in source control. The generated files will still be
	included in the result of 'make dist' to avoid end-users needing
	to generate the files


	Unfortunately, this means that the strings marked for translation
	in generated files are not picked up by gnulib's syntax-check,
	I'm working on fixing that in gnulib.

	* .gitignore, cfg.mk, po/POTFILES.in: Reflect deletion.

	build: refactor generated RPC files
	Always generate the rpc files, and require rpcgen during bootstrap.

	* daemon/Makefile.am: Removed generated files with
	  maintainer-clean target
	* src/Makefile.am: Removed generated files with
	  maintainer-clean target. Always run 'rpcgen' if
	  generated files are missing

2011-05-07  Eric Blake  <eblake@redhat.com>

	build: rename generated files to .h, for automake's sake
	In preparation for removing generated files, it is necessary
	to tell automake that the generated files must be distributed
	but not directly compiled (since they are included into the
	body of a larger .c file that is compiled).  Hence, even though
	these files are code and not headers in the strict sense of
	the word, it is easier to rename them to .h for automake's sake.

	* daemon/remote_client_bodies.c: Rename to .h.
	* daemon/qemu_client_bodies.c: Likewise.
	* src/remote/remote_client_bodies.c: Likewise.
	* src/remote/qemu_client_bodies.c: Likewise.
	* daemon/Makefile.am (remote_dispatch_bodies.c)
	(qemu_dispatch_bodies.c): Rename to .h.
	(remote.c, EXTRA_DIST): Reflect rename.
	* daemon/remote.c: Likewise.
	* daemon/remote_generator.pl: Likewise.
	* src/Makefile.am (remote/remote_driver.c): Likewise.
	* src/remote/remote_driver.c: Likewise.
	* po/POTFILES.in: Likewise.
	* cfg.mk (exclude_file_name_regexp--sc_require_config_h)
	(exclude_file_name_regexp--sc_require_config_h_first)
	(exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF):
	Likewise.

2011-05-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator, client: Handle arguments with limited length
	This adds length checks to all affected functions.

	remote generator, client: Handle functions that return lists

	remote: Refactor remote*Open and remote*Close functions
	Add generic versions of the open and close functions and call them.

	remote generator, client: Handle functions with optional return values

	remote generator, client: Handle functions with multiple return values

	remote generator, client: Handle functions with wrapped return values

	remote generator, client: Handle functions with simple return values

	remote generator, client: Handle simple remote driver functions
	Rename remoteSecretListSecrets to remoteListSecrets to match the normal
	naming pattern.

	remote generator: Reorder into prepare and print section

	remote generator, daemon: Handle functions with multiple return values
	Once again rename members in the XDR definitions to avoid special case
	code in the generator.

	remote generator, daemon: Combine multiple ifs in the generated code

	remote generator, daemon: Handle the CPU functions
	They require additional special cases.

	remote generator: Refactor duplicate code

	remote generator, daemon: Handle functions that return lists

	remote: Rename 'nameslen' to the common 'maxnames'
	Avoids special case handling in the remote generator.

	remote generator, daemon: Handle functions with optional arguments

	remote generator, daemon: Handle more functions
	This covers functions that return single wrapped objects and don't
	involve complexer code in the body.

	remote generator, daemon: Handle simple-return-value functions

	remote generator, daemon: Change capitalization of some words
	Again this will simplify the generator, due to less special case handling.

	remote: Replace 'domain' with 'dom' in the XDR protocol
	This simplifies the remote protocol code generator.

	Also rename 'ret' to 'result' to resolve a naming conflict in the
	generator.

	remote generator, daemon: Output function bodies too
	This patch just covers the simple functions without explicit return
	values. There is more to be handled.

	The generator collects the members of the XDR argument structs and uses
	this information to generate the function bodies.

	Exclude the generated files from offending syntax-checks.

	Suggested by Richard W.M. Jones

	remote generator: Replace tabs with spaces and rename file
	No functional change included, just a whitespace change.

2011-05-07  Markus Groß  <gross@univention.de>

	Balloon dom0 in libxl driver
	Creating a domU on a freshly booted dom0 does not work,
	because the libxl driver does not allocate memory for the domU.
	After creating a domain with xl libvirt is able to create domains too.
	This patch reserves enough memory for the domU first.

2011-05-07  Eric Blake  <eblake@redhat.com>

	build: drop files generated by config.status from tarball
	The rule of thumb is that any file generated by config.status
	is a) reproducible by any user, b) dependent on configure options.
	Therefore, it is inappropriate to include such generated files
	in the tarball (for proof, Makefile is generated from Makefile.in;
	the former is not in the tarball while the latter is).

	* Makefile.am (EXTRA_DIST): Remove files covered by AC_OUTPUT.

2011-05-07  Doug Goldstein  <cardoe@gentoo.org>

	remote: check actual access to the cert
	Instead of calling stat(), check that we'll actually be able to access
	and read the file.

2011-05-07  Eric Blake  <eblake@redhat.com>

	maint: avoid comparisons to bool constants
	HACKING already mentions that comparisons against literal 'true'
	are unsafe; for consistency, also shorten comparisons against 'false'.

	* src/conf/domain_conf.c (virDomainNetDefParseXML): Simplify.
	* src/nwfilter/nwfilter_gentech_driver.c
	(virNWFilterDomainFWUpdateCB): Likewise.
	* tools/virsh.c (cmdVolDownload, vshCommandRun, vshPrintExtra):
	Likewise.

2011-05-06  Michal Privoznik  <mprivozn@redhat.com>

	Add warning message to XML definition files stored on disk
	Users often edit XML file stored in configuration directory
	thinking of modifying a domain/network/pool/etc. Thus it is wise
	to let them know they are using the wrong way and give them hint.

2011-05-06  Daniel P. Berrange  <berrange@redhat.com>

	Fix security driver handling of FIFOs with QEMU
	When setting up a FIFO for QEMU, it allows either a pair
	of fifos used unidirectionally, or a single fifo used
	bidirectionally. Look for the bidirectional fifo first
	when labelling since that is more useful

	* src/security/security_dac.c,
	  src/security/security_selinux.c: Fix fifo handling

	Make taint warnings also go into the domain logfile
	As well as taint warnings going to the main libvirt log,
	add taint warnings to the per-domain logfile

	  Domain id=3 is tainted: high-privileges
	  Domain id=3 is tainted: disk-probing
	  Domain id=3 is tainted: shell-scripts
	  Domain id=3 is tainted: custom-monitor

	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Enhance
	  qemuDomainTaint to also log to the domain logfile
	* src/qemu/qemu_driver.c: Pass -1 for logFD to taint methods to
	  auto-append to logfile
	* src/qemu/qemu_process.c: Pass open logFD at startup for taint
	  methods

	Add a qemuDomainAppendLog method for writing to the domain logfile
	The qemuDomainAppendLog method allows writing a formatted string
	to the end of the domain logfile, optionally opening it if needed.

	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Add
	  qemuDomainAppendLog

	Move qemuProcessLogReadFD and qemuProcessLogFD methods
	Move the qemuProcessLogReadFD and qemuProcessLogFD methods
	into qemu_domain.c, renaming them to qemuDomainCreateLog
	and qemuDomainOpenLog.

	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Add
	  qemuDomainCreateLog and qemuDomainOpenLog.
	* src/qemu/qemu_process.c: Remove qemuProcessLogFD
	  and qemuProcessLogReadFD

	Log taint warnings in QEMU driver
	Wire up logging of VM tainting to the QEMU driver

	 - If running QEMU as root user/group or without capabilities
	   being cleared
	 - If passing custom QEMU command line args
	 - If issuing custom QEMU monitor commands
	 - If using a network interface config with an associated
	   shell script
	 - If using a disk config relying on format probing

	The warnings, per-VM appear in the main libvirtd logs

	  11:56:17.571: 10832: warning : qemuDomainObjTaint:712 : Domain id=1 name='l2' uuid=c7a3edbd-edaf-9455-926a-d65c16db1802 is tainted: high-privileges
	  11:56:17.571: 10832: warning : qemuDomainObjTaint:712 : Domain id=1 name='l2' uuid=c7a3edbd-edaf-9455-926a-d65c16db1802 is tainted: disk-probing

	The taint flags are reset when the VM is stopped.

	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Helper APIs
	  for logging taint warnings
	* src/qemu/qemu_driver.c: Log tainting with custom QEMU monitor
	  commands and disk/net hotplug with unsupported configs
	* src/qemu/qemu_process.c: Log tainting at startup based on
	  unsupported configs

	Add field to virDomainObjPtr to track "tainting"
	Some configuration setups for guests are allowed, but strongly
	discouraged and unsupportable in production systems. Introduce
	a concept of 'tainting' to virDomainObjPtr to allow such setups
	to be identified. Drivers can then log warnings at suitable
	times

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Declare taint
	  flags and add parsing/formatting of domain status XML

2011-05-06  Doug Goldstein  <cardoe@gentoo.org>

	virsh: improve TLS certificate error messages
	Print the name of the CA cert, certificate, and key file that resulted
	in the failure so that the user has an idea what to troubleshoot.

2011-05-06  Eric Blake  <eblake@redhat.com>

	virsh: use new method for easier log to file
	Easier to maintain, and no longer an arbitrary line length limit.

	* tools/virsh.c (vshOutputLogFile): Replace snprintf with
	virBuffer.

	buf: add virBufferVasprintf
	Match the fact that we have virAsprintf and virVasprintf.

	* src/util/buf.h (virBufferVasprintf): New prototype.
	* src/util/buf.c (virBufferAsprintf): Move guts...
	(virBufferVasprintf): ...to new function.
	* src/libvirt_private.syms (buf.h): Export it.
	* bootstrap.conf (gnulib_modules): Add stdarg, for va_copy.

	maint: rename virBufferVSprintf to virBufferAsprintf
	We already have virAsprintf, so picking a similar name helps for
	seeing a similar purpose.  Furthermore, the prefix V before printf
	generally implies 'va_list', even though this variant was '...', and
	the old name got in the way of adding a new va_list version.

	global rename performed with:

	$ git grep -l virBufferVSprintf \
	  | xargs -L1 sed -i 's/virBufferVSprintf/virBufferAsprintf/g'

	then revert the changes in ChangeLog-old.

2011-05-06  Cole Robinson  <crobinso@redhat.com>

	docs: <filesystem> attr is 'accessmode', not 'mode'

2011-05-05  Daniel P. Berrange  <berrange@redhat.com>

	Fix qemuMigrationToFile nonull annotation
	The qemuMigrationToFile method was accidentally annotated for
	the 'compressor' parameter to be non-null, instead of the
	'path' parameter. Thus GCC with -O2, unhelpfully deleted the
	entire 'if (compressor == NULL)' block of code during
	optimization. Thus NULL was passed to virCommandNew() with
	predictably bad results.

	* src/qemu/qemu_migration.h: Fix non-null annotation to be
	  against path instead of compressor

	Make QEMU migration use cached qemu capabilities data
	* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Remove
	  qemuCaps parameters & use cached data
	* src/qemu/qemu_driver.c: Don't create & pass qemuCaps to
	  migration methods

	Make QEMU hotplug use cached qemu capabilities data
	* src/qemu/qemu_hotplug.h, src/qemu/qemu_hotplug.c: Remove
	  qemuCaps parameters from all methods
	* src/qemu/qemu_driver.c: Don't create & pass qemuCaps to
	  hotplug methods

	Persist qemu capabilities in the domain status file
	To cope with the QEMU binary being changed while a VM is running,
	it is neccessary to persist the original qemu capabilities at the
	time the VM is booted.

	* src/qemu/qemu_capabilities.c, src/qemu/qemu_capabilities.h: Add
	  an enum for a string rep of every capability
	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Support for
	  storing capabilities in the domain status XML
	* src/qemu/qemu_process.c: Populate & free QEMU capabilities at
	  domain startup

2011-05-05  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.1
	* configure.ac libvirt.spec.in docs/news.html.in: update and document
	  the release
	* po/*.po*: update localizations for german, polish, spanish, ukrainian
	  and vietnamese coming from transifex, regenerate

2011-05-05  Eric Blake  <eblake@redhat.com>

	maint: detect clang 2.9
	In Fedora 15, with clang 2.8, 'scan-build env' shows:
	CCC_ANALYZER_ANALYSIS=-analyzer-check-objc-mem -analyzer-check-security-syntactic -analyzer-check-dead-stores -analyzer-check-objc-unused-ivars -analyzer-check-objc-methodsigs

	But in rawhide, with clang 2.9, the same variable is set but
	empty, implying the default set of analysis.  We still want
	sa_assert defined in that case, to stop clang from hitting
	false positives.

	* configure.ac (STATIC_ANALYSIS): Detect clang even when the set
	of analyses is the default.

	storage: avoid null deref and leak on failure
	Detected by clang.  NULL deref added in commit 343a27a (Mar 11),
	but leak of voldef present since commit 2cd9b2d (Apr 09).

	* src/storage/storage_driver.c (storageVolumeCreateXML): Don't
	leak voldef or dereference null volobj.

2011-05-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Disable performance counter queries in esxDomainGetInfo
	The queried values aren't used yet.

	esx: Avoid null dereference on error in esxDomainGetInfo
	Add missing early exits and convert error logging to proper API level
	error reporting.

	Centralize cleanup code for the PerfQuerySpec object.

	Reported by Eric Blake, detected by clang.

2011-05-05  Eric Blake  <eblake@redhat.com>

	remote: avoid null dereference on error
	Clang found three instances of uninitialized use of nparams in
	the cleanup path.  Unfortunately, one is a false positive: clang
	couldn't see that ret->params.params_val is guaranteed to be
	NULL unless allocated within a function, and that nparams is
	guaranteed to be assigned prior to the allocation; hoisting the
	assignment to nparams to be earlier in the function shuts up
	that false positive.  But two of the reports also happened to
	highlight a real bug - the error path can dereference NULL.

	Regression introduced in commit 158ba873.

	* daemon/remote.c (remoteDispatchDomainGetMemoryParameters)
	(remoteDispatchDomainGetBlkioParameters): Don't clear fields if
	array was not allocated.
	(remoteDispatchDomainGetSchedulerParameters): Initialize nparams
	earlier.

2011-05-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Remove dead store in esxUtil_ParseDatastorePath
	The ++ on preliminaryFileName was a left over from a previous version
	of this function that explicitly returned the filename and did a strdup
	on preliminaryFileName afterwards.

	As the filename isn't returned explicitly anymore remove the preliminary
	variable for it and reuse the tmp variable instead.

	Reported by Eric Blake, detected by clang.

2011-05-04  Eric Blake  <eblake@redhat.com>

	qemu: update qemuCgroupControllerActive signature
	Clang warned about a dead assignment.  In the process, I noticed
	that we are only using the function for a bool value.  I audited
	all other callers in qemu_{migration,cgroup,driver,hotplug), and
	all were making the call in a bool context.

	Also, do bounds checking on the argument.

	* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Delete dead
	assignment.
	(qemuCgroupControllerActive): Change return type to bool.
	* src/qemu/qemu_cgroup.h (qemuCgroupControllerActive): Likewise.

	util: remove dead assignment
	Clang complained about this, and it was easy enough to fix.

	* src/util/util.c (virFileOpenAs): Drop dead assignment.

	lxc: report correct error
	Clang noticed a dead assignment, which turned out to be the use
	of the wrong variable.  rc starts life as -1, and is only ever
	assigned to 0 just before a successful cleanup.

	* src/lxc/lxc_driver.c (lxcSetupInterfaces): Don't call
	virReportSystemError(-1).

	libxl: avoid compiler warning
	Detected by gcc:

	libxl/libxl_driver.c: In function 'libxlDomainDestroy':
	libxl/libxl_drier.c:1351:30: error: variable 'priv' set but not used [-Werror=unused-but-set-variable]

	* src/libxl/libxl_driver.c (libxlDomainDestroy): Delete unused
	variable.

	qemu: remove dead assignment
	Detected by clang.

	* src/qemu/qemu_migration.c (qemuMigrationToFile): Nothing later
	uses is_reg.

	storage: use virCommand to avoid compiler warning
	clang didn't like the last increment to nargs.  But why even
	track nargs ourselves, when virCommand does it for us?

	* src/storage/storage_backend_iscsi.c
	(virStorageBackendISCSIConnection): Switch to virCommand to avoid
	a dead-store warning on nargs.

	cgroup: avoid leaking a file
	Clang detected a dead store to rc.  It turns out that in fixing this,
	I also found a FILE* leak.

	This is a subtle change in behavior, although unlikely to hit.  The
	pidfile is a kernel file, so we've probably got more serious problems
	under foot if we fail to parse one.  However, the previous behavior
	was that even if one pid file failed to parse, we tried others,
	whereas now we give up on the first failure.  Either way, though,
	the function returns -1, so the caller will know that something is
	going wrong, and that not all pids were necessarily reaped.  Besides,
	there were other instances already in the code where failure in the
	inner loop aborted the outer loop.

	* src/util/cgroup.c (virCgroupKillInternal): Abort rather than
	resuming loop on fscanf failure, and cleanup file on error.

	qemu: silence clang false positives
	Clang 2.8 wasn't quite able to follow that persistentDef was
	assigned earlier if (flags & VIR_DOMAIN_MEM_CONFIG) is true.
	Silence this false positive, to make clang analysis easier to use.

	* src/qemu/qemu_driver.c (qemudDomainSetMemoryFlags): Add an
	annotation to silence clang's claim of a NULL dereference.

	virsh: avoid null pointer dereference
	Clang detected that vol-download will call unlink(NULL) if there
	is a parse error during option parsing.  Also, mingw doesn't like
	unlinking an open file.

	* tools/virsh.c (cmdVolDownload): Only unlink file if created.

	pci: fix null pointer dereference
	Clang detected a null-pointer dereference regression, introduced
	in commit 4e8969eb.  Without this patch, a device with
	unbind_from_stub set to false would eventually try to call
	virFileExists on uncomputed drvdir.

	* src/util/pci.c (pciUnbindDeviceFromStub): Ensure drvdir is set
	before use.

	qemu: avoid null pointer dereference
	This code has had problems historically.  As originally
	written, in commit 6bcf2501 (Jun 08), it could call unlink
	on a random string, nuking an unrelated file.

	Then commit 182a80b9 (Sep 09), the code was rewritten to
	allocate tmp, with both a use-after-free bug and a chance to
	call unlink(NULL).

	Commit e206946 (Mar 11) fixed the use-after-free, but not the
	NULL dereference.  Thanks to clang for catching this!

	* src/qemu/qemu_driver.c (qemudDomainMemoryPeek): Don't call
	unlink on NULL.

	tests: avoid null pointer dereference
	Unlikely to hit in real life, but clang noticed it.

	* tests/commandtest.c (checkoutput, test4, test18): Avoid
	unlink(NULL) on OOM.

	Revert "lxc: Do not try to reconnect inactive domain when do lxcStartup"
	This reverts commit 0e7f7f8566f3e7fcf5bce395555fa1b5cf1e136b.

	From the mailing list:

	> So, AFAICT, this patch means we will never reconnect to any LXC
	> VMs now.
	>
	> The correct solution, is to refactor LXC driver startup to work
	> the same way as the QEMU driver startup.
	>
	>   - Load all the live state XML files (to pick up running VMs)
	>   - Reconnect to all VMs
	>   - Load all the persistent config XML files (to pick up any additional
	>     inactive guets)

	But that solution is invasive enough to be post-0.9.1.

2011-05-03  Eric Blake  <eblake@redhat.com>

	tests: suppress more valgrind situations
	* tests/.valgrind.supp: Consolidate bash suppressions.  Ignore
	more libnl issues.

2011-05-03  Michal Privoznik  <mprivozn@redhat.com>

	Fix disability to run on systems with no PCI bus
	The patch which moved libpciaccess initialization to one place caused
	regression - we were not able to run on system with no PCI bus, like
	s390(x).

2011-05-03  Osier Yang  <jyang@redhat.com>

	lxc: Do not try to reconnect inactive domain when do lxcStartup
	Otherwise if there are inactive lxc domains, lxcStartup will
	try to reconnect to sockets of these domains, which results in
	errors in libvirtd log.

2011-05-03  Eric Blake  <eblake@redhat.com>

	tests: avoid compiler warning
	../../tests/xmconfigtest.c: In function 'testCompareParseXML':
	../../tests/xmconfigtest.c:49:19: error: 'conn' may be used uninitialized in this function [-Wuninitialized]

	* tests/xmconfigtest.c (testCompareParseXML): Initialize variable.

2011-05-02  Christophe Fergeau  <cfergeau@redhat.com>

	qemu: fix uninitialized variable warning
	This commit fixes
	qemu/qemu_driver.c: In function 'qemuDomainModifyDeviceFlags':
	qemu/qemu_driver.c:4041:8: warning: 'ret' may be used uninitialized in this
	function [-Wuninitialized]
	qemu/qemu_driver.c:4013:9: note: 'ret' was declared here

	The variable is set to -1 so that the error paths are taken when the code
	to set it didn't get a chance to run. Without initializing it, we could
	return some an undefined value from this function.

	While I was at it, I made a trivial whitespace change in the same function
	to improve readability.

2011-05-02  Gerhard Stenzel  <gstenzel@linux.vnet.ibm.com>

	fix missing VLAN id for Qbg example
	For IEEE 802.1Qbg, it is necessary to use a VLAN interface.
	vepa itself does not require a VLAN interface.

2011-05-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Lower stack usage below 4096 bytes
	Make virtTestLoadFile allocate the buffer to read the file into.

	Fix logic error in virtTestLoadFile, stop reading on the first empty line.

	Use virFileReadLimFD in virtTestCaptureProgramOutput to avoid manual
	buffer handling.

	tests: Update valgrind suppressions file

2011-05-01  Supriya Kannery  <supriyak@in.ibm.com>

	virsh: fix regression in log to file
	Commit 36deff04 introduced a regression due to which virsh is not able
	to log to a file - msg_buf was changed from an array to a pointer
	without corresponding change to usage of "sizeof()".

	Fix regression in virsh logging

2011-04-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	nwfilter: Fix memory leak in the ebtables subdriver
	Call shutdown functions for all subcomponents in nwfilterDriverShutdown.

	Make sure that this shutdown functions can safely be called multiple times
	and independent from the actual subcomponents state.

	qemu: Fix qemuDomainModifyDeviceFlags leaking the caps bitmap

	Fix memory leak in __virExec
	Commit e0d014f2379dd made binary potentially allocated on the heap.
	It was freed in the parent in the error path, but not in the success path
	that doesn't goto the cleanup label.

	Found by 'make -C tests valgrind'.

2011-04-30  Eric Blake  <eblake@redhat.com>

	hash: fix memory leak regression
	Commit 1671d1d introduced a memory leak in virHashFree, and
	wholesale table corruption in virHashRemoveSet (elements not
	requested to be freed are lost).

	* src/util/hash.c (virHashFree): Free bucket array.
	(virHashRemoveSet): Don't lose elements.
	* tests/hashtest.c (testHashCheckForEachCount): New method.
	(testHashCheckCount): Expose the bug.

2011-04-30  Cole Robinson  <crobinso@redhat.com>

	docs: Document <filesystem> device
	Tried to dredge through old changelogs and commits to come up with it, so
	may not be completely accurate.

	v2:
	Drop ambiguous 'containers'
	Use same mail archive for all links

2011-04-30  Eric Blake  <eblake@redhat.com>

	build: fix getcwd portability problems
	* bootstrap.conf (gnulib_modules): Add getcwd-lgpl.
	* tests/commandtest.c (checkoutput): Drop unused cwd.
	* tests/commandhelper.c (main): Let getcwd malloc.
	* tests/testutils.c (virTestMain): Likewise.
	* tools/virsh.c (cmdPwd): Likewise.
	(virshCmds): Expose cmdPwd and cmdCd on mingw.

	tests: simplify common setup
	A few of the tests were missing basic sanity checks, while most
	of them were doing copy-and-paste initialization (in fact, some
	of them pasted the argc > 1 check more than once!).  It's much
	nicer to do things in one common place, and minimizes the size of
	the next patch that fixes getcwd usage.

	* tests/testutils.h (EXIT_AM_HARDFAIL): New define.
	(progname, abs_srcdir): Define for all tests.
	(VIRT_TEST_MAIN): Change callback signature.
	* tests/testutils.c (virtTestMain): Do more common init.
	* tests/commandtest.c (mymain): Simplify.
	* tests/cputest.c (mymain): Likewise.
	* tests/esxutilstest.c (mymain): Likewise.
	* tests/eventtest.c (mymain): Likewise.
	* tests/hashtest.c (mymain): Likewise.
	* tests/networkxml2xmltest.c (mymain): Likewise.
	* tests/nodedevxml2xmltest.c (myname): Likewise.
	* tests/nodeinfotest.c (mymain): Likewise.
	* tests/nwfilterxml2xmltest.c (mymain): Likewise.
	* tests/qemuargv2xmltest.c (mymain): Likewise.
	* tests/qemuhelptest.c (mymain): Likewise.
	* tests/qemuxml2argvtest.c (mymain): Likewise.
	* tests/qemuxml2xmltest.c (mymain): Likewise.
	* tests/qparamtest.c (mymain): Likewise.
	* tests/sexpr2xmltest.c (mymain): Likewise.
	* tests/sockettest.c (mymain): Likewise.
	* tests/statstest.c (mymain): Likewise.
	* tests/storagepoolxml2xmltest.c (mymain): Likewise.
	* tests/storagevolxml2xmltest.c (mymain): Likewise.
	* tests/virbuftest.c (mymain): Likewise.
	* tests/virshtest.c (mymain): Likewise.
	* tests/vmx2xmltest.c (mymain): Likewise.
	* tests/xencapstest.c (mymain): Likewise.
	* tests/xmconfigtest.c (mymain): Likewise.
	* tests/xml2sexprtest.c (mymain): Likewise.
	* tests/xml2vmxtest.c (mymain): Likewise.

2011-04-29  Eric Blake  <eblake@redhat.com>

	build: avoid test warnings on mingw
	* .gnulib: Update to latest, for getaddrinfo fixes.
	Reported by Matthias Bolte.

	virsh: avoid compiler warning on mingw
	We don't use gnulib's sanitizations for vfprintf, but vshDebug
	was used with %zu, which means that it would fail on mingw.
	Thank goodness the compiler indirectly caught this for us :)

	virsh.c: In function 'vshDebug':
	virsh.c:12105:5: warning: function might be possible candidate for
	'ms_printf' format attribute [-Wmissing-format-attribute]

	since mingw <stdio.h> hasn't yet added gcc attributes to vfprintf.

	* tools/virsh.c (vshDebug): Avoid vfprintf.
	(vshPrintExtra): Use lighter-weight fputs.
	Reported by Matthias Bolte.

2011-04-29  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	libvirt/qemu - support persistent update of disks
	Support update of disks by MODIFY_CONFIG

	This patch includes changes for qemu's disk to support
	virDomainUpdateDeviceFlags() with VIR_DOMAIN_DEVICE_MODIFY_CONFIG.

	This patch adds support for CDROM/foppy disk types.


	* src/qemu/qemu_driver.c
	(qemuDomainUpdateDeviceConfig): support cdrom/floppy.

2011-04-29  Jim Fehlig  <jfehlig@novell.com>

	Xen: Do not generate net ifname if domain is inactive
	V2: Use virAsprintf instead of snprintf/strdup

	The xend driver will generate a virDomainNetDef ifname if one is not
	specified in xend sexpr, even if domain is inactive.  The result is
	network interface XML containing 'vif-1.Y' on dev attribute of target
	element, e.g.

	  <interface type='bridge'>
	    <target dev='vif-1.0'/>
	    ...

	This patch changes the behavior to only generate the ifname if not
	specified in xend sexpr *and* domain is not inactive (id != -1).

2011-04-29  Yufang Zhang  <yuzhang@redhat.com>

	xen: check if device is assigned to guest before reattaching
	Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=664059

	Reattaching pci device back to host without destroying guest or
	detaching device from guest would cause host to crash. This patch adds
	a check before doing device reattach. If the device is being assigned
	to guest, libvirt refuses to reattach device to host. The patch only
	works for Xen, for it just checks xenstore to get pci device
	information.

2011-04-28  Laine Stump  <laine@laine.org>

	network: fix return value of hostsFileWrite
	The lone caller to hostsFileWrite (and the callers for at least 3
	levels up the return stack) assume that the return value will be < 0
	on failure. However, hostsFileWrite returns 0 on success, and a
	positive errno on failure. This patch changes hostsFileWrite to return
	-errno on failure.

2011-04-28  Eric Blake  <eblake@redhat.com>

	maint: fix comment typos
	* src/esx/esx_driver.c: Fix spelling of 'relative'.
	* src/util/util.c: Likewise.

2011-04-28  Jiri Denemark  <jdenemar@redhat.com>

	build: Use pkg-config for libssh2 check
	Currently the build fails if /usr/local/include does not exist since
	its use is hardcoded in configure.ac

	build: Ignore old audit library
	Check for audit_encode_nv_string in libaudit so that ancient audit
	library is ignored rather than trying to compile with libaudit support
	and failing.

2011-04-28  Osier Yang  <jyang@redhat.com>

	util: Initialize hooks at daemon shutdown if no hooks defined
	We support to initialize the hooks at daemon reload if there is no
	hooks script is defined, we should also support initialize the hooks
	at daemon shutdown if no hooks is defined.

	To address bz: https://bugzilla.redhat.com/show_bug.cgi?id=688859

2011-04-28  Wen Congyang  <wency@cn.fujitsu.com>

	fix virsh's regression
	This patch does the following things:
	1. The return value of cmdSchedInfoUpdate() can be -1, 0 and 1. So the
	   type of return value should be int not bool.(This function is not a
	   entry of a virsh command, but the name of this function likes cmdXXX)

	2. The type of cmdSchedinfo()'s, cmdFreecell()'s, cmdPoolList()'s and
	   cmdVolList()'s return value is bool not int, so change the type of
	   variable ret_val, func_ret and functionReturn.

	3. Add a variable functionReturn for cmdMigrate(), cmdAttachInterface(),
	   cmdDetachInterface(), cmdAttachDisk() and cmdDetachDisk() to save the
	   return value.

	4. Change the type of variable ret in the function cmdAttachDevice(),
	   cmdDetachDevice(), cmdUpdateDevice(), cmdAttachInterface(),
	   cmdDetachInterface(), cmdAttachDisk() and cmdDetachDisk() to int, as
	   we use it to save the return value of virXXX() and the type of virXXX()'s
	   return value is int not bool.

	5. Do some cleanup when virBuff.error is 1.

	The bug 1-4 were introduced by commit b56fa5bb.

2011-04-28  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	libvirt/qemu - support persistent attach/detach disks
	Support changes of disks by MODIFY_CONFIG for qemu.

	This patch includes patches for qemu's disk to support
	virDomainAt(De)tachDeviceFlags with VIR_DOMAIN_DEVICE_MODIFY_CONFIG.

	Other devices can be added incrementally.


	* /src/conf/domain_conf.c
	(virDomainDiskIndexByName): returns array index of disk in vmdef.
	(virDomainDiskRemoveByName): removes a disk which has the name in vmdef.
	* src/qemu/qemu_driver.c
	(qemuDomainAttachDeviceConfig): add support for Disks.
	(qemuDomainDetachDeviceConfig): add support for Disks.

	libvirt/qemu - support persistent modification of devices
	This patch adds functions for modify domain's persistent definition.
	To do error recovery in easy way, we use a copy of vmdef and update it.

	The whole sequence will be:

	  make a copy of domain definition.

	  if (flags & MODIFY_CONFIG)
	      update copied domain definition
	  if (flags & MODIF_LIVE)
	      do hotplug.
	  if (no error)
	      save copied one to the file and update cached definition.
	  else
	      discard copied definition.

	This patch is mixuture of Eric Blake's work and mine.
	From: Eric Blake <eblake@redhat.com>

	(virDomainObjCopyPersistentDef): make a copy of persistent vm definition
	(qemuDomainAttach/Detach/UpdateDeviceConfig) : callbacks. now empty
	(qemuDomainModifyDeviceFlags): add support for MODIFY_CONFIG and MODIFY_CURRENT

2011-04-28  Eric Blake  <eblake@redhat.com>

	build: fix 32-bit test failure
	Same fix as commit 1fc288e1e25.

	* tests/hashtest.c (testHashRemoveForEach): Use correct format.

2011-04-27  Jiri Denemark  <jdenemar@redhat.com>

	util: Simplify hash implementation
	So far first entries for each hash key are stored directly in the hash
	table while other entries mapped to the same key are linked through
	pointers. As a result of that, the code is cluttered with special
	handling for the first items.

	This patch makes all entries (even the first ones) linked through
	pointers, which significantly simplifies the code and makes it more
	maintainable.

	tests: More unit tests for internal hash APIs
	This adds several tests for remaining hash APIs (custom
	hasher/comparator functions are not covered yet, though).

	All tests pass both before and after the "Simplify hash implementation".

2011-04-27  Osier Yang  <jyang@redhat.com>

	build: Fix problem of building Python bindings
	If one specify "--with-python=yes" but no python-devel package
	is installed, we ignore it with just a notice message, which
	doesn't give clear guide to user.

2011-04-27  Wen Congyang  <wency@cn.fujitsu.com>

	release PCI address only when we have ensured it successfully
	Steps to reproduce this bug:
	1. # cat net.xml # 00:03.0 has been used
	    <interface type='network'>
	      <mac address='52:54:00:04:72:f3'/>
	      <source network='default'/>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
	    </interface>

	2. # virsh attach-device vm1 net.xml
	   error: Failed to attach device from net.xml
	   error: internal error unable to reserve PCI address 0:0:3

	3. # virsh attach-device vm1 net.xml
	   error: Failed to attach device from net.xml
	   error: internal error unable to execute QEMU command 'device_add': Device 'rtl8139' could not be initialized

	The reason of this bug is that: we can not reserve PCI address 0:0:3 because it has
	been used, but we release PCI address when we reserve it failed.

2011-04-27  Hu Tao  <hutao@cn.fujitsu.com>

	free memory properly in cleanup patch
	virsh schedinfo inactive-domain will trigger the problem.

2011-04-27  Wen Congyang  <wency@cn.fujitsu.com>

	free buf->content when vsnprintf() failed
	When buf->error is 1, we do not return buf->content in the function
	virBufferContentAndReset(). So we should free buf->content when
	vsnprintf() failed.

2011-04-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix dynamic dispatch for CastFromAnyType functions
	This was broken by the refactoring in ac1e6586ec75. It resulted in a
	segfault for 'virsh vol-dumpxml' and related volume functions.

	Before the refactoring all users of the ESX_VI__TEMPLATE__DISPATCH
	macro dispatched on the item type, as the item is the input to all those
	functions.

	Commit ac1e6586ec75 made the dynamically dispatched CastFromAnyType
	functions use this macro too, but this functions dispatched on the
	actual type of the AnyType object. The item is the output of the
	CastFromAnyType functions.

	This difference was missed in the refactoring, making CastFromAnyType
	functions dereferencing the item pointer that is NULL at the time of
	the dispatch.

	Move call to virReportOOMError into virFileBuildPath
	Suggested by Daniel P. Berrange

2011-04-27  Eric Blake  <eblake@redhat.com>

	build: use gnulib passfd for simpler SCM_RIGHTS code
	* .gnulib: Update to latest for passfd fixes.
	* bootstrap.conf (gnulib_modules): Add passfd.
	* src/util/util.c (virFileOpenAs): Simplify.

2011-04-26  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add flags checking in DomainCoreDump

2011-04-26  Mark Wu  <dwu@redhat.com>

	Make crash and live flags mutually exclusive in virDomainCoreDump
	They don't make any sense when used together.

2011-04-26  Guido Günther  <agx@sigxcpu.org>

	Make sure DNSMASQ_STATE_DIR exists
	otherwise the directory returned by networkDnsmasqLeaseFileName will not
	be created if ipdef->nhosts == 0 in networkBuildDnsmasqArgv.

2011-04-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix small memory leaks in config parsing related functions
	Found by 'make -C tests valgrind'.

	xen_xm.c: Dummy allocation via virDomainChrDefNew is directly
	overwritten and lost. Free 'script' in success path too.

	vmx.c: Free virtualDev_string in success path too.

	domain_conf.c: Free compression in success path too.

	Add virDomainEventRebootNew
	This will be used in the ESX driver event handling.

2011-04-26  Eric Blake  <eblake@redhat.com>

	build: make VIR_FREE do some type checking
	We can exploit the fact that gcc warns about int-to-pointer conversion
	in ternary cond?(void*):(int) in order to prevent future mistakes of
	calling VIR_FREE on a scalar lvalue.  For example, between commits
	158ba873 and 802e2df, we would have had this warning:

	cc1: warnings being treated as errors
	remote.c: In function 'remoteDispatchListNetworks':
	remote.c:3684:70: error: pointer/integer type mismatch in conditional expression

	There are still a number of places that malloc into a const char*;
	while it would probably be worth scrubbing them to use char*
	instead, that is a separate patch, so we have to cast away const
	in VIR_FREE for now.

	* src/util/memory.h (VIR_FREE): Make gcc warn about integers.
	Iteratively developed from a patch by Christophe Fergeau.

2011-04-25  Eric Blake  <eblake@redhat.com>

	threads: add one-time initialization support
	mingw lacks the counterpart to PTHREAD_MUTEX_INITIALIZER, so the
	best we can do is portably expose once-only runtime initialization.

	* src/util/threads.h (virOnceControlPtr): New opaque type.
	(virOnceFunc): New callback type.
	(virOnce): New prototype.
	* src/util/threads-pthread.h (virOnceControl): Declare.
	(VIR_ONCE_CONTROL_INITIALIZER): Define.
	* src/util/threads-win32.h (virOnceControl)
	(VIR_ONCE_CONTROL_INITIALIZER): Likewise.
	* src/util/threads-pthread.c (virOnce): Implement in pthreads.
	* src/util/threads-win32.c (virOnce): Implement in WIN32.
	* src/libvirt_private.syms: Export it.

2011-04-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add a wrapper for shared CURL handles
	To be used to share a CURL handle between multiple threads in the
	upcoming domain event support.

	esx: Move CURL handling code to it's own type

2011-04-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	daemon: Don't try to free an unsigned int in error paths

	daemon: Honor error variable name change in the generator
	Commit 36b652138be renamed err to rerr, do the same in the generator.

2011-04-22  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	libvirt/qemu - clean up UpdateDevice for consolidation.
	This patch strips reusable part of qemuDomainUpdateDeviceFlags()
	and consolidate it to qemuDomainModifyDeviceFlags().
	No functional changes.

	* src/qemu/qemu_driver.c
	(qemuDomainChangeDiskMediaLive) : pulled out code for updating disks.
	(qemuDomainUpdateDeviceLive) : core of UpdateDevice, extracted from
	UpdateDeviceFlags()
	(qemuDomainModifyDeviceFlags): add support for updating device in live domain.
	(qemuDomainUpdateDeviceFlags): reworked as a wrapper function of
	qemuDomainModifyDeviceFlags()

	libvirt/qemu - clean up At(De)tachDeviceFlags() for consolidation.
	clean up At(De)tachDeviceFlags() for consolidation.

	qemuDomainAttachDeviceFlags()/qemuDomainDetachFlags()/
	qemuDomainUpdateDeviceFlags() has similar logics and copied codes.

	This patch series tries to unify them to use shared code when it can.
	At first, clean up At(De)tachDeviceFlags() and devide it into functions.

	By this, this patch pulls out shared components between functions.
	Based on patch series by Eric Blake, I added some modification as
	switch-case with QEMU_DEVICE_ATTACH, QEMU_DEVICE_DETACH, QEMU_DEVICE_UPDATE

	* src/qemu/qemu_driver.c
	(qemuDomainAt(De)tachDeviceFlags) : pulled out to qemuDomainModifyDeviceFlags()
	(qemuDomainModifyDeviceFlags) : implements generic code for modifying domain.
	(qemuDomainAt(De)tachDeviceFlagsLive) : code for at(de)taching devices to
	domain in line. no changes in logic from old code.
	(qemuDomainAt(De)tachDeviceDiskLive) : for at(de)taching Disks.
	(qemuDomainAt(De)tachDeviceControllerLive) : for at(de)taching Controllers

	libvirt/qemu - Centralize device modification in the more flexible APIs
	Centralize device modification in the more flexible APIs, to allow future
	honoring of additional flags.  Explicitly reject the
	VIR_DOMAIN_DEVICE_MODIFY_FORCE flag on attach/detach.

	Based on Eric Blake<eblake@redhat.com>'s work.

	* src/qemu/qemu_driver.c
	(qemudDomainAttachDevice)(qemudDomainAttachDeviceFlags): Swap bodies,rename...
	(qemudDomainDetachDevice, qemudDomainDetachDeviceFlags): Likewise.

2011-04-22  Michal Privoznik  <mprivozn@redhat.com>

	Add support for s390(x) cpu options parsing
	Up to now we missed parser for cpuinfo on x390(x) machines. Those machines
	have only 1 thread, core, socket. What is missing is information about
	CPU frequency.

2011-04-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU tunnelled migration FD handling
	The two ends of the pipe used for feeding QEMU tunnelled
	migration data were interchanged, so QEMU got given the
	"write" end instead of the "read" end.

	The qemuMigrationPrepareTunnel method was also immediately
	closing the "write" end of the pipe, so the stream failed
	to actually write anything.

	* src/qemu/qemu_migration.c: Swap tunnelled migration
	  pipe FDs & don't close pipe given to stream

2011-04-21  Eric Blake  <eblake@redhat.com>

	build: fix 32-bit test failure
	ARRAY_CARDINALITY is typed as size_t, not long; this matters on 32-bit
	platforms:

	hashtest.c: In function 'testHashRemoveForEach':
	hashtest.c:114: error: format '%lu' expects type 'long unsigned int', but argument 4 has type 'unsigned int' [-Wformat]

	* tests/hashtest.c (testHashRemoveForEach): Use correct format.

2011-04-21  Jiri Denemark  <jdenemar@redhat.com>

	Remove artificial minimum limit for guest memory
	Remove the artificial minimum of 4096 KB for guest memory. It's drivers'
	job to set the limit if needed.

2011-04-21  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	PHYP: Adding reboot domain function
	Adding reboot <domain> function for pHyp driver.

2011-04-21  Eric Blake  <eblake@redhat.com>

	build: fix syntax-check failure
	* .mailmap: Add an alias for last commit.

2011-04-20  Wen Congyang  <wency cn fujitsu com>

	fix tunnelled migration's regression
	If the migrateFrom is "stdio" not "stdin", qemuBuildCommandLine()
	will convert it to exec:cat or fd:n.

2011-04-20  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: no support for direct type of interface
	Ebtables filtering doesn't work on macvtap device. Remove support for direct type of interface.

2011-04-19  Eric Blake  <eblake@redhat.com>

	virsh: nuke use of TRUE and FALSE
	Gnulib already guarantees <stdbool.h>, so it is easier to just
	use the standardized spellings.

	* tools/virsh.c (vshCmdDef): Change callback to return real bool.
	(__vshControl): Change several fields to bool.
	(vshCommandOptBool): Change return type.
	All callers updated.
	* tools/Makefile.am (virsh-net-edit.c, virsh-pool-edit.c):
	Likewise.

2011-04-19  Wen Congyang  <wency@cn.fujitsu.com>

	qemu: fix the check of virDomainObjUnref()'s return value
	If vm is unlocked in virDomainObjUnref(), the return value is 0, not less
	than 0.

2011-04-19  Markus Groß  <gross@univention.de>

	Add cputune support to libxl driver
	Here is a new version of this patch:
	https://www.redhat.com/archives/libvir-list/2011-April/msg00337.html

	v2:
	  - store the cputune info for the whole runtime of the domain
	  - remove cputune info when domain is destroyed

	The nodeGetInfo code had to be moved into a helper
	function to reuse it without a virConnectPtr.

2011-04-19  Matthias Bolte  <matthias.bolte@googlemail.com>

	Update and sort msg_gen_function list and mark unmarked messages
	Inspired by Eric Blake

2011-04-19  Eric Blake  <eblake@redhat.com>

	phyp: another simplification
	Rather than copying and pasting lots of code, factor it into a
	single helper function.

	This commit adds a warning if tighter integer parsing would fail
	due to any stray bytes after the number, but should not change
	any behavior other than the bug fix for phypNumDomainsGeneric
	looking only at numeric lines.

	* src/phyp/phyp_driver.c (phypExecInt): New function.
	(phypGetVIOSPartitionID, phypNumDomainsGeneric, phypGetLparID)
	(phypGetLparMem, phypGetLparCPUGeneric, phypGetRemoteSlot)
	(phypGetVIOSNextSlotNumber, phypAttachDevice)
	(phypGetStoragePoolSize, phypStoragePoolNumOfVolumes)
	(phypNumOfStoragePools, phypInterfaceDestroy)
	(phypInterfaceDefineXML, phypInterfaceLookupByName)
	(phypInterfaceIsActive, phypNumOfInterfaces): Use it.
	(phypNumDomainsGeneric): Correctly find numeric line.

2011-04-18  Eric Blake  <eblake@redhat.com>

	maint: ignore built file
	* .gitignore: Add exemption for hashtest.

2011-04-18  Daniel P. Berrange  <berrange@redhat.com>

	build: fix qemu build failure in previous patch
	This last minute addition caused a build failure

	cc1: warnings being treated as errors
	qemu/qemu_process.c: In function 'qemuProcessHandleWatchdog':
	qemu/qemu_process.c:436:34: error: ignoring return value of 'virDomainObjUnref', declared with attribute warn_unused_result [-Wunused-result]
	make[3]: *** [libvirt_driver_qemu_la-qemu_process.lo] Error 1

	Change some variable names to follow standard in daemon dispatcher
	Replace some occurrances of

	  virDomainPtr domain;
	  virNetworkPtr network;

	With

	  virDomainPtr dom;
	  virNetworkPtr net;

	* daemon/remote.c: Fix variable naming to follow standard

	Write error check conditionals in more compact form for dispatcher
	Replace cases of

	     type = virConnectGetType(conn);
	     if (type == NULL)
	         goto cleanup;

	With

	     if (!(type = virConnectGetType(conn)))
	         goto cleanup;

	* daemon/remote.c: Write error checks in compat form

	Remove curly braces on all single-line conditional jumps in dispatcher
	Replace all occurrances of

	   if (....) {
	      goto cleanup;
	   }

	With

	   if (.....)
	      goto cleanup;

	to save one line of code

	* daemon/remote.c: Remove curly braces on single line conditionals

	Fix checking of return codes in dispatcher
	The libvirt APIs reserve any negative value for indicating an
	error. Thus checks

	    if (virXXXX() == -1)

	Should instead be

	    if (virXXXX() < 0)

	* daemon/remote.c: s/ == -1/ < 0/

	Merge all returns paths from dispatcher into single path
	The dispatcher functions have numerous places where they
	return to the caller. This leads to duplicated cleanup
	code, often resulting in memory leaks. It makes it harder
	to ensure that errors are dispatched before freeing objects,
	which may overwrite the original error.

	The standard pattern is now

	    remoteDispatchXXX(...) {
	        int rv = -1;

	        ....
	        if (XXX < 0)
	          goto cleanup;
	        ...
	        if (XXXX < 0)
	          goto cleanup;
	        ...

	        rv = 0;
	    cleanup:
	        if (rv < 0)
	           remoteDispatchError(rerr);
	        ...free all other stuff..
	        return rv;
	    }

	* daemon/remote.c: Centralize all cleanup paths
	* daemon/stream.c: s/remoteDispatchConnError/remoteDispatchError/
	* daemon/dispatch.c, daemon/dispatch.h: Replace
	  remoteDispatchConnError with remoteDispatchError
	  removing unused virConnectPtr

2011-04-18  Alan Pevec  <apevec@redhat.com>

	Experimental libvirtd upstart job
	To install it, disable libvirtd sysv initscript:
	    chkconfig libvirtd off
	    service libvirtd stop

	and enable libvirtd upstart job:
	    cp  /usr/share/doc/libvirt-*/libvirtd.upstart \
	        /etc/init/libvirtd.conf
	    initctl reload-configuration
	    initctl start libvirtd

	Test:
	    initctl status libvirtd
	libvirtd start/running, process 3929
	    killall -9 libvirtd
	    initctl status libvirtd
	libvirtd start/running, process 4047

	I looked into the possibility to use the upstart script from Ubuntu or
	at least getting inspiration from it but that's not possible. "expect
	daemon" is a nice thing but it only works if the process is defined with
	exec stanza instead of script ... no script. Unfortunately, with exec
	stanza environment variables can only be set within upstart script
	(i.e., configuration in /etc/sysconfig/libvirtd can't work). Hence, we
	need to use script stanza, source sysconfig, and execute libvirtd
	without --daemon. For similar reasons we can't use limit stanza and need
	to handle DAEMON_COREFILE_LIMIT in job's script.

2011-04-18  Wen Congyang  <wency@cn.fujitsu.com>

	enhance processWatchdogEvent()
	This patch does the following two things:
	1. hold an extra reference while handling watchdog event
	   If the domain is not persistent, and qemu quits unexpectedly before
	   calling processWatchdogEvent(), vm will be freed and the function
	   processWatchdogEvent() will be dangerous.

	2. unlock qemu driver and vm before returning from processWatchdogEvent()
	   When the function processWatchdogEvent() failed, we only free wdEvent,
	   but forget to unlock qemu driver and vm, free dumpfile.

	qemu: avoid qemu_driver being unlocked twice when virThreadPoolNew() failed
	We do not lock qemu_driver when calling virThreadPoolNew(). If it failed,
	we will unlock qemu_driver. It is dangerous.

	We may use this pool during auto starting domains. So we must create it before
	calling qemuAutostartDomains(). Otherwise, libvirtd will crash.

2011-04-17  Richard Laager  <rlaager@wiktel.com>

	Fix two out-of-date comments in LVM backend

2011-04-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	xen: Replace statsErrorFunc with a macro
	Also mark error messages in block_stats.c for translation, add the
	new macro to the msg_gen functions in cfg.mk and add block_stats.c
	to po/POTFILES.in

	Remove virConnectPtr from virRaiseErrorFull
	And from all related macros and functions.

2011-04-16  Jiri Denemark  <jdenemar@redhat.com>

	tests: Unit tests for internal hash APIs
	This is a basic set of tests for testing removals of hash entries during
	iteration.

2011-04-16  Wen Congyang  <wency@cn.fujitsu.com>

	build: include esx_vi.generated.* into dist file
	commit d4601696 introduces two more generated files: esx_vi.generated.h
	and esx_vi.generated.h. But we do not include them into dist file.
	It will break building if using dist file to build.

2011-04-16  Eric Blake  <eblake@redhat.com>

	tests: test recent virsh option parsing changes
	* tests/virsh-optparse: New file.
	* tests/Makefile.am (test_scripts): Use it.

	virsh: fix regression in parsing optional integer
	Regression introduced in 0.8.5, commit c1564268.  The command
	'virsh freecell 0' quit working when it changed from an optional
	string to an optional integer.

	This patch introduces a slight change that specifying an option
	twice is now detected as an error.  It also changes things so
	that a command that has more than 1 required option will not
	complain about missing options if one but not all of the options
	were given in long format, as in 'virsh vol-create --pool p file',
	as well as making positional parsing work for all optional
	options (each positional argument is associated with the earliest
	option that has not yet been seen by name).

	Optional boolean options can appear before required argument
	options, because they don't affect positional argument parsing,
	and obviously a required boolean option makes no sense.

	Technically, this patch renders VSH_OT_STRING and VSH_OT_DATA
	redundant; but cleaning that up can be a separate patch.

	No command should ever need more than 32 options, right? :)

	* tools/virsh.c (vshCmddefGetData, vshCmddefGetOption)
	(vshCommandCheckOpts): Alter parameters to use bitmaps.
	(vshCmddefOptParse): New function.
	(vshCommandParse): Update for better handling of positional
	arguments.
	(vshCmddefHelp): Allow unit tests to validate options.

	virsh: list required options first
	The current state of virsh parsing is that:

	$ virsh vol-info /path/to/image
	$ virsh vol-info --pool default /path/to/image
	$ virsh vol-info --pool default --vol /path/to/image

	all lookup the volume by path (technically, the last two also attempt
	a name lookup within a pool, whereas the first skips that step, but
	the end result is the same); meanwhile:

	$ virsh vol-info default /path/to/image

	complains about unexpected data.  Why?  Because the --pool option is
	optional, so default was parsed as the --vol argument, and
	/path/to/image.img doesn't match up with any remaining options that
	require an argument.  For proof, note that:

	$ virsh vol-info default --vol /path/to/image

	complains about looking up 'default' - the parser mis-associated both
	arguments with --vol.  Given the above, the only way to specify pool
	is with an explicit "--pool" argument (you can't specify it
	positionally).  However, named arguments can appear in any order, so:

	$ virsh vol-info /path/to/image --pool default
	$ virsh vol-info --vol /path/to/image --pool default

	have also always worked.  Therefore, this patch has no functional
	change on vol-info option parsing, but only on 'virsh help vol-info'
	synopsis layout.  However, it also allows the next patch to 1) enforce
	that required options are always first (without this patch, the next
	patch would fail the testsuite), and 2) allow the user to omit the
	"--pool" argument.  That is, the next patch makes it possible to do:

	$ virsh vol-info /path/to/image default

	which to date was not possible.

	* tools/virsh.c (opts_vol_create_from, opts_vol_clone)
	(opts_vol_upload, opts_vol_download, opts_vol_delete)
	(opts_vol_wipe, opts_vol_info, opts_vol_dumpxml, opts_vol_key)
	(opts_vol_path): List optional pool parameter after required
	arguments.

	phyp: avoid memory leaks in command values
	* src/phyp/phyp_driver.c (phypExecBuffer): New function. Use it
	throughout file for less code, and for plugging a few leaks.

	phyp: use consistent return string handling
	Use the name 'ret' for all phypExec results, to make it easier
	to wrap phypExec.  Don't allow a possibly NULL ret through printf.

	* src/phyp/phyp_driver.c (phypBuildVolume, phypDestroyStoragePool)
	(phypBuildStoragePool, phypBuildLpar): Avoid NULL dereference.
	(phypInterfaceDestroy): Avoid redundant free.
	(phypVolumeLookupByPath, phypVolumeGetPath): Use consistent
	naming.

	phyp: prefer memcpy over memmove when legal
	* src/phyp/phyp_driver.c (phypUUIDTable_AddLpar)
	(phypGetLparUUID, phypGetStoragePoolUUID, phypVolumeGetXMLDesc)
	(phypGetStoragePoolXMLDesc): Use faster method.

	phyp: use consistent style for labels
	* src/phyp/phyp_driver.c: Match label style of rest of project.
	(phypExec, phypUUIDTable_Pull): Drop an extra label.

	phyp: more return handling cleanup
	* src/phyp/phyp_driver.c (phypInterfaceDestroy)
	(phypInterfaceDefineXML, phypInterfaceLookupByName)
	(phypInterfaceIsActive, phypListInterfaces, phypNumOfInterfaces):
	Clean up return handling of recent additions.

	phyp: avoid memory leak on failure
	* src/phyp/phyp_driver.c (phypUUIDTable_Init): Avoid memory leak
	on error.

	phyp: avoid a logic bug
	Ever since commit ebc46f, the destroy function built two command
	variants but only used one.  I went with the variant that matches
	the idiom used in the counterpart of phypBuildStoragePool.

	* src/phyp/phyp_driver.c (phypDestroyStoragePool): Avoid
	clobbering cmd.  Fix error message typo.

	maint: use lighter-weight function for straight appends
	It costs quite a few processor cycles to go through printf parsing
	just to determine that we only meant to append.

	* src/xen/xend_internal.c (xend_op_ext): Consolidate multiple
	printfs into one.
	* src/qemu/qemu_command.c (qemuBuildWatchdogDevStr)
	(qemuBuildUSBInputDevStr, qemuBuildSoundDevStr)
	(qemuBuildSoundCodecStr, qemuBuildVideoDevStr): Likewise.
	(qemuBuildCpuArgStr, qemuBuildCommandLine): Prefer virBufferAdd
	over virBufferVsprintf for trivial appends.
	* src/phyp/phyp_driver.c (phypExec, phypUUIDTable_Push)
	(phypUUIDTable_Pull): Likewise.
	* src/conf/nwfilter_conf.c (macProtocolIDFormatter)
	(arpOpcodeFormatter, formatIPProtocolID, printStringItems)
	(virNWFilterPrintStateMatchFlags, virNWIPAddressFormat)
	(virNWFilterDefFormat): Likewise.
	* src/security/virt-aa-helper.c (main): Likewise.
	* src/util/sexpr.c (sexpr2string): Likewise.
	* src/xenxs/xen_sxpr.c (xenFormatSxprChr): Likewise.
	* src/xenxs/xen_xm.c (xenFormatXMDisk): Likewise.

2011-04-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix gcc 4.6 warning about initialized but unused variables
	This warnings come from partly generated code. Therefore, the best
	solution is to mark them as potentially being unused using the
	ATTRIBUTE_UNUSED macro. This is suggested by the gcc documentation.

	Reported by Christophe Fergeau

2011-04-16  Alexander Todorov  <atodorov@otb.bg>

	libvirt-guests: implement START_DELAY
	Allow libvirt-guests to stage a delay between guest startups,
	to avoid system load caused by back-to-back startup.

2011-04-15  Eric Blake  <eblake@redhat.com>

	maint: silence cppi warnings
	* src/nodeinfo.c (linuxNodeInfoCPUPopulate): Fix indentation of
	last patch.

2011-04-15  Laine Stump  <laine@laine.org>

	network: truncate bridges' dummy tap device names to IFNAMSIZ (15) chars
	This patch addresses:

	   https://bugzilla.redhat.com/show_bug.cgi?id=694382

	In order to give each libvirt-created bridge a fixed MAC address,
	commit 5754dbd56d4738112a86776c09e810e32f7c3224, added code to create
	a dummy tap device with guaranteed lowest MAC address and attach it to
	the bridge. This tap device was given the name "${bridgename}-nic".
	However, an interface device name must be IFNAMSIZ (15) characters or
	less, so a valid ${bridgename} such as "verylongname123" (15
	characters) would lead to an invalid tap device name
	("verylongname123-nic" - 19 characters), and that in turn led to a
	failure to bring up the network.

	The solution is to shorten the part of the original name used to
	generate the tap device name. However, simply truncating it is
	insufficient, because the last few characters of an interface name are
	often a number used to indicate one of a list of several similar
	devices (for example, "verylongname123", "verylongname124", etc) and
	simple truncation would lead to duplicate names (eg "verlongnam-nic"
	and "verylongnam-nic"). So instead we take the first 8 characters of
	$bridgename ("verylong" in the example), add on the final 3 bytes
	("123"), then add "-nic" (so "verylong123-nic").  Not pretty, but it
	is much more likely to generate a unique name, and is reproducible
	(unlike, say, a random number).

2011-04-15  Stefan Berger  <stefanb@us.ibm.com>

	ppc: Enable starting of Qemu VMs on ppc host
	Due to differences in /proc/cpuinfo the parsing of the cpu data is
	different between architectures. On PPC /proc/cpuinfo looks like this:

	[original formatting with tabs]

	processor    : 0
	cpu          : PPC970MP, altivec supported
	clock        : 2297.700000MHz
	revision     : 1.1 (pvr 0044 0101)

	processor    : 1
	cpu          : PPC970MP, altivec supported
	clock        : 2297.700000MHz
	revision     : 1.1 (pvr 0044 0101)

	[..]

	timebase     : 14318000
	platform     : pSeries
	model        : IBM,8844-AC1
	machine      : CHRP IBM,8844-AC1

	The patch adapts the parsing of the data found in /proc/cpuinfo.

	/sys/devices/system/cpu/cpuX/topology/physical_package_id also
	always returns -1. Check for it on ppc and make it '0' if found negative.

	Migrate VMs between different-endianess hosts
	This patch enables the migration of Qemu VMs between hosts of different endianess. I tested this by migrating a i686 VM between a x86 and ppc64 host.

	I am converting the 'int's in the VM's state header to uint32_t assuming this doesn't break compatibility with existing deployments other than Linux.

2011-04-15  Christophe Fergeau  <cfergeau@redhat.com>

	Fix gcc 4.6 warnings in vbox_tmpl.c

	Fix gcc 4.6 warnings
	gcc 4.6 warns when a variable is initialized but isn't used afterwards:

	vmware/vmware_driver.c:449:18: warning: variable 'vmxPath' set but not used [-Wunused-but-set-variable]

	This patch fixes these warnings. There are still 2 offending files:

	- vbox_tmpl.c: the variable is used inside an #ifdef and is assigned several
	  times outside of #ifdef. Fixing the warning would have required wrapping
	  all the assignment inside #ifdef which hurts readability.

	vbox/vbox_tmpl.c: In function 'vboxAttachDrives':
	vbox/vbox_tmpl.c:3918:22: warning: variable 'accessMode' set but not used [-Wunused-but-set-variable]

	- esx_vi_types.generated.c: the name implies it's generated code and I
	  didn't want to dive into the code generator

	esx/esx_vi_types.generated.c: In function 'esxVI_FileQueryFlags_Free':
	esx/esx_vi_types.generated.c:1203:3: warning: variable 'item' set but not used [-Wunused-but-set-variable]

2011-04-15  Michal Novotny  <minovotn@redhat.com>

	Introduce virDomainChrDefNew()
	Make: passed
	Make check: passed
	Make syntax-check: passed

	this is the commit to introduce the function to create new character
	device definition for the domain as advised by Cole Robinson
	<crobinso@redhat.com>.

	The function is used on the relevant places and also new tests has
	been added.

2011-04-15  Michal Privoznik  <mprivozn@redhat.com>

	Spice: support audio, images and stream compression
	This extends the SPICE XML to allow variable compression settings for audio,
	images and streaming:
	    <graphics type='spice' port='5901' tlsPort='-1' autoport='yes'>
	        <image compression='auto_glz'/>
	        <jpeg compression='auto'/>
	        <zlib compression='auto'/>
	        <playback compression='on'/>
	    </graphics>

	All new elements are optional.

2011-04-14  Hu Tao  <hutao@cn.fujitsu.com>

	free cpumask of vcpupinDef
	cpumask doesn't get freed when vcpupinDef being freed, this leaks
	memory.

2011-04-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Make the parsed URI part of the private connection data
	This will be used to make esxVI_Context clonable.

	Also move cleanup code for esxPrivate to esxFreePrivate().

	esx: Mark error message in macros for translation

	esx: Extend VI generator to cover managed object types
	Generate lookup functions for managed object types.

	esx: Cleanup and refactor CastFromAnyType macros
	Add CastFromAnyType functions for the String type.

	esx: Cleanup VI generator code

2011-04-14  Michal Privoznik  <mprivozn@redhat.com>

	network: Fix NULL dereference during error recovery
	This fixes: https://bugzilla.redhat.com/show_bug.cgi?id=696660

	While starting a network, if brSetForwardDelay() fails, we go to err1
	where we want to access macTapIfName variable which was just
	VIR_FREE'd a few lines above. Instead, keep macTapIfName until we are
	certain of success.

2011-04-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: Serial and parallel device target ports actually start from 0
	Reported by Igor Galić

2011-04-14  Daniel P. Berrange  <berrange@redhat.com>

	Add missing checks for QEMU domain state in tunables APIs
	The methods qemuDomain{Get,Set}{Memory,Blkio,Scheduler}Parameters
	all forgot to do a check on virDomainIsActive(), resulting in bogus
	error messages from later parts of their impl

	* src/qemu/qemu_driver.c: Add missing checks on virDomainIsActive()

2011-04-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	phyp: Fix too small buffer allocation in phypAttachDevice
	sizeof(domain->name) is the wrong thing. Instead of using strdup here
	rewrite escape_specialcharacters to allocate the buffer itself.

	Add a contains_specialcharacters to be used in phypOpen, as phypOpen is
	not interested in the escaped version.

	phyp: Don't overwrite error from virDomainDeviceDefParse by OOM error

	phyp: Don't try to use a string from a failed virAsprintf

	phyp: Reduce code duplication in error and success paths
	Also fix memory leaks along the way in phypCreateServerSCSIAdapter and
	phypAttachDevice.

	phyp: Remove stack allocating a 4kb volume key and fix related memory leaks
	Don't pre-allocate 4kb per key, make phypVolumeGetKey allocate the memory.

	Make phypBuildVolume return the volume key instead of using pre-allocated
	memory to store it.

	Also fix a memory leak in phypVolumeLookupByName when phypVolumeGetKey
	fails. Fix another memory leak in phypVolumeLookupByPath in the success
	path. Fix phypVolumeGetXMLDesc leaking voldef.key.

2011-04-14  Daniel P. Berrange  <berrange@redhat.com>

	Remove C99 variable declare in PHYP network driver
	Move the virInterfacePtr declaration to the top of the
	function to avoid jump uninitialized variable warnings

	* src/phyp/phyp_driver.c: Fix var declaration

	Replace REMOTE_DEBUG with VIR_DEBUG in daemon dispatcher
	The daemon dispatcher code had an obsolete macro

	  #define REMOTE_DEBUG(fmt, ...) VIR_DEBUG(fmt, __VA_ARGS__)

	This can be trivially removed

	* daemon/remote.c: s/REMOTE_DEBUG/VIR_DEBUG/

	Add missing checks for whether the connection is open in dispatcher
	Many functions did not check for whether a connection was
	open. Replace the macro which obscures control flow, with
	explicit checks, and ensure all dispatcher code has checks.

	* daemon/remote.c: Add connection checks

	Standard on error variable name in libvirtd dispatcher
	Some dispatcher methods have a parameter

	            remote_error *err,

	Instead of the more normal

	            remote_error *rerr,

	* daemon/remote.c: s/err/rerr/

	Remove all whitespace before function brackets in daemon dispatcher
	A lot of code in libvirtd's dispatcher used the style

	    dom = get_nonnull_domain (conn, args->dom);

	Instead of the normal libvirt style

	    dom = get_nonnull_domain(conn, args->dom);

	* daemon/remote.c: Remove all whitelist before function brackets

2011-04-14  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	PHYP: Adding network interface
	This is the implementation of the previous patch now using virInterface*
	API. Ended up this patch got much more simpler, smaller and easier to
	review. Here is some details:

	  * MAC size and interface name are fixed due to specifications on HMC,
	    both are created automatically and CAN'T be specified from user. They
	    have the following format:

	     * MAC: 122980003002
	     * Interface name: U9124.720.067BE8B-V3-C0

	  * I did replaced all the |grep|sed following the comments Eric Blake
	    did on the last patch.

	  * According to my last email, It's not possible to create a network
	    interface without assigning it to a specific lpar. Then, I am using
	    this very minimalistic XML file for testing:

	     <interface type='ethernet' name='LPAR01'>
	     </interface>

	    In this file I am using "name" as the lpar name which I am going to
	    assign the new network interface. I couldn't find a better way to
	    refer to it. Comments are welcome.

	  * Regarding the fact I am sleeping one second waiting for the HMC to
	    complete creation of the interface, I don't have means to check
	    if the whole process is done. All I do is execute a command, wait
	    until is complete (which is not enough in this case) check
	    the return and the exit status. The process of actually creating
	    a networking interface seems to take a little longer than just the
	    return of the ssh control.

2011-04-13  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: fix a dead-lock problem
	In qemuDomainObjBeginJobWithDriver, when virCondWaitUntil timeouts,
	the function tries to call qemuDriverLock with virDomainObj locked,
	this causes the dead-lock problem. This patch fixes this.

2011-04-13  Jiri Denemark  <jdenemar@redhat.com>

	util: Fix crash when removing entries during hash iteration
	Commit 9677cd33eea4c65d78ba463b46b8b45ed2da1709 made it possible to
	remove current entry when iterating through all hash entries. However,
	it didn't properly handle a special case of removing first entry
	assigned to a given key which contains several entries in its collision
	list.

2011-04-12  Michal Privoznik  <mprivozn@redhat.com>

	Fix possible infinite loop in remote driver
	When we take out completed calls from queue we might end up
	in circular pointer. We don't want pointer to previous item
	point to element taken out.

2011-04-12  Eric Blake  <eblake@redhat.com>

	maint: fix grammar errors
	Jim Meyering recently improved gnulib to catch various grammar
	errors during 'make syntax-check'.

	* .gnulib: Update to latest, for syntax-check improvements.
	* include/libvirt/libvirt.h.in (virConnectAuthCallbackPtr): Use
	cannot rather than two words.
	* src/driver.c: Likewise.
	* src/driver.h (VIR_SECRET_GET_VALUE_INTERNAL_CALL): Likewise.
	* src/remote/remote_driver.c (initialize_gnutls): Likewise.
	* src/util/pci.c (pciBindDeviceToStub): Likewise.
	* src/storage/storage_backend.c (virStorageBackendCreateQemuImg):
	Likewise.
	(virStorageBackendUpdateVolTargetInfoFD): Avoid doubled word.
	* docs/formatdomain.html.in: Likewise.
	* src/qemu/qemu_process.c (qemuProcessStart): Likewise.
	* cfg.mk (exclude_file_name_regexp--sc_prohibit_can_not)
	(exclude_file_name_regexp--sc_prohibit_doubled_word): Exclude
	existing translation problems.

2011-04-11  Eric Blake  <eblake@redhat.com>

	docs: document freecell --all
	Based on a smaller patch developed by Moritoshi Oshiro:
	https://bugzilla.redhat.com/show_bug.cgi?id=693963

	* tools/virsh.pod (freecell): Mention all, and clarify that
	optional cellno requires --cellno.

2011-04-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	xen: Remove PATH_MAX sized stack allocation from block stats code

2011-04-09  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	setmaxmem: add the new options to "virsh setmaxmem" command
	This patch adds the new options (--live, --config, and --current) to
	"virsh setmaxmem" command. The behavior of above options is the same
	as that of "virsh setmem".  When the --config option is specified, a
	modification is effective for the persistent domain, while the --live
	option is specified, a modification is effective for an active
	domain. The --current option is specified, it affects a current
	domain.

	maxmem: implement virDomainSetMaxMemory API of the qemu driver
	This patch implements the code to support virDomainSetMaxMemory API,
	and to support VIR_DOMAIN_MEM_MAXIMUM flag in qemudDomainSetMemoryFlags function.
	As a result, we can change the maximum memory size of inactive QEMU guests.

	maxmem: introduces VIR_DOMAIN_MEM_MAXIMUM flag
	This patch introduces VIR_DOMAIN_MEM_MAXIMUM flag.

2011-04-09  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	docs: remove "returns" word from beginning of lines
	Move "returns" keyword from beginning of API doc lines
	when it does not describe return values.
	Maybe the API doc extractor could be changed to look for
	"returns: " to avoid such confusion.

2011-04-09  Eric Blake  <eblake@redhat.com>

	build: really fix mingw startup
	Aargh; commit 8ae5dfd still didn't fix the mingw problem, because
	gnulib defined O_NONBLOCK to 0 for just mingw.  I've now fixed
	that in gnulib, but we need the latest pipe2 for libvirt to work.

	* .gnulib: Update to latest, for pipe2 fixes.

2011-04-08  Eric Blake  <eblake@redhat.com>

	build: fix mingw build
	Commit 02c39a2 introduced a mingw build regression, due to a
	regression in gnulib's areadlink module:

	../../../gnulib/lib/careadlinkat.c: In function 'careadlinkat':
	../../../gnulib/lib/careadlinkat.c:143:39: error: 'const struct allocator' has no member named 'malloc'

	* .gnulib: Update to latest, for careadlinkat fix.

	docs: tweak virsh restore warning
	* tools/virsh.pod: Fix grammar, and clarify wording.
	* src/qemu/qemu_driver.c (qemudDomainObjStart): Drop redundant
	condition.

2011-04-08  Wen Congyang  <wency@cn.fujitsu.com>

	do not build libvirt_iohelper when building without libvirtd
	The libexec program libvirt_iohelper is only for libvirtd. If we build rpm
	without libvirtd, we will receive the following messages:

	Checking for unpackaged file(s): /usr/lib/rpm/check-files /home/wency/rpmbuild/BUILDROOT/libvirt-0.9.0-1.el6.x86_64
	error: Installed (but unpackaged) file(s) found:
	   /usr/libexec/libvirt_iohelper

2011-04-08  Stefan Berger  <stefanb@us.ibm.com>

	nwfilters: support for TCP flags evaluation
	This patch adds support for the evaluation of TCP flags in nwfilters.

	It adds documentation to the web page and extends the tests as well.
	Also, the nwfilter schema is extended.

	The following are some example for rules using the tcp flags:

	<rule action='accept' direction='in'>
	    <tcp state='NONE' flags='SYN/ALL' dsptportstart='80'/>
	</rule>
	<rule action='drop' direction='in'>
	    <tcp state='NONE' flags='SYN/ALL'/>
	</rule>

2011-04-08  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	setmem: add --current option to virsh setmem command
	This patch adds the new option (--current) to the "virsh setmem" command.
	When --current option is specified, it affects a "current" domain.
	The word "current" denotes that if a domain is running, it affects
	a running domain only; otherwise it affects a persistent domain.

	setmem: add VIR_DOMAIN_MEM_CURRENT support to qemu
	This patch adds virDomainSetMemoryFlags(,,VIR_DOMAIN_MEM_CURRENT) support
	code to qemu driver.

	Also, change virDomainObjIsActive to return bool, given its usage.

	setmem: introduce VIR_DOMAIN_MEM_CURRENT flag
	This patch introduces VIR_DOMAIN_MEM_CURRENT flag and
	modifies virDomainSetMemoryFlags function to support it.

2011-04-08  Jim Fehlig  <jfehlig@novell.com>

	build: Install libxenlight log dir
	Add $localstatedir/log/libvirt/libxl when building libxenlight driver

2011-04-08  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	setmaxmem: remove the code to invoke virDomainSetMemory in cmdSetmaxmem
	When the new maximum memory size becomes less than the current memory size,
	I think it is not the libvirt client but the each driver that decides the behavior
	(reject the operation or shrink the current memory size).

2011-04-08  Eric Blake  <eblake@redhat.com>

	virsh: fix mingw startup
	* .gnulib: Update to latest, for pipe2.
	* bootstrap.conf (gnulib_modules): Add pipe2.
	* src/util/event_poll.c (virEventPollInit): Use it, to avoid
	problematic virSetCloseExec on mingw.

	build: fix gitignore sorting
	Make it so we don't have to 'git add -f' particular files like
	po/POTFILES.in all the time (tested by fixing one of our
	special-case files as part of the patch).

	* .gnulib: Update to latest.
	* bootstrap: Resync from coreutils.
	* .gitignore: Sort whitelist entries correctly, including ignoring
	files rather than directories.
	* m4/virt-compile-warnings.m4: Convert tabs to space.

2011-04-08  Laine Stump  <laine@laine.org>

	docs: add an IPv6 address to network XML examples
	It was just pointed out that, although I added documentation for the
	IPv6 additions to the network XML, I neglected to use those additions
	in the examples. This patch adds an IPv6 address to each of the
	examples except for the "default" network, since that is a faithful
	reproduction of the default network config that's automatically
	installed, which doesn't include any IPv6 address (for good reason -
	because there is no such thing as IPv6 NAT, there is no one IPv6
	address that would work for all installations).

2011-04-08  Markus Groß  <gross@univention.de>

	Add domainSet/GetSchedulerParameters to libxl driver
	Libxenlight currently only supports the credit scheduler.
	Therefore setting or getting a parameter of other
	schedulers raise an error (for now).

2011-04-07  Osier Yang  <jyang@redhat.com>

	qemu: Remove the managed state file only if restoring succeeded
	1) Both "qemuDomainStartWithFlags" and "qemuAutostartDomain" try to
	restore the domain from managedsave'ed image if it exists (by
	invoking "qemuDomainObjRestore"), but it unlinks the image even
	if restoring fails, which causes data loss. (This problem exists
	for "virsh managedsave dom; virsh start dom").

	The fix for is to unlink the managed state file only if restoring
	succeeded.

	2) For "virsh save dom; virsh restore dom;", it can cause data
	corruption if one reuse the saved state file for restoring. Add
	doc to tell user about it.

	3) In "qemuDomainObjStart", if "managed_save" is NULL, we shouldn't
	fallback to start the domain, skipping it to cleanup as a incidental
	fix. Discovered by Eric.

2011-04-07  Wen Congyang  <wency@cn.fujitsu.com>

	reattach pci devices when qemuPrepareHostdevPCIDevices() failed
	Reattach all pci devices that we detached when qemuPrepareHostdevPCIDevices()
	failed.

	reattach pci device when pciBindDeviceToStub() failed
	We should bind pci device to original driver when pciBindDeviceToStub() failed.
	If the pci device is not bound to any driver before calling pciBindDeviceToStub(),
	we should only unbind it from pci-stub. If it is bound to pci-stub, we should not
	unbind it from pci-stub.

	rename pciUnBindDeviceFromStub() to pciUnbindDeviceFromStub() and float it up
	This patch do the following things:
	1. rename the function as 'Unbind' is better than 'UnBind'.
	2. pciUnbindDeviceFromStub() will be used in the function pciBindDeviceToStub() in
	   next patch. Float it up, instead of having to have a forward declaration

	remove devices from driver->activePciHostdevs when qemuPrepareHostdevPCIDevices() failed
	We should not mark pci devices as active when qemuPrepareHostdevPCIDevices()
	failed.

	pci: avoid invalid free, init path to NULL
	This bug was introduce by commit 57162db8, and it will cause libvirtd crashed.

2011-04-07  Eric Blake  <eblake@redhat.com>

	build: avoid compiler warning on cygwin
	In file included from util/threads.c:31:
	util/threads-pthread.c: In function 'virThreadSelfID':
	util/threads-pthread.c:214: warning: cast from function call of type 'pthread_t' to non-matching type 'int' [-Wbad-function-cast]

	* src/util/threads-pthread.c (virThreadSelfID) [!SYS_gettid]:
	Add intermediate cast to silence gcc.

2011-04-07  Markus Groß  <gross@univention.de>

	Add domainIsUpdated to libxl driver

2011-04-07  Jim Fehlig  <jfehlig@novell.com>

	Fix build for older gcc
	With gcc 4.3.4 I'm seeing the following warning failure

	cc1: warnings being treated as errors
	cc1: error: -funit-at-a-time is required for inlining of functions
	that are only called once [-Wdisabled-optimization]

	Add -funit-at-a-time to WARN_CFLAGS.

2011-04-07  Serge Hallyn  <serge.hallyn@canonical.com>

	Change locking for udev monitor and callbacks
	We're seeing bugs apparently resulting from thread unsafety of
	libpciaccess, such as
	https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/726099
	To prevent those, as suggested by danpb on irc, move the
	nodeDeviceLock(driverState) higher into the callers.  In
	particular:

	  udevDeviceMonitorStartup should hold the lock while calling
	  udevEnumerateDevices(), and udevEventHandleCallback should hold it
	  over its entire execution.

	It's not clear to me whether it is ok to hold the
	nodeDeviceLock while taking the virNodeDeviceObjLock(dev) on a
	device.  If not, then the lock will need to be dropped around
	the calling of udevSetupSystemDev(), and udevAddOneDevice()
	may not actually be safe to call from higher layers with the
	driverstate lock held.

	libvirt 0.8.8 with this patch on it seems to work fine for me.
	Assuming it looks ok and I haven't done anything obviously dumb,
	I'll ask the bug submitters to try this patch.

2011-04-07  Eric Blake  <eblake@redhat.com>

	tests: fix recent test failures
	* tests/qemuxml2argvdata/qemuxml2argv-*.args: Reflect reserved VGA
	port change.

2011-04-06  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Support for overriding NPROC limit
	This patch adds max_processes option to qemu.conf which can be used to
	override system default limit on number of processes that are allowed to
	be running for qemu user.

2011-04-06  Osier Yang  <jyang@redhat.com>

	qemu: Always reserves slot 0x02 for primary VGA.
	To address https://bugzilla.redhat.com/show_bug.cgi?id=692355

	This fix is to reserve slot 0x02 for primary VGA even if there
	is no "video" specified in domain XML to avoid the problem.

2011-04-06  Eric Blake  <eblake@redhat.com>

	libxl: avoid compiler warning
	cc1: warnings being treated as errors
	libxl/libxl_driver.c: In function 'libxlDomainSetVcpusFlags':
	libxl/libxl_driver.c:1570:14: error: cast from function call of type 'double' to non-matching type 'unsigned int' [-Wbad-function-cast]
	libxl/libxl_driver.c:1578:15: error: cast from function call of type 'double' to non-matching type 'unsigned int' [-Wbad-function-cast]

	This was the only use of floor() and ceil(), and floating-point
	is overkill for power-of-two manipulations.

	* src/libxl/libxl_driver.c (libxlDomainSetVcpusFlags): Avoid -lm
	for trivial computations.

2011-04-06  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in systemtap tapset directory name
	The systemtap directory for tapsets is called

	  /usr/share/systemtap/tapset

	Not

	 /usr/share/systemtap/tapsets

	* daemon/Makefile.am,libvirt.spec.in: s/tapsets/tapset/

	Don't try to enable stack protector on Win32
	The GCC Win32 compiler will claim to support -fstack-protector,
	but if it actually gets triggered by a suitable code pattern,
	linking will fail. Other non-Linux OS likely suffer the same
	way with gcc.

	* m4/virt-compile-warnings.m4: Only use stack protector when
	  the build target is Linux.

	Avoid compiler warnings about int -> void * casts
	GCC is a little confused about the cast of beginthread/beginthreadex
	from unsigned long -> void *. Go via an intermediate variable avoids
	the bogus warning, and makes the code a little cleaner

	* src/util/threads-win32.c: Avoid compiler warning in cast

2011-04-05  Daniel P. Berrange  <berrange@redhat.com>

	Improve SCSI volume key generation
	The SCSI volumes get a better 'key' field based on the fully
	qualified volume path. All SCSI volumes have a unique serial
	available in hardware which can be obtained by sending a
	suitable SCSI command. Call out to udev's 'scsi_id' command
	to fetch this value

	* src/storage/storage_backend_scsi.c: Improve volume key
	  field value stability and uniqueness

2011-04-05  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Ignore unusable binaries
	When initializing qemu guest capabilities, we should ignore qemu
	binaries that we are not able to extract version/help info from since
	they will be unusable for creating domains anyway. Ignoring them is also
	much better than letting initialization of qemu driver fail.

	qemu: Rewrite LOOKUP_PTYS macro into a function
	The macro is huge and gives us nothing but headache when maintaining it.

2011-04-05  Daniel P. Berrange  <berrange@redhat.com>

	Enable use of -Wold-style-definition compiler flag
	A couple of functions were declared using the old style foo()
	for no-parameters, instead of foo(void)

	* src/xen/xen_hypervisor.c, tests/testutils.c: Replace () with (void)
	  in some function declarations
	* m4/virt-compile-warnings.m4: Enable -Wold-style-definition

	Enable use of -Wmissing-noreturn
	* src/internal.h: Define a ATTRIBUTE_NO_RETURN annotation
	* src/lxc/lxc_container.c: Annotate lxcContainerDummyChild
	  with ATTRIBUTE_NO_RETURN
	* tests/eventtest.c: Mark async thread as ATTRIBUTE_NO_RETURN
	* m4/virt-compile-warnings.m4: Enable -Wmissing-noreturn

	Enable -Wmissing-format-attribute warning
	Add a couple of missing ATTRIBUTE_FMT_PRINTF annotations

	* tools/virsh.c, tests/testutils.c: Add printf format attribute
	* m4/virt-compile-warnings.m4: Enable -Wmissing-format-attribute

	Remove acinclude.m4 file
	Split the bit acinclude.m4 file into smaller pieces named
	as m4/virt-XXXXX.m4

	* .gitignore: Ignore gettext related files
	* acinclude.m4: Delete
	* m4/virt-compile-warnings.m4: Checks for GCC compiler flags
	* m4/virt-pkgconfig-back-compat.m4: Backcompat check for
	  pkgconfig program

	Use gnulib's manywarnings & warnings modules
	Remove custom code for checking compiler warnings, using
	gl_WARN_ADD instead. Don't list all flags ourselves, use
	gnulib's gl_MANYWARN_ALL_GCC to get all possible GCC flags,
	then turn off the ones we don't want yet.

	* acinclude.m4: Rewrite to use gl_WARN_ADD and gl_MANYWARN_ALL_GCC
	* bootstrap.conf: Add warnings & manywarnings
	* configure.ac: Switch to gl_WARN_ADD
	* m4/compiler-flags.m4: Obsoleted by gl_WARN_ADD

	Remove possible uninitialized variable in openvz driver
	* src/openvz/openvz_driver.c: Initialize saveptr variable

2011-04-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	Use virBufferPtr for sexpr2string instead of manual buffer handling
	Removes 4kb stack allocation in the XenD subdriver.

	xend: Remove 4kb stack allocation

	uml: Remove PATH_MAX sized stack allocation from /proc parsing code

	storage: Remove PATH_MAX sized stack allocation from iSCSI backend

	qemu: Remove PATH_MAX sized stack allocation used in commandline building

	Remove PATH_MAX sized stack allocation from virFileOpenTtyAt

	openvz: Remove several larger stack allocations
	Replace openvz_readline with getline in several places to get rid of stack
	allocated buffers to hold lines.

	openvzReadConfigParam allocates memory for return values instead of
	expecting a preexisting buffer.

	daemon: Remove 4kb stack allocation of security label

	virsh: Remove two 4kb stack allocations

	Use virFileAbsPath instead of manually creating the absolute path
	Removes multiple 4kb stack allocations.

	Removes TODO comments as suggested by Daniel P. Berrange.

	xenxs: Remove PATH_MAX sized stack allocation in XM script parsing

	sasl: Remove stack allocated 8kb temporary buffers
	Move the buffers to the heap allocated client/private data structs.

	qemu: Use heap allocated memory to read the monitor greeting
	Removing a 4kb stack allocation.

	Reduce stack buffer for virStrerror to the common 1kb instead of 4kb.

	phyp: Remove 16kb stack allocation
	Allocate on the heap instead.

	virt-aa-helper: Remove PATH_MAX sized stack allocations

	ebtables: Remove PATH_MAX sized stack allocation

	pci: Remove PATH_MAX sized stack allocations
	Use virAsprintf instead of snprintf.

	Remove PATH_MAX sized stack allocations related to virFileBuildPath
	Make virFileBuildPath operate on the heap instead of the stack. It
	allocates a buffer instead of expecting a preexisting buffer.

	vmx: Use case-insensitive compare functions for all content

	vmx: Support persistent CPU shares

2011-04-05  Markus Groß  <gross@univention.de>

	Add autostart support to libxl driver
	The domainSetAutostart function is nearly identical to the one from qemu.

2011-04-05  Jesse Cook  <code.crashenx@gmail.com>

	Allow relative path for qemu backing file
	This patch enables the relative backing file path support provided by
	qemu-img create.

	If a relative path is specified for the backing file, it is converted
	to an absolute path using the storage pool path. The absolute path is
	used to verify that the backing file exists. If the backing file exists,
	the relative path is allowed and will be provided to qemu-img create.

2011-04-05  Eric Blake  <eblake@redhat.com>

	build: detect potentential uninitialized variables
	Even with -Wuninitialized (which is part of autobuild.sh
	--enable-compile-warnings=error), gcc does NOT catch this
	use of an uninitialized variable:

	{
	  if (cond)
	    goto error;
	  int a = 1;
	error:
	  printf("%d", a);
	}

	which prints 0 (supposing the stack started life wiped) if
	cond was true.  Clang will catch it, but we don't use clang
	as often.  Using gcc -Wjump-misses-init catches it, but also
	gives false positives:

	{
	  if (cond)
	    goto error;
	  int a = 1;
	  return a;
	error:
	  return 0;
	}

	Here, a was never used in the scope of the error block, so
	declaring it after goto is technically fine (and clang agrees).
	However, given that our HACKING already documents a preference
	to C89 decl-before-statement, the false positive warning is
	enough of a prod to comply with HACKING.

	[Personally, I'd _really_ rather use C99 decl-after-statement
	to minimize scope, but until gcc can efficiently and reliably
	catch scoping and uninitialized usage bugs, I'll settle with
	the compromise of enforcing a coding standard that happens to
	reject false positives if it can also detect real bugs.]

	* acinclude.m4 (LIBVIRT_COMPILE_WARNINGS): Add -Wjump-misses-init.
	* src/util/util.c (__virExec): Adjust offenders.
	* src/conf/domain_conf.c (virDomainTimerDefParseXML): Likewise.
	* src/remote/remote_driver.c (doRemoteOpen): Likewise.
	* src/phyp/phyp_driver.c (phypGetLparNAME, phypGetLparProfile)
	(phypGetVIOSFreeSCSIAdapter, phypVolumeGetKey)
	(phypGetStoragePoolDevice)
	(phypVolumeGetPhysicalVolumeByStoragePool)
	(phypVolumeGetPath): Likewise.
	* src/vbox/vbox_tmpl.c (vboxNetworkUndefineDestroy)
	(vboxNetworkCreate, vboxNetworkDumpXML)
	(vboxNetworkDefineCreateXML): Likewise.
	* src/xenapi/xenapi_driver.c (getCapsObject)
	(xenapiDomainDumpXML): Likewise.
	* src/xenapi/xenapi_utils.c (createVMRecordFromXml): Likewise.
	* src/security/security_selinux.c (SELinuxGenNewContext):
	Likewise.
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainChangeEjectableMedia):
	Likewise.
	* src/qemu/qemu_process.c (qemuProcessWaitForMonitor): Likewise.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextGetPtyPaths):
	Likewise.
	* src/qemu/qemu_driver.c (qemudDomainShutdown)
	(qemudDomainBlockStats, qemudDomainMemoryPeek): Likewise.
	* src/storage/storage_backend_iscsi.c
	(virStorageBackendCreateIfaceIQN): Likewise.
	* src/node_device/node_device_udev.c (udevProcessPCI): Likewise.

2011-04-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.0
	* configure.ac docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: update polish translation and regenerate

2011-04-03  Wen Congyang  <wency@cn.fujitsu.com>

	fix memory leak in qemuProcessHandleGraphics()
	If strdup("x509dname") or strdup("saslUsername") success, but
	strdup(x509dname) or strdup(saslUsername) failed, subject->nidentity
	is not the num elements of subject->identities, and we will leak some
	memory.

	do not lock vm while allocating memory
	There is no need to lock vm while allocating memory. If allocating
	memory failed, we forgot to unlock vm.

2011-04-02  Eric Blake  <eblake@redhat.com>

	docs: fix typo
	* docs/formatdomain.html.in: Fix KVM name.

	docs: correct invalid xml
	* docs/internals.html.in: Fix xml errors.
	* docs/formatstorageencryption.html.in: Likewise.
	* docs/drvesx.html.in: Likewise.
	* docs/archnetwork.html.in: Likewise.
	* docs/logging.html.in: Likewise.
	* docs/drvvmware.html.in: Likewise.
	* docs/api.html.in: Likewise.
	* docs/formatnwfilter.html.in: Likewise.
	* docs/formatdomain.html.in: Likewise.
	* docs/windows.html.in: Likewise.

2011-04-01  Eric Blake  <eblake@redhat.com>

	virsh: fix mingw failure on creating nonblocking pipe
	* .gnulib: Update to latest, for nonblocking module.
	* bootstrap.conf (gnulib_modules): Add nonblocking.
	* src/util/util.c (virSetBlocking): Defer to gnulib.

2011-04-01  Daniel Veillard  <veillard@redhat.com>

	Fix libxl driver startup
	  When you happen to have a libvirtd binary compiled with the
	libxenlight driver (say you have installed xen-4.1 libraries)
	but not running a xen enabled system, then libvirtd fails to start.

	The cause is that libxlStartup() returns -1 when failing to initialize
	the library, and this propagates to virStateInitialize() which consider
	this a failure. We should only exit libxlStartup with an error code
	if something like an allocation error occurs, not if the driver failed
	to initialize.

	* src/libxl/libxl_driver.c: fix libxlStartup() to not return -1
	  when failing to initialize the libxenlight library

2011-04-01  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Fix documentation for memtune command
	Commit 78ba748ef14c520ff1c4af2b5b0a44586ac49c8c claims to fix
	documentation for swap_hard_limit virsh memtune option but it only fixes
	documentation in formatdomain.html and libvirt.h. This patch completes
	the task by fixing "virsh help memtune" output and memtune section of
	virsh man page.

2011-04-01  Guido Günther  <agx@sigxcpu.org>

	Make check_fc_host() and check_vport_capable() usable as rvalues
	as needed on non linux ports using HAL.

2011-04-01  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Ignore libvirt debug messages in qemu log
	qemu driver uses a 4K buffer for reading qemu log file. This is enough
	when only qemu's output is present in the log file. However, when
	debugging messages are turned on, intermediate libvirt process fills the
	log with a bunch of debugging messages before it executes qemu binary.
	In such a case the buffer may become too small. However, we are not
	really interested in libvirt messages so they can be filtered out from
	the buffer.

2011-04-01  Osier Yang  <jyang@redhat.com>

	qemu: Fix improper logic of qemuCgroupSetup
	It throws errors as long as the cgroup controller is not available,
	regardless of whether we really want to use it to do setup or not,
	which is not what we want, fixing it with throwing error when need
	to use the controller.

	And change "VIR_WARN" to "qemuReportError" for memory controller
	incidentally.

2011-04-01  Wen Congyang  <wency@cn.fujitsu.com>

	free tmp after unlinking it
	We create a temporary file to save memory, and we will remove it after reading
	memory to buffer. But we free the variable that contains the temporary filename
	before we remove it. So we should free tmp after unlinking it.

2011-04-01  Michal Privoznik  <mprivozn@redhat.com>

	Fix several formatting mistakes in doc

2011-04-01  Daniel P. Berrange  <berrange@redhat.com>

	Remove iohelper on Win32 since it is not required
	The iohelper binary is not required on Win32, although it compiles
	without trouble. Simply remove it from the RPM.

	* mingw32-libvirt.spec.in: Remove iohelper

2011-03-31  Daniel P. Berrange  <berrange@redhat.com>

	Fix domain events C example on Win32
	printf on Win32 does not necessarily support %lld and we don't
	have GNULIBs wrapper for printf(). Switch to use asprintf() for
	which we do have a gnulib wrapper with %lld support

	* examples/domain-events/events-c/event-test.c: Fix formatting
	  of %lld on Win32
	* cfg.mk: Don't require use of virAsprintf since this is an
	  example app for out of tree users to follow

2011-03-31  Eric Blake  <eblake@redhat.com>

	maint: avoid locale-sensitivity in string case comparisons
	strcase{cmp/str} have the drawback of being sensitive to the global
	locale; this is unacceptable in a library setting.  Prefer a
	hard-coded C locale alternative for all but virsh, which is user
	facing and where the global locale isn't changing externally.

	* .gnulib: Update to latest, for c-strcasestr change.
	* bootstrap.conf (gnulib_modules): Drop strcasestr, add c-strcase
	and c-strcasestr.
	* cfg.mk (sc_avoid_strcase): New rule.
	(exclude_file_name_regexp--sc_avoid_strcase): New exception.
	* src/internal.h (STRCASEEQ, STRCASENEQ, STRCASEEQLEN)
	(STRCASENEQLEN): Adjust offenders.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextEjectMedia):
	Likewise.
	* tools/virsh.c (namesorter): Document exception.

	docs: mention C89 syntax preferences
	* docs/hacking.html.in (Code formatting): Document that // comment
	and declaration-after-statement are discouraged.
	* HACKING: Regenerate.

2011-03-31  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix media eject with qemu-0.12.*
	In qemu-0.12.* "device '...' is locked" message was changed to "Device
	..." so libvirt was no longer detecting this as an error.

2011-03-30  Daniel Veillard  <veillard@redhat.com>

	The next release is 0.9.0 not 0.8.9
	Fix this which went into documentation

2011-03-30  Wen Congyang  <wency@cn.fujitsu.com>

	check whether qemuMonitorJSONHMP() failed
	If qemu quited unexpectedly when we call qemuMonitorJSONHMP(),
	libvirt will crash.
	Steps to reproduce this bug:
	1. use gdb to attach libvirtd, and set a breakpoint in the function
	   qemuMonitorSetCapabilities()
	2. start a vm
	3. let the libvirtd to run until qemuMonitorJSONSetCapabilities() returns.
	4. kill the qemu process
	5. continue running libvirtd

	do not send monitor command after monitor meet error
	If the monitor met a error, and we will call qemuProcessHandleMonitorEOF().
	But we may try to send monitor command after qemuProcessHandleMonitorEOF()
	returned. Then libvirtd will be blocked in qemuMonitorSend().

	Steps to reproduce this bug:
	1. use gdb to attach libvirtd, and set a breakpoint in the function
	   qemuConnectMonitor()
	2. start a vm
	3. let the libvirtd to run until qemuMonitorOpen() returns.
	4. kill the qemu process
	5. continue running libvirtd

2011-03-30  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: unlock qemu driver before return from domain save
	qemuDriverUnlock() wasn't called on 2 exit paths
	* src/qemu/qemu_driver.c: fix qemudDomainSave() to always unlock
	  the driver before exiting on error

2011-03-30  Naoya Horiguchi  <n-horiguchi@ah.jp.nec.com>

	extend logging to record configuration-related changes
	Currently libvirt's default logging is limited and it is difficult to
	determine what was happening when a proglem occurred (especially on a
	machines where one don't know the detail.)  This patch helps to do that
	by making additional logging available for the following events:

	  creating/defining/undefining domains
	  creating/defining/undefining/starting/stopping networks
	  creating/defining/undefining/starting/stopping storage pools
	  creating/defining/undefining/starting/stopping storage volumes.

	* AUTHORS: add Naoya Horiguchi
	* src/network/bridge_driver.c src/qemu/qemu_driver.c
	  src/storage/storage_driver.c: provide more VIR_INFO logging

2011-03-30  Daniel Veillard  <veillard@redhat.com>

	Add libvirt_iohelper to spec file
	The new iohelper binary was missing from the packaging spec

2011-03-29  Osier Yang  <jyang@redhat.com>

	cputune: New tests for cputune XML
	v1 - v2:
	  * Add missed tests/qemuxml2argvdata/qemuxml2argv-cputune.args

	cputune: Support cputune for xend driver
	Not sure if it's the correct way to add cputune xml for xend driver,
	and besides, seems "xm driver" and "xen hypervisor" also support
	vcpu affinity, do we need to add support for them too?

	cputune: Support cputune for lxc driver
	LXC driver doesn't support vcpu affinity yet, so just need
	to modify it to support cpu shares.

	cputune: Support cputune for qemu driver
	When domain startup, setting cpu affinity and cpu shares according
	to the cputune xml specified in domain xml.

	Modify "qemudDomainPinVcpu" to update domain config for vcpupin,
	and modify "qemuSetSchedulerParameters" to update domain config
	for cpu shares.

	v1 - v2:
	   * Use "VIR_ALLOC_N" instead of "VIR_ALLOC_VAR"
	   * But keep raising error when it fails on adding vcpupin xml
	     entry, as I still don't have a better idea yet.

	cputune: Implementations of parsing and formating cputune xml
	Implementations of following functions:
	  virDomainVcpupinIsDuplicate
	  virDomainVcpupinFindByVcpu
	  virDomainVcpupinAdd

	Update "virDomainDefParseXML" to parse, and "virDomainDefFormatXML"
	to build cputune xml, also implementations of new internal helper
	functions.

	v1 - v2:
	  * Resolve potential crash bug of "virDomainVcpupinAdd"

	cputune: Add data structures presenting cputune XML
	Also related new functions' declaration, and expose the new introduced
	functions in libvirt_private.syms.

	v1 - v2:
	  Don't expose "virAllocVar" in libvirt_private.syms

	cputune: Add document for cputune XML
	v1 - v3:
	  * More clear document for "cpu shares", adopted suggestions from
	    Matthias Bottle and Daniel Veillard.

	cputune: Add XML schema for cputune xml
	v1 - v2:
	  * Remove upper limit of cpu shares. (Suggested by Matthias Bottle)

2011-03-29  Eric Blake  <eblake@redhat.com>

	qemu: fix regression with fd labeling on migration
	My earlier testing for commit 34fa0de0 was done while starting
	just-built libvirt from an unconfined_t shell, where the fds happened
	to work when transferring to qemu.  But when installed and run under
	virtd_t, failure to label the raw file (with no compression) or the
	pipe (with compression) triggers SELinux failures when passing fds
	over SCM_RIGHTS to svirt_t qemu.

	* src/qemu/qemu_migration.c (qemuMigrationToFile): When passing
	FDs, make sure they are labeled.

	qemu: improve error message on failed fd transfer
	First fallout of fd: migration - it looks like SELinux enforcing
	_does_ require fd labeling (running uninstalled libvirtd from an
	unconstrained shell had no problems, but once faked out by doing
	 chcon `stat -c %C /usr/sbin/libvirtd` daemon/libvirtd
	 run_init $PWD/daemon/libvirtd
	to run it with the same context as an init script service, and with
	SELinux enforcing, I got a rather confusing failure:
	error: Failed to save domain fedora_12 to fed12.img
	error: internal error unable to send TAP file handle: No file descriptor supplied via SCM_RIGHTS

	This fixes the error message, then I need to figure out a subsequent
	patch that does the fsetfilecon() necessary to keep things happy.
	It also appears that libvirtd hangs on a failed fd transfer; I don't
	know if that needs an independent fix.

	* src/qemu/qemu_monitor_text.c (qemuMonitorTextSendFileHandle):
	Improve message, since TAP is no longer only client.

	maint: ignore new built file
	* .gitignore: Exclude libvirt_iohelper.

2011-03-29  Markus Groß  <gross@univention.de>

	Add domainSuspend/Resume to libxl driver
	* src/libxl/libxl_driver.c: implements libxlDomainSuspend and
	  libxlDomainResume

	Add domainGetOSType to libxl driver
	* src/libxl/libxl_driver.c: implements libxlDomainGetOSType

	Add domainGetSchedulerType to libxl driver
	* src/libxl/libxl_driver.c: implements libxlDomainGetSchedulerType

	Implements domainXMLTo/FromNative in libxl driver
	* src/Makefile.am src/libvirt_private.syms configure.ac: share and
	  reuse the sexpr routines from sexpr.h of the old xen driver
	* src/libxl/libxl_driver.c: implements libxlDomainXMLFromNative and
	  libxlDomainXMLToNative

	Add vcpu functions to libxl driver
	Hook the virtual cpu functions to their libxenlight counterparts

	* src/libxl/libxl_driver.c: implements libxlDomainSetVcpus,
	  libxlDomainGetVcpus, libxlDomainSetVcpusFlags,
	  libxlDomainGetVcpusFlags and libxlDomainPinVcpu

	List authors in copyright headers
	* src/libxl/libxl_conf.[ch] src/libxl/libxl_driver.[ch]: add authors
	  after the licence template

	Add event callbacks to libxl driver
	* src/libxl/libxl_conf.h: add the necessary fields to the driver
	  private structure
	* src/libxl/libxl_driver.c: add lifecycle event support and entry
	  points for event(de)register(any)

	Ignore return value of virDomainObjUnref
	* src/libxl/libxl_driver.c: use ignore_value() in libxlDomainObjUnref
	  and libxlCreateDomEvents

2011-03-29  Daniel P. Berrange  <berrange@redhat.com>

	Fix infinite loop in daemon if client quits with multiple streams open
	The daemon loops over the linked list of streams when a client
	quits, closing any that the client hadn't already closed. Except
	it didn't ever move to the next element in the list!

	* daemon/stream.c: Fix loop over linked list of streams

	Remote protocol support for storage vol upload/download APIs
	* daemon/remote.c, src/remote/remote_driver.c: Implementation
	  of storage vol upload/download APIs
	* src/remote/remote_protocol.x: Wire protocol definition for
	  upload/download
	* daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h,
	  daemon/remote_dispatch_table.h, src/remote/remote_protocol.h,
	  src/remote/remote_protocol.c: Re-generate

	Support volume data upload/download APIs in storage driver
	Use generic FD streams to allow data upload/download to/from
	any storage volume

	* src/storage/storage_driver.c: Wire up upload/download APIs

	Add vol-upload and vol-download commands to virsh
	The new commands vol-upload and vol-download, allow a local file
	to be transferred to/from a storage volume.

	* tools/virsh.c: Add vol-upload and vol-download commands
	* tools/virsh.pod: Document new commands

	Add public APIs for storage volume upload/download
	New APIs are added allowing streaming of content to/from
	storage volumes.

	* include/libvirt/libvirt.h.in: Add virStorageVolUpload and
	  virStorageVolDownload APIs
	* src/driver.h, src/libvirt.c, src/libvirt_public.syms: Stub
	  code for new APIs
	* src/storage/storage_driver.c, src/esx/esx_storage_driver.c:
	  Add dummy entries in driver table for new APIs

	Enhance the streams helper to support plain file I/O
	The O_NONBLOCK flag doesn't work as desired on plain files
	or block devices. Introduce an I/O helper program that does
	the blocking I/O operations, communicating over a pipe that
	can support O_NONBLOCK

	* src/fdstream.c, src/fdstream.h: Add non-blocking I/O
	  on plain files/block devices
	* src/Makefile.am, src/util/iohelper.c: I/O helper program
	* src/qemu/qemu_driver.c, src/lxc/lxc_driver.c,
	  src/uml/uml_driver.c, src/xen/xen_driver.c: Update for
	  streams API change

	Update event loop example programs to demonstrate best practice
	The example C event loop code is a nasty hack and not compliant
	with the require API semantics. Delete this, so that developers
	don't mistakenly copy it. Instead call the new public event loop
	APIs.

	Update the python event loop example, so that it can optionally
	use the public event APIs, as an alternative to the pure python
	code. The pure python event code is a good working example, so
	don't delete it.

	Also make the python example use a read only connection to avoid
	authentication prompts

	* examples/domain-events/events-c/event-test.c: Replace event
	  loop code with use of public APIs
	* examples/domain-events/events-python/event-test.py: Allow
	  optional use of new public event APIs

2011-03-29  Eric Blake  <eblake@redhat.com>

	qemu: fix regression that hangs on save failure
	Regression introduced in commit 6034ddd55.

	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Jump to correct
	label.

	build: fix compilation on mingw
	* src/util/command.c (virCommandAbort) [WIN32]: Provide stub.
	Reported by Daniel P. Berrange's autobuilder.

	qemu: support fd: migration with compression
	Spawn the compressor ourselves, instead of requiring the shell.

	* src/qemu/qemu_migration.c (qemuMigrationToFile): Spawn
	compression helper process when needed.

	qemu: skip granting access during fd migration
	SELinux labeling and cgroup ACLs aren't required if we hand a
	pre-opened fd to qemu.  All the more reason to love fd: migration.

	* src/qemu/qemu_migration.c (qemuMigrationToFile): Skip steps
	that are irrelevant in fd migration.

	qemu: consolidate migration to file code
	This points out that core dumps (still) don't work for root-squash
	NFS, since the fd is not opened correctly.  This patch should not
	introduce any functionality change, it is just a refactoring to
	avoid duplicated code.

	* src/qemu/qemu_migration.h (qemuMigrationToFile): New prototype.
	* src/qemu/qemu_migration.c (qemuMigrationToFile): New function.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag, doCoreDump): Use
	it.

	qemu: use common API for reading difficult files
	Direct access to an open file is so much simpler than passing
	everything through a pipe!

	* src/qemu/qemu_driver.c (qemudOpenAsUID)
	(qemudDomainSaveImageClose): Delete.
	(qemudDomainSaveImageOpen): Rename...
	(qemuDomainSaveImageOpen): ...and drop read_pid argument.  Use
	virFileOpenAs instead of qemudOpenAsUID.
	(qemudDomainSaveImageStartVM, qemudDomainRestore)
	(qemudDomainObjRestore): Rename...
	(qemuDomainSaveImageStartVM, qemuDomainRestore)
	(qemDomainObjRestore): ...and simplify accordingly.
	(qemudDomainObjStart, qemuDriver): Update callers.

	qemu, storage: improve type safety
	* src/storage/storage_backend.c (createRawFileOpHook): Change
	signature.
	(struct createRawFileOpHookData): Delete unused struct.
	(virStorageBackendCreateRaw): Adjust caller.
	* src/qemu/qemu_driver.c (struct fileOpHookData): Delete unused
	struct.
	(qemudDomainSaveFileOpHook): Rename...
	(qemuDomainSaveFileOpHook): ...and change signature.
	(qemudDomainSaveFlag): Adjust caller.

	util: adjust indentation in previous patch
	Separating the indentation from the real patch made review easier.

	* src/util/util.c (virFileOpenAs): Whitespace changes.

	util: rename virFileOperation to virFileOpenAs
	This patch intentionally doesn't change indentation, in order to
	make it easier to review the real changes.

	* src/util/util.h (VIR_FILE_OP_RETURN_FD, virFileOperationHook):
	Delete.
	(virFileOperation): Rename...
	(virFileOpenAs): ...and reduce parameters.
	* src/util/util.c (virFileOperationNoFork, virFileOperation):
	Rename and simplify.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Adjust caller.
	* src/storage/storage_backend.c (virStorageBackendCreateRaw):
	Likewise.
	* src/libvirt_private.syms: Reflect rename.

	storage: simplify fd handling
	* src/storage/storage_backend.c (virStorageBackendCreateRaw): Use
	new virFileOperation flag.

	qemu: simplify domain save fd handling
	This makes root-squash NFS saves more efficient.

	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Use new
	virFileOperation flag to open fd only once.

	util: use SCM_RIGHTS in virFileOperation when needed
	Currently, the hook function in virFileOperation is extremely limited:
	it must be async-signal-safe, and cannot modify any memory in the
	parent process.  It is much handier to return a valid fd and operate
	on it in the parent than to deal with hook restrictions.

	* src/util/util.h (VIR_FILE_OP_RETURN_FD): New flag.
	* src/util/util.c (virFileOperationNoFork, virFileOperation):
	Honor new flag.

	qemu: allow simple domain save to use fd: protocol
	This allows direct saves (no compression, no root-squash NFS) to use
	the more efficient fd: migration, which in turn avoids a race where
	qemu exec: migration can sometimes fail because qemu does a generic
	waitpid() that conflicts with the pclose() used by exec:.  Further
	patches will solve compression and root-squash NFS.

	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Use new function
	when there is no compression.

	qemu: fix restoring a compressed save image
	Latent bug introduced in commit 2d6a581960 (Aug 2009), but not exposed
	until commit 1859939a (Jan 2011).  Basically, when virExec creates a
	pipe, it always marks libvirt's side as cloexec.  If libvirt then
	wants to hand that pipe to another child process, things work great if
	the fd is dup2()'d onto stdin or stdout (as with stdin: or exec:
	migration), but if the pipe is instead used as-is (such as with fd:
	migration) then qemu sees EBADF because the fd was closed at exec().

	This is a minimal fix for the problem at hand; it is slightly racy,
	but no more racy than the rest of libvirt fd handling, including the
	case of uncompressed save images.  A more invasive fix, but ultimately
	safer at avoiding leaking unintended fds, would be to _always and
	atomically_ open all fds as cloexec in libvirt (thanks to primitives
	like open(O_CLOEXEC), pipe2(), accept4(), ...), then teach virExec to
	clear that bit for all fds explicitly marked to be handed to the child
	only after forking.

	* src/qemu/qemu_command.c (qemuBuildCommandLine): Clear cloexec
	flag.
	* tests/qemuxml2argvtest.c (testCompareXMLToArgvFiles): Tweak test.

	util: allow clearing cloexec bit
	* src/util/util.h (virSetInherit): New prototype.
	* src/util/util.c (virSetCloseExec): Move guts...
	(virSetInherit): ...to new function, and allow clearing.
	* src/libvirt_private.syms (util.h): Export it.

	logging: always NUL-terminate circular buffer
	* src/util/logging.c (virLogStartup, virLogSetBufferSize):
	Over-allocate, so that a debugger can just print the circular
	buffer.  Suggested by Daniel Veillard.

	maint: use space, not tab, in remote_protocol-structs
	* src/Makefile.am (remote_protocol-structs): Flatten tabs.
	* src/remote_protocol-structs: Likewise.  Also add a hint to emacs
	to make it easier to keep spaces in the file.

2011-03-28  Eric Blake  <eblake@redhat.com>

	tests: don't alter state in $HOME
	Diego reported a bug where virsh tries to initialize a readline
	history directory during 'make check' run as root, but fails
	because /root was read-only.

	It turns out that I could reproduce this as non-root, by using:

	mv ~/.virsh{,.bak}
	chmod a-w ~
	make check -C tests TESTS=int-overflow
	chmod u+w ~
	mv ~/.virsh{.bak,}

	* tests/int-overflow: Don't trigger interactive mode.
	Reported by Diego Elio Pettenò.

	docs: document recent hook additions
	* src/qemu/qemu_process.c (qemuProcessStart, qemuProcessStop): Fix
	typos.
	* docs/hooks.html.in: Document 'prepare' and 'release' hooks.

	qemu: don't restore state label twice
	Otherwise, if something like doStopVcpus fails after the first
	restore, a second restore is attempted and throws a useless
	warning.

	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Avoid second
	restore of state label.

2011-03-28  Daniel P. Berrange  <berrange@redhat.com>

	Remove the Open Nebula driver
	The Open Nebula driver has been unmaintained since it was first
	introduced. The only commits have been for tree-wide cleanups.
	It also has a major design flaw, in that it only knows about guests
	that it has created itself, which makes it of very limited use.

	Discussions wrt evolution of the VMWare ESX driver, concluded that
	it should limit itself to single-node ESX operation and not try to
	manage the multi-node architecture of VirtualCenter. Open Nebula
	is a cluster like Virtual Center, not a single node system, so
	the same reasoning applies.

	The DeltaCloud project includes an Open Nebula driver and is a much
	better fit architecturally, since it is explicitly targetting the
	distributed multihost cluster scenario.

	Thus this patch deletes the libvirt Open Nebula driver with the
	recommendation that people use DeltaCloud for managing it instead.

	* configure.ac: Remove probe for xmlrpc & --with-one arg
	* daemon/Makefile.am, daemon/libvirtd.c, src/Makefile.am: Remove
	  ONE driver build
	* src/opennebula/one_client.c, src/opennebula/one_client.h,
	  src/opennebula/one_conf.c, src/opennebula/one_conf.h,
	  src/opennebula/one_driver.c, src/opennebula/one_driver.c: Delete
	  files
	* autobuild.sh, libvirt.spec.in, mingw32-libvirt.spec.in: Remove
	  build rules for Open Nebula
	* docs/drivers.html.in, docs/sitemap.html.in: Remove reference
	  to OpenNebula
	* docs/drvone.html.in: Delete file

2011-03-28  Osier Yang  <jyang@redhat.com>

	Fix syntax error in configure.ac
	Which will lead "./configure --with-audit=yes" breaks.

2011-03-28  Daniel Veillard  <veillard@redhat.com>

	Update of localisations, switch to transifex
	Last pull from i18n CVS, then push to transifex.net which is now
	our localization upstream:

	http://www.transifex.net/projects/p/libvirt/resource/strings/

	Update on the goal page
	Some things to note in this patch:
	   - we do extend libvirt scope beyond purely managing domains, there is
	     already a number of blocks which are here as helpr functions to
	     manage the resources on the host.
	   - we are expanding in the direction of libvirt being sufficient to do
	     most of the management on the Host (but within the limits of the need
	     for virtualization, e.g. managing users on the host is out of scope)
	   - we don't require anymore APIs to be supported by multiple
	     hypervisors to get in, it's already the case in practice, but we
	     should still make sure the semantic of those APIs are clear. We
	     added quite a bit for QEmu, but for example I saw on IRC that VBox
	     could emulate a network unplug/replug on a domain interface, and
	     that would be a good addition even if a priori no other hypervisor
	     supports it.
	   - Make clear that all libvirt APIs are available remotely, which is
	     key to use libvirt for building management tools.
	   - link the goal page from the project main page

	As for libvirt project directions, I think it just reflects the natural
	evolution in the last couple of years. We are less hypervisor agnostic
	and extending in the Host management. Clearly there is interest in
	making sure libvirt is complete in term of features for the hypervisors
	supported, especially the ones like KVM or LXC which don't really have
	integrated management library.

	* docs/goals.html.in: update the goals page
	* docs/index.html.in: link it from the top page

2011-03-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote: Don't leak gnutls session on negotiation error

2011-03-26  Eric Blake  <eblake@redhat.com>

	hooks: fix regression in previous patch
	* src/util/hooks.c (virHookCheck): Missing hooks should just be
	debug, not warn.

2011-03-25  Philipp Hahn  <hahn@univention.de>

	Add missing { for qemudDomainInterfaceStats
	Add missing open curly brace between function declaration of non-linux
	variant of qemudDomainInterfaceStats() and its body.

2011-03-25  Eric Blake  <eblake@redhat.com>

	build: shorten libxenlight summary for consistent alignment
	* configure.ac: Use xenlight: rather than libxenlight: in summary.
	Suggested by Daniel Veillard.

2011-03-25  Jiri Denemark  <jdenemar@redhat.com>

	daemon: Avoid resetting errors before they are reported
	Commit f44bfb7 was supposed to make sure no additional libvirt API (esp.
	*Free) is called before remoteDispatchConnError() is called on error.
	However, the patch missed two instances.

2011-03-25  Eric Blake  <eblake@redhat.com>

	command: add virCommandAbort for cleanup paths
	Sometimes, an asynchronous helper is started (such as a compressor
	or iohelper program), but a later error means that we want to
	abort that child.  Make this easier.

	Note that since daemons and virCommandRunAsync can't mix, the only
	time virCommandFree can reap a process is if someone did
	virCommandRunAsync for a non-daemon and didn't stash the pid.

	* src/util/command.h (virCommandAbort): New prototype.
	* src/util/command.c (_virCommand): Add new field.
	(virCommandRunAsync, virCommandWait): Track whether pid was used.
	(virCommandFree): Reap child if caller did not request pid.
	(virCommandAbort): New function.
	* src/libvirt_private.syms (command.h): Export it.
	* tests/commandtest.c (test19): New test.

	command: don't mix RunAsync and daemons
	It doesn't make sense to run a daemon without synchronously
	waiting for the child process to reply whether the daemon has
	been kicked off and pidfile written yet.

	* src/util/command.c (VIR_EXEC_RUN_SYNC): New constant.
	(virCommandRun): Set temporary flag.
	(virCommandRunAsync): Use it to prevent async runs of intermediate
	child when spawning asynchronous daemon grandchild.

	command: properly diagnose process exit via signal
	Child processes don't always reach _exit(); if they die from a
	signal, then any messages should still be accurate.  Most users
	either expect a 0 status (thankfully, if status==0, then
	WIFEXITED(status) is true and WEXITSTATUS(status)==0 for all
	known platforms) or were filtering on WIFEXITED before printing
	a status, but a few were missing this check.  Additionally,
	nwfilter_ebiptables_driver was making an assumption that works
	on Linux (where WEXITSTATUS shifts and WTERMSIG just masks)
	but fails on other platforms (where WEXITSTATUS just masks and
	WTERMSIG shifts).

	* src/util/command.h (virCommandTranslateStatus): New helper.
	* src/libvirt_private.syms (command.h): Export it.
	* src/util/command.c (virCommandTranslateStatus): New function.
	(virCommandWait): Use it to also diagnose status from signals.
	* src/security/security_apparmor.c (load_profile): Likewise.
	* src/storage/storage_backend.c
	(virStorageBackendQEMUImgBackingFormat): Likewise.
	* src/util/util.c (virExecDaemonize, virRunWithHook)
	(virFileOperation, virDirCreate): Likewise.
	* daemon/remote.c (remoteDispatchAuthPolkit): Likewise.
	* src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesExecCLI):
	Likewise.

2011-03-25  Markus Groß  <gross@univention.de>

	Add memory functions to libxl driver

2011-03-25  Wen Congyang  <wency@cn.fujitsu.com>

	fix the check of the output of monitor command 'device_add'
	Hotpluging host usb device by text mode will fail, because the monitor
	command 'device_add' outputs 'husb: using...' if it succeeds, but we
	think the command should not output anything.

2011-03-25  Eric Blake  <eblake@redhat.com>

	build: enforce reference count checking
	Add the compiler attribute to ensure we don't introduce any more
	ref bugs like were just patched in commit 9741f34, then explicitly
	mark the remaining places in code that are safe.

	* src/qemu/qemu_monitor.h (qemuMonitorUnref): Mark
	ATTRIBUTE_RETURN_CHECK.
	* src/conf/domain_conf.h (virDomainObjUnref): Likewise.
	* src/conf/domain_conf.c (virDomainObjParseXML)
	(virDomainLoadStatus): Fix offenders.
	* src/openvz/openvz_conf.c (openvzLoadDomains): Likewise.
	* src/vmware/vmware_conf.c (vmwareLoadDomains): Likewise.
	* src/qemu/qemu_domain.c (qemuDomainObjBeginJob)
	(qemuDomainObjBeginJobWithDriver)
	(qemuDomainObjExitRemoteWithDriver): Likewise.
	* src/qemu/qemu_monitor.c (QEMU_MONITOR_CALLBACK): Likewise.
	Suggested by Daniel P. Berrange.

	maint: prohibit access(,X_OK)
	This simplifies several callers that were repeating checks already
	guaranteed by util.c, and makes other callers more robust to now
	reject directories.  remote_driver.c was over-strict - access(,R_OK)
	is only needed to execute a script file; a binary only needs
	access(,X_OK) (besides, it's unusual to see a file with x but not
	r permissions, whether script or binary).

	* cfg.mk (sc_prohibit_access_xok): New syntax-check rule.
	(exclude_file_name_regexp--sc_prohibit_access_xok): Exempt one use.
	* src/network/bridge_driver.c (networkStartRadvd): Fix offenders.
	* src/qemu/qemu_capabilities.c (qemuCapsProbeMachineTypes)
	(qemuCapsInitGuest, qemuCapsInit, qemuCapsExtractVersionInfo):
	Likewise.
	* src/remote/remote_driver.c (remoteFindDaemonPath): Likewise.
	* src/uml/uml_driver.c (umlStartVMDaemon): Likewise.
	* src/util/hooks.c (virHookCheck): Likewise.

2011-03-25  Markus Groß  <gross@univention.de>

	Get cpu time and current memory balloon from libxl

2011-03-24  Jiri Denemark  <jdenemar@redhat.com>

	Make error reporting in libvirtd thread safe
	Bug https://bugzilla.redhat.com/show_bug.cgi?id=689374 reported libvirtd
	crash during error dispatch.

	The reason is that libvirtd uses remoteDispatchConnError() with non-NULL
	conn parameter which means that virConnGetLastError() is used instead of
	its thread safe replacement virGetLastError().

	So when several libvirtd threads are reporting errors at the same time,
	the errors can get mixed or corrupted or in case of bad luck libvirtd
	itself crashes.

	Since Daniel B. is going to rewrite this code from scratch on top of his
	RPC infrastructure, I tried to come up with a minimal fix. Thus,
	remoteDispatchConnError() now just ignores its conn argument and always
	calls virGetLastError(). However, several callers had to be touched as
	well, since no libvirt API is allowed to be called before dispatching
	the error. Doing so would reset the error and we would have nothing to
	dispatch. As a result of that, the code is not very nice but that
	doesn't really make daemon/remote.c worse than it is now :-) And it will
	all die soon, which is good.

	The bug report also contains a reproducer in C which detects both mixed
	up error messages and libvirtd crash. Before this patch, I was able to
	crash libvirtd in about 20 seconds up to 3 minutes depending on number
	of CPU cores (more is better) and luck.

2011-03-24  Wen Congyang  <wency@cn.fujitsu.com>

	update domain status forcibly even if attach a device failed
	Steps to reproduce this bug:
	1. virsh attach-disk domain --source diskimage --target sdb --sourcetype file --driver qemu --subdriver qcow2
	   error: Failed to attach disk
	   error: operation failed: adding scsi-disk,bus=scsi0.0,scsi-id=1,drive=drive-scsi0-0-1,id=scsi0-0-1 device failed: Property 'scsi-disk.drive' can't find value 'drive-scsi0-0-1'
	2. service libvirtd restart
	   Stopping libvirtd daemon:                                  [  OK  ]
	   Starting libvirtd daemon:                                  [  OK  ]
	3. virsh attach-disk domain --source diskimage --target sdb --sourcetype file --driver qemu --subdriver raw
	   error: Failed to attach disk
	   error: operation failed: adding lsi,id=scsi0,bus=pci.0,addr=0x6 device failed: Duplicate ID 'scsi0' for device

	The reason is that we create a new scsi controller but we do not update
	/var/run/libvirt/qemu/domain.xml.

2011-03-24  Eric Blake  <eblake@redhat.com>

	build: nuke all .x-sc* files, and fix VPATH syntax-check
	Not every day you see a patch that nukes 27 files!

	* .gnulib: Update to latest, for maint.mk improvements
	* bootstrap: Resync to gnulib.
	* bootstrap.conf (ACLOCAL): Swap the secondary aclocal include
	directory, now that bootstrap picks up gnulib/m4 instead of m4.
	* Makefile.am (syntax_check_exceptions, EXTRA_DIST): No longer
	worry about nuked files.
	* cfg.mk (sc_x_sc_dist_check): Delete dead rule.
	(VC_LIST_ALWAYS_EXCLUDE_REGEX): Add HACKING.
	(exclude_file_name_regexp--sc_*): Inline and simplify contents...
	* .x-sc_*: ...from here, then delete the files.

	command: reject pidfile on non-daemon
	* src/util/command.c (virCommandRunAsync): Since virExec only
	creates pidfiles for daemon, enforce this in virCommand.

	domain_conf: drop unused ref-count in snapshot object
	The ref count was assigned to 1 at creation, then never modified again
	until it was decremented just before freeing the object.

	* src/conf/domain_conf.h (_virDomainSnapshotObj): Delete unused
	field.
	(virDomainSnapshotObjUnref): Delete unused prototype.
	* src/libvirt_private.syms: Likewise.
	* src/conf/domain_conf.c (virDomainSnapshotObjNew)
	(virDomainSnapshotObjListDataFree): Update users.
	(virDomainSnapshotObjUnref): Delete.

	rpm: add missing dependencies
	Among others, the missing radvd dependency showed up as:

	error: Failed to start network ipv6net
	error: Cannot find radvd - Possibly the package isn't installed: No such file
	or directory

	even when radvd was installed, because the RADVD preprocessor
	symbol was missing at configure time.

	* libvirt.spec.in (with_network): Add BuildRequires for radvd,
	iptables, and ip6tables.
	(BuildRequires): Add libxslt and augeas for docs and test.
	(with_libvirtd): Add module-init-tools for modprobe.
	(with_nwfilter): Add BuildRequires for ebtables.
	(with_esx): Fix esx build on RHEL 5, thanks to curl-devel rename.

	rpm: separate runtime and build requirements
	* libvirt.spec.in (Requires): Reorganize requirements a bit; no
	functional change.

2011-03-23  Osier Yang  <jyang@redhat.com>

	util: Fix return value for virJSONValueFromString if it fails
	Problem:
	  "parser.head" is not NULL even if it's free'ed by "virJSONValueFree",
	returning "parser.head" when "virJSONValueFromString" fails will cause
	unexpected errors (libvirtd will crash sometimes), e.g.
	  In function "qemuMonitorJSONArbitraryCommand":

	        if (!(cmd = virJSONValueFromString(cmd_str)))
	            goto cleanup;

	        if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
	            goto cleanup;

	        ......

	     cleanup:
	        virJSONValueFree(cmd);

	  It will continues to send command to monitor even if "virJSONValueFromString"
	is failed, and more worse, it trys to free "cmd" again.

	  Crash example:
	{"error":{"class":"QMPBadInputObject","desc":"Expected 'execute' in QMP input","data":{"expected":"execute"}}}
	{"error":{"class":"QMPBadInputObject","desc":"Expected 'execute' in QMP input","data":{"expected":"execute"}}}
	error: server closed connection:
	error: unable to connect to '/var/run/libvirt/libvirt-sock', libvirtd may need to be started: Connection refused
	error: failed to connect to the hypervisor

	  This fix is to:
	    1) return NULL for failure of "virJSONValueFromString",
	    2) and it seems "virJSONValueFree" uses incorrect loop index for type
	       of "VIR_JSON_TYPE_OBJECT", fix it together.

	* src/util/json.c

2011-03-23  Wen Congyang  <wency@cn.fujitsu.com>

	Initialization error of qemuCgroupData in Qemu host usb hotplug
	Steps to reproduce this bug:
	# cat usb.xml
	<hostdev mode='subsystem' type='usb'>
	  <source>
	    <address bus='0x001' device='0x003'/>
	  </source>
	</hostdev>
	# virsh attach-device vm1 usb.xml
	error: Failed to attach device from usb.xml
	error: server closed connection:

	The reason of this bug is that we set data.cgroup to NULL, and this will cause
	libvirtd crashed.

2011-03-23  Eric Blake  <eblake@redhat.com>

	qemu: simplify monitor callbacks
	A future patch will change reference counting idioms; consolidating
	this pattern now makes the next patch smaller (touch only the new
	macro rather than every caller).

	* src/qemu/qemu_monitor.c (QEMU_MONITOR_CALLBACK): New helper.
	(qemuMonitorGetDiskSecret, qemuMonitorEmitShutdown)
	(qemuMonitorEmitReset, qemuMonitorEmitPowerdown)
	(qemuMonitorEmitStop, qemuMonitorEmitRTCChange)
	(qemuMonitorEmitWatchdog, qemuMonitorEmitIOError)
	(qemuMonitorEmitGraphics): Use it to reduce duplication.

	build: fix missing initializer
	Commit cb4aba9b6 forgot xenapi.

	* src/xenapi/xenapi_driver.c (xenapiDriver): Adjust to recent API.

2011-03-23  Roopa Prabhu  <roprabhu@cisco.com>

	8021Qbh: use preassociate-rr during the migration prepare stage
	This patch introduces PREASSOCIATE-RR during incoming VM migration on the
	destination host. This is similar to the usage of PREASSOCIATE during
	migration in 8021qbg libvirt code today. PREASSOCIATE-RR is a VDP operation.
	With the latest at IEEE, 8021qbh will need to support VDP operations.
	A corresponding enic driver patch to support PREASSOCIATE-RR for 8021qbh
	will be posted for net-next-2.6 inclusion soon.

2011-03-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix uninitialized variable & error reporting in LXC veth setup
	THe veth setup in LXC had a couple of flaws, first brInit did
	not report any error when it failed. Second vethCreate() did
	not correctly initialize the variable containing the return
	code, so could report failure even when it succeeded.

	* src/lxc/lxc_driver.c: Report error when brInit fails
	* src/lxc/veth.c: Fix uninitialized variable

	Wire up virDomainMigrateSetSpeed into QEMU driver
	Enhance the QEMU migration monitoring loop, so that it can get
	a signal to change migration speed on the fly

	* src/qemu/qemu_domain.h: Add signal for changing speed on the fly
	* src/qemu/qemu_driver.c: Wire up virDomainMigrateSetSpeed driver
	* src/qemu/qemu_migration.c: Support signal for changing speed

	Wire up virDomainMigrateSetSpeed for the remote RPC driver
	* src/remote/remote_protocol.x: Define wire protocol
	* daemon/remote.c, src/remote/remote_driver.c: Add new
	  functions for virDomainMigrateSetSpeed API
	* src/remote/remote_protocol.c, src/remote/remote_protocol.h,
	  daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h,
	  daemon/remote_dispatch_table.h: Re-generate files

	Add public API for setting migration speed on the fly
	It is possible to set a migration speed limit when starting
	migration. This new API allows the speed limit to be changed
	on the fly to adjust to changing conditions

	* src/driver.h, src/libvirt.c, src/libvirt_public.syms,
	  include/libvirt/libvirt.h.in: Add virDomainMigrateSetMaxSpeed
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c,
	  src/opennebula/one_driver.c, src/openvz/openvz_driver.c,
	  src/phyp/phyp_driver.c, src/qemu/qemu_driver.c,
	  src/remote/remote_driver.c, src/test/test_driver.c,
	  src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/vmware/vmware_driver.c, src/xen/xen_driver.c,
	  src/libxl/libxl_driver.c: Stub new API

2011-03-22  Eric Blake  <eblake@redhat.com>

	maint: update authors
	* AUTHORS: Update, to satisfy 'make syntax-check'.

2011-03-22  Daniel P. Berrange  <berrange@redhat.com>

	Disable libxl build in RPM on Fedora < 16
	The xen RPM in Fedora isn't new enough to support libxl builds
	yet. Disable it until Fedora 16

	* libvirt.spec.in: Disable libxl on Fedora < 16

2011-03-22  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: fallback to HMP drive_add/drive_del
	fallback to HMP drive_add/drive_del commands if not found in QMP

2011-03-22  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Only use HMP passthrough if it is supported
	Avoids calling text monitor methods when it is know they will not
	succeed and also results in nicer error messages.

	qemu: Detect support for HMP passthrough

2011-03-22  Thibault Vincent  <thibault.vincent@smartjog.com>

	qemu: add two hook script events "prepare" and "release"
	Fix for bug https://bugzilla.redhat.com/show_bug.cgi?id=618970

	The "prepare" hook is called very early in the VM statup process
	before device labeling, so that it can allocate ressources not
	managed by libvirt, such as DRBD, or for instance create missing
	bridges and vlan interfaces.
	* src/util/hooks.c src/util/hooks.h: add definitions for new hooks
	  VIR_HOOK_QEMU_OP_PREPARE and VIR_HOOK_QEMU_OP_RELEASE
	* src/qemu/qemu_process.c: use them in qemuProcessStart and
	  qemuProcessStop()

2011-03-22  Daniel Veillard  <veillard@redhat.com>

	Update the set of maintainers for the project
	Wen Congyang gained commiter access

	Created a new section of previous commiters to the project
	but not involved much anymore: Karel Zak, Atsushi SAKAI,
	Dave Leskovec and Dan Smith

2011-03-22  Eric Blake  <eblake@redhat.com>

	qemu: simplify interface fd handling in monitor
	With only a single caller to these two monitor commands, I
	didn't need to wrap a new WithFds version, but just change
	the command itself.

	* src/qemu/qemu_monitor.h (qemuMonitorAddNetdev)
	(qemuMonitorAddHostNetwork): Add parameters.
	* src/qemu/qemu_monitor.c (qemuMonitorAddNetdev)
	(qemuMonitorAddHostNetwork): Add support for fd passing.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Use it to
	simplify code.

	qemu: simplify PCI configfd handling in monitor
	This is also a bug fix - on the error path, qemu_hotplug would
	leave the configfd file leaked into qemu.  At least the next
	attempt to hotplug a PCI device would reuse the same fdname,
	and when the qemu getfd monitor command gets a new fd by the
	same name as an earlier one, it closes the earlier one, so there
	is no risk of qemu running out of fds.

	* src/qemu/qemu_monitor.h (qemuMonitorAddDeviceWithFd): New
	prototype.
	* src/qemu/qemu_monitor.c (qemuMonitorAddDevice): Move guts...
	(qemuMonitorAddDeviceWithFd): ...to new function, and add support
	for fd passing.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachHostPciDevice): Use it
	to simplify code.
	Suggested by Daniel P. Berrange.

	qemu: simplify monitor fd error handling
	qemu_monitor was already returning -1 and setting errno to EINVAL
	on any attempt to send an fd without a unix socket, but this was
	a silent failure in the case of qemuDomainAttachHostPciDevice.
	Meanwhile, qemuDomainAttachNetDevice was doing some sanity checking
	for a better error message; it's better to consolidate that to a
	central point in the API.

	* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Move sanity
	checking...
	* src/qemu/qemu_monitor.c (qemuMonitorSendFileHandle): ...into
	central location.
	Suggested by Chris Wright.

	udev: fix regression with qemu:///session
	https://bugzilla.redhat.com/show_bug.cgi?id=684655 points out
	a regression introduced in commit 2215050edd - non-root users
	can't connect to qemu:///session because libvirtd dies when
	it can't use pciaccess initialization.

	* src/node_device/node_device_udev.c (udevDeviceMonitorStartup):
	Don't abort udev driver (and libvirtd overall) if non-root user
	can't use pciaccess.

2011-03-21  Eric Blake  <eblake@redhat.com>

	logging: fix off-by-one bug
	Valgrind caught that our log wrap-around was going 1 past the end.
	Regression introduced in commit b16f47a; previously the
	buffer was static and size+1 bytes, but now it is dynamic and
	exactly size bytes.

	* src/util/logging.c (virLogStr): Don't write past end of log.

2011-03-21  Wen Congyang  <wency@cn.fujitsu.com>

	do not report OOM error when prepareCall() failed
	We have reported error in the function prepareCall(), and
	the error is not only OOM error. So we should not report
	OOM error in the function call() when prepareCall() failed.

2011-03-21  Eric Blake  <eblake@redhat.com>

	util: guarantee sane errno in virFileIsExecutable
	If virFileIsExecutable is to replace access(file,X_OK), then
	errno must be usable on failure.

	* src/util/util.c (virFileIsExecutable): Set errno on failure.

2011-03-21  Cole Robinson  <crobinso@redhat.com>

	docs: Document first release with spice and qxl

2011-03-21  Osier Yang  <jyang@redhat.com>

	doc: Add schema definition for imagelabel
	<imagelable> is not generated by running domain, actually we parse
	it in src/conf/domain_conf.c, this patch is to fix it, otherwise any
	validation (virt-xml-validate) on the domain xml dumped from shutoff
	domain containing <imagelable> will fail.

	* docs/schemas/domain.rng

2011-03-19  Tiziano Mueller  <dev-zero@gentoo.org>

	update virGetVersion description
	The current description suggests that you always have to provide
	a valid typeVer pointer. But if you want only the libvirt version
	it's also possible to set type and typeVer to NULL to skip the
	hypervisor part.

2011-03-19  Hu Tao  <hutao@cn.fujitsu.com>

	Don't return an error on failure to create blkio controller
	This patch enables cgroup controllers as much as possible by skipping
	the creation of blkio controller when running with old kernels that
	doesn't support multi-level directory for blkio controller.

2011-03-19  Jim Fehlig  <jfehlig@novell.com>

	Don't build libxenlight driver for Xen 4.0
	The libxenlight driver does not build against the tech preview
	version of libxenlight in Xen 4.0.  Only enable building the
	driver against more complete libxenlight found in Xen 4.1.

2011-03-19  Eric Blake  <eblake@redhat.com>

	qemu: respect locking rules
	THREADS.txt states that the contents of vm should not be read or
	modified while the vm lock is not held, but that the lock must not
	be held while performing a monitor command.  This fixes all the
	offenders that I could find.

	* src/qemu/qemu_process.c (qemuProcessStartCPUs)
	(qemuProcessInitPasswords, qemuProcessStart): Don't modify or
	refer to vm state outside lock.
	* src/qemu/qemu_driver.c (qemudDomainHotplugVcpus): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainChangeGraphicsPasswords):
	Likewise.

2011-03-19  Laine Stump  <laine@laine.org>

	network driver: log error and abort network startup when radvd isn't found
	This is detailed in:

	  https://bugzilla.redhat.com/show_bug.cgi?id=688957

	Since radvd is executed by daemonizing it, the attempt to exec the
	radvd binary doesn't happen until after libvirtd has already received
	an exit code from the intermediate forked process, so no error is
	detected or logged by __virExec().

	We can't require radvd as a prerequisite for the libvirt package (many
	installations don't use IPv6, so they don't need it), so instead we
	add in a check to verify there is an executable radvd binary prior to
	trying to exec it.

2011-03-19  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	openvz: fix a simple bug in openvzListDefinedDomains()
	This patch adds missing curly brackets to an if
	statement in openvzListDefinedDomains()

2011-03-19  Eric Blake  <eblake@redhat.com>

	build: translate changes in previous patch
	* po/POTFILES.in: Add src/util/hash.c for 'make syntax-check'.

2011-03-19  Daniel P. Berrange  <berrange@redhat.com>

	Fix delayed event delivery when SASL is active
	When SASL is active, it was possible that we read and decoded
	more data off the wire than we initially wanted. The loop
	processing this data terminated after only one message to
	avoid delaying the calling thread, but this could delay
	event delivery. As long as there is decoded SASL data in
	memory, we must process it, before returning to the poll()
	event loop.

	This is a counterpart to the same kind of issue solved in

	  commit 68d2c3482fa16801f8e6ca5c42698319bb87f385

	in a different area of the code

	* src/remote/remote_driver.c: Process all pending SASL data

	Ensure binary is resolved wrt $PATH in virExec
	virExec would only resolved the binary to $PATH if no env
	variables were being set. Since there is no execvep() API
	in POSIX, we use virFindFileInPath to manually resolve
	the binary and then use execv() instead of execvp().

2011-03-18  Jim Fehlig  <jfehlig@novell.com>

	Add libxenlight driver
	Add a new xen driver based on libxenlight [1], which is the primary
	toolstack starting with Xen 4.1.0.  The driver is stateful and runs
	privileged only.

	Like the existing xen-unified driver, the libxenlight driver is
	accessed with xen:// URI.  Driver selection is based on the status
	of xend.  If xend is running, the libxenlight driver will not load
	and xen:// connections are handled by xen-unified.  If xend is not
	running *and* the libxenlight driver is available, xen://
	connections are deferred to the libxenlight driver.

	V6:
	 - Address several code style issues noted by Daniel Veillard
	 - Make drive work with xen:/// URI
	 - Hold domain object reference while domain is injected in
	   libvirt event loop.  Race found and fixed by Markus Groß.

	V5:
	 - Ensure events are unregistered when domain private data
	   is destroyed.  Discovered and fixed by Markus Groß.

	V4:
	 - Handle restart of libvirtd, reconnecting to previously
	   started domains
	 - Rebased to current master
	 - Tested against Xen 4.1 RC7-pre (c/s 22961:c5d121fd35c0)

	V3:
	  - Reserve vnc port within driver when autoport=yes

	V2:
	  - Update to Xen 4.1 RC6-pre (c/s 22940:5a4710640f81)
	  - Rebased to current master
	  - Plug memory leaks found by Stefano Stabellini and valgrind
	  - Handle SHUTDOWN_crash domain death event

	[1] http://lists.xensource.com/archives/html/xen-devel/2009-11/msg00436.html

2011-03-18  Jiri Denemark  <jdenemar@redhat.com>

	util: Forbid calling hash APIs from iterator callback
	Calling most hash APIs is not safe from inside of an iterator callback.
	Exceptions are APIs that do not modify the hash table and removing
	current hash entry from virHashFroEach callback.

	This patch make all APIs which are not safe fail instead of just relying
	on the callback being nice not calling any unsafe APIs.

	qemu: Fix copy&paste error messages in text monitor

2011-03-18  Wen Congyang  <wency@cn.fujitsu.com>

	do not unref obj in qemuDomainObjExitMonitor*
	Steps to reproduce this bug:
	# cat test.sh
	  #! /bin/bash -x
	  virsh start domain
	  sleep 5
	  virsh qemu-monitor-command domain 'cpu_set 2 online' --hmp
	# while true; do ./test.sh ; done

	Then libvirtd will crash.

	The reason is that:
	we add a reference of obj when we open the monitor. We will reduce this
	reference when we free the monitor.

	If the reference of monitor is 0, we will free monitor automatically and
	the reference of obj is reduced.

	But in the function qemuDomainObjExitMonitorWithDriver(), we reduce this
	reference again when the reference of monitor is 0.

	It will cause the obj be freed in the function qemuDomainObjEndJob().

	Then we start the domain again, and libvirtd will crash in the function
	virDomainObjListSearchName(), because we pass a null pointer(obj->def->name)
	to strcmp().

	qemu: check driver name while attaching disk
	This bug was reported by Shi Jin(jinzishuai@gmail.com):
	=============
	# virsh attach-disk RHEL6RC /var/lib/libvirt/images/test3.img vdb \
	        --driver file --subdriver qcow2
	Disk attached successfully

	# virsh save RHEL6RC /var/lib/libvirt/images/memory.save
	Domain RHEL6RC saved to /var/lib/libvirt/images/memory.save

	# virsh restore /var/lib/libvirt/images/memory.save
	error: Failed to restore domain from /var/lib/libvirt/images/memory.save
	error: internal error unsupported driver name 'file'
	       for disk '/var/lib/libvirt/images/test3.img'
	=============

	We check the driver name when we start or restore VM, but we do
	not check it while attaching a disk. This adds the same check on disk
	driverName used in qemuBuildCommandLine to qemudDomainAttachDevice.

2011-03-18  Daniel Veillard  <veillard@redhat.com>

	Improve logging documentation including the debug buffer
	* docs/logging.html.in: document the fact that starting from
	  0.9.0 the server logs goes to libvirtd.log instead of syslog
	  by default, describe the debug buffer, restructure the page
	  and add a couple more examples

	Avoid taking lock in libvirt debug dump
	As pointed out, locking the buffer from the signal handler
	cannot been guaranteed to be safe, so to avoid any hazard
	we prefer the trade off of dumping logs possibly messed up
	by concurrent logging activity rather than risk a daemon
	crash.

	* src/util/logging.c: change virLogEmergencyDumpAll() to not
	  take any lock on the log buffer but reset buffer content variables
	  to an empty set before starting the actual dump.

2011-03-18  Wen Congyang  <wency@cn.fujitsu.com>

	unlock the monitor when unwatching the monitor
	Steps to reproduce this bug:
	# virsh qemu-monitor-command domain 'cpu_set 2 online' --hmp
	The domain has 2 cpus, and we try to set the third cpu online.
	The qemu crashes, and this command will hang.

	The reason is that the refs is not 1 when we unwatch the monitor.
	We lock the monitor, but we do not unlock it. So virCondWait()
	will be blocked.

2011-03-18  Hu Tao  <hutao@cn.fujitsu.com>

	Add vim configuration that makes vim auto-indent code

	Make virDomainObjParseNode() static
	Make virDomainObjParseNode() static since it is called only
	in one file.

2011-03-18  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	virsh: fix memtune's help message for swap_hard_limit
	* Correct the documentation for cgroup: the swap_hard_limit indicates
	  mem+swap_hard_limit.
	* Change cgroup private apis to: virCgroupGet/SetMemSwapHardLimit

2011-03-18  Alex Williamson  <alex.williamson@redhat.com>

	Add PCI sysfs reset access
	I'm proposing we make use of $PCIDIR/reset in qemu-kvm to reset
	devices on VM reset.  We need to add it to libvirt's list of
	files that get ownership for device assignment.

2011-03-18  Jim Fehlig  <jfehlig@novell.com>

	Support Xen sysctl v8, domctl v7
	xen-unstable c/s 21118:28e5409e3fb3 bumped sysctl version to 8.
	xen-unstable c/s 21212:de94884a669c introduced CPU pools feature,
	adding another member to xen_domctl_getdomaininfo struct.  Add a
	corresponding domctl v7 struct in xen hypervisor sub-driver and
	detect sysctl v8 during initialization.

2011-03-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote: Add missing virCondDestroy calls
	The virCond of the remote_thread_call struct was leaked in some
	places. This results in leaking the underlying mutex. Which in turn
	leaks a handle on Windows.

	Reported by Aliaksandr Chabatar and Ihar Smertsin.

2011-03-17  Eric Blake  <eblake@redhat.com>

	build: improve rpm generation for distro backports
	When building for an older distro, it's convenient to just
	tell rpmbuild to define dist (for example, to .el6_0), rather
	than also remembering to define rhel to 6.

	* libvirt.spec.in: Guess %{rhel} based on %{dist}.
	Based on an idea by Jiri Denemark.

2011-03-17  Laine Stump  <laine@laine.org>

	macvtap: log an error if on failure to connect to netlink socket
	A bug in libnl (see https://bugzilla.redhat.com/show_bug.cgi?id=677724
	and https://bugzilla.redhat.com/show_bug.cgi?id=677725) makes it very
	easy to create a failure to connect to the netlink socket when trying
	to open a macvtap network device ("type='direct'" in domain interface
	XML). When that error occurred (during a call to libnl's nl_connect()
	from libvirt's nlComm(), there was no log message, leading virsh (for
	example) to report "unknown error".

	There were two other cases in nlComm where an error in a libnl
	function might return with failure but no error reported. In all three
	cases, this patch logs a message which will hopefully be more useful.

	Note that more detailed information about the failure might be
	available from libnl's nl_geterror() function, but it calls
	strerror(), which is not threadsafe, so we can't use it.

2011-03-16  Osier Yang  <jyang@redhat.com>

	storage: Fix a problem which will cause libvirtd crashed
	If pool xml has no definition for "port", then "Segmentation fault"
	happens when jumping to "cleanup:" to do "VIR_FREE(port)", as "port"
	was not initialized in this situation.

	* src/conf/storage_conf.c

2011-03-16  Eric Blake  <eblake@redhat.com>

	qemu: support migration to fd
	* src/qemu/qemu_monitor.h (qemuMonitorMigrateToFd): New
	prototype.
	* src/qemu/qemu_monitor.c (qemuMonitorMigrateToFd): New function.

	qemu: improve efficiency of dd during snapshots
	POSIX states about dd:

	If the bs=expr operand is specified and no conversions other than
	sync, noerror, or notrunc are requested, the data returned from each
	input block shall be written as a separate output block; if the read
	returns less than a full block and the sync conversion is not
	specified, the resulting output block shall be the same size as the
	input block. If the bs=expr operand is not specified, or a conversion
	other than sync, noerror, or notrunc is requested, the input shall be
	processed and collected into full-sized output blocks until the end of
	the input is reached.

	Since we aren't using conv=sync, there is no zero-padding, but our
	use of bs= means that a short read results in a short write.  If
	instead we use ibs= and obs=, then short reads are collected and dd
	only has to do a single write, which can make dd more efficient.

	* src/qemu/qemu_monitor.c (qemuMonitorMigrateToFile):
	Avoid 'dd bs=', since it can cause short writes.

	virsh: allow empty string arguments
	"virsh connect ''" should try to connect to the default connection,
	but the previous patch made it issue a warning about an invalid URI.

	* tools/virsh.c (VSH_OFLAG_EMPTY_OK): New option flag.
	(vshCommandOptString): Per the declaration, value is required to
	be non-NULL.  Honor new flag.
	(opts_connect): Allow empty string connection.

2011-03-15  Wen Congyang  <wency@cn.fujitsu.com>

	qemu: Fallback to HMP when cpu_set QMP command is not found

2011-03-15  Daniel P. Berrange  <berrange@redhat.com>

	Change message for VIR_FROM_RPC error domain
	The VIR_FROM_RPC error domain is used generically for any RPC
	problem, not simply XML-RPC problems.

	* src/util/virterror.c: s/XML-RPC/RPC/

	Add compat function for geteuid()
	* configure.ac: Check for geteuid()
	* src/util/util.h: Compat for geteuid()

	Fix misc bugs in virCommandPtr
	The virCommandNewArgs() method would free the virCommandPtr
	if it failed to add the args. This meant errors reported in
	virCommandAddArgSet() were lost. Simply removing the check
	for errors from the constructor means they can be reported
	correctly later

	The virCommandAddEnvPassCommon() method failed to check for
	errors before reallocating the cmd->env array, causing a
	potential SEGV if cmd was NULL

	The virCommandAddArgSet() method needs to validate that at
	least 1 element in 'val's parameter is non-NULL, otherwise
	code like

	    cmd = virCommandNew(binary)
	    virCommandAddAtg(cmd, "foo")

	Would end up trying todo  execve("foo"), if binary was
	NULL.

	Add virSetBlocking() to allow O_NONBLOCK to be toggle on or off
	The virSetNonBlock() API only allows enabling non-blocking
	operations. It doesn't allow turning blocking back on. Add
	a new API to allow arbitrary toggling.

	* src/libvirt_private.syms, src/util/util.h
	  src/util/util.c: Add virSetBlocking

2011-03-15  Eric Blake  <eblake@redhat.com>

	qemu: use more appropriate error
	Fixes bug in commit acacced

	* src/qemu/qemu_command.c (qemuBuildCommandLine):
	s/INVALID_ARG/CONFIG_UNSUPPORTED/.
	Reported by Daniel P. Berrange.

2011-03-15  Justin Clift  <jclift@redhat.com>

	docs: update windows page for initial libvirt 0.8.8 installer

2011-03-15  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	libvirt: fix a simple bug in virDomainSetMemoryFlags()
	This patch fix a simple bug in virDomainSetMemoryFlags function.
	The patch sent before lacks the consideration of the case
	where the driver doesn't support virDomainSetMemoryFlags API.

2011-03-15  Daniel P. Berrange  <berrange@redhat.com>

	Make LXC container startup/shutdown/I/O more robust
	The current LXC I/O controller looks for HUP to detect
	when a guest has quit. This isn't reliable as during
	initial bootup it is possible that 'init' will close
	the console and let mingetty re-open it. The shutdown
	of containers was also flakey because it only killed
	the libvirt I/O controller and expected container
	processes to gracefully follow.

	Change the I/O controller such that when it see HUP
	or an I/O error, it uses kill($PID, 0) to see if the
	process has really quit.

	Change the container shutdown sequence to use the
	virCgroupKillPainfully function to ensure every
	really goes away

	This change makes the use of the 'cpu', 'devices'
	and 'memory' cgroups controllers compulsory with
	LXC

	* docs/drvlxc.html.in: Document that certain cgroups
	  controllers are now mandatory
	* src/lxc/lxc_controller.c: Check if PID is still
	  alive before quitting on I/O error/HUP
	* src/lxc/lxc_driver.c: Use virCgroupKillPainfully

2011-03-15  Daniel Veillard  <veillard@redhat.com>

	Allow to dynamically set the size of the debug buffer
	This is the part allowing to dynamically resize the debug log
	buffer from it's default 64kB size. The buffer is now dynamically
	allocated.
	It adds a new API virLogSetBufferSize() which resizes the buffer
	If passed a zero size, the buffer is deallocated and we do the small
	optimization of not formatting messages which are not output anymore.
	On the daemon side, it just adds a new option log_buffer_size to
	libvirtd.conf and call virLogSetBufferSize() if needed
	* src/util/logging.h src/util/logging.c src/libvirt_private.syms:
	  make buffer dynamic and add virLogSetBufferSize() internal API
	* daemon/libvirtd.conf: document the new log_buffer_size option
	* daemon/libvirtd.c: read and use the new log_buffer_size option

2011-03-15  Eric Blake  <eblake@redhat.com>

	qemu: consolidate duplicated monitor migration code
	* src/qemu/qemu_monitor_text.h (qemuMonitorTextMigrate): Declare
	in place of individual monitor commands.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONMigrate): Likewise.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextMigrateToHost)
	(qemuMonitorTextMigrateToCommand, qemuMonitorTextMigrateToFile)
	(qemuMonitorTextMigrateToUnix): Delete.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONMigrateToHost)
	(qemuMonitorJSONMigrateToCommand, qemuMonitorJSONMigrateToFile)
	(qemuMonitorJSONMigrateToUnix): Delete.
	* src/qemu/qemu_monitor.c (qemuMonitorMigrateToHost)
	(qemuMonitorMigrateToCommand, qemuMonitorMigrateToFile)
	(qemuMonitorMigrateToUnix): Consolidate shared code.

	qemu: use lighter-weight fd:n on incoming tunneled migration
	Outgoing migration still uses a Unix socket and or exec netcat until
	the next patch.

	* src/qemu/qemu_migration.c (qemuMigrationPrepareTunnel):
	Replace Unix socket with simpler pipe.
	Suggested by Paolo Bonzini.

	maint: make spacing in .sh files easier
	Commit 7f193757 renamed libvirt-guests.init from .in to .sh, which
	made it slip past sc_TAB_in_indentation.  I nearly reintroduced a
	tab, so I'm pushing this to prevent that from happening.

	* cfg.mk (sc_TAB_in_indentation): Update rule to include .sh files.
	* .dir-locals.el: List spacing preference for .sh files.

2011-03-15  Osier Yang  <jyang@redhat.com>

	qemu: Check the unsigned integer overflow
	As perhaps other hypervisor drivers use different capacity units,
	do the checking in qemu driver instead of in conf/domain_conf.c.

2011-03-15  Minoru Usui  <usui@mxm.nes.nec.co.jp>

	Fix performance problem of virStorageVolCreateXMLFrom()
	This patch changes zerobuf variable from array to VIR_ALLOC_N().

2011-03-15  Eric Blake  <eblake@redhat.com>

	libvirt-guests: avoid globbing when splitting $URIS
	* tools/libvirt-guests.init.sh (start, stop, gueststatus): Avoid
	shell globbing, since valid URIs can contain '?'.

2011-03-15  Philipp Hahn  <hahn@univention.de>

	libvirt-guest.init: quoting variables
	At least protect the $uri variable against further expansion by properly
	quoting it. While doing that, also quote all other variables to protect
	against shell meta characters.

	docs/formatdomain.html.in: Fix spelling PIC->PCI
	Not "Programmable Interrupt Controller" but "Peripheral Component
	Interconnect".

2011-03-15  Laine Stump  <laine@laine.org>

	audit: eliminate potential null pointer deref when auditing macvtap devices
	The newly added call to qemuAuditNetDevice in qemuPhysIfaceConnect was
	assuming that res_ifname (the name of the macvtap device) was always
	valid, but this isn't the case. If openMacvtapTap fails, it always
	returns NULL, which would result in a segv.

	Since the audit log only needs a record of devices that are actually
	sent to qemu, and a failure to open the macvtap device means that no
	device will be sent to qemu, we can solve this problem by only doing
	the audit if openMacvtapTap is successful (in which case res_ifname is
	guaranteed valid).

2011-03-14  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Insert error messages to avoid a quiet abortion of commands
	in case of incorrect option parsing.

2011-03-14  Laine Stump  <laine@laine.org>

	network driver: don't send default route to clients on isolated networks
	Normally dnsmasq will send a default route (the address of the host in
	the network definition) to any client requesting an address via
	DHCP. On an isolated network this makes no sense, as we have iptables
	to prevent any traffic going out via that interface, so anything sent
	that way would be dropped anyway.

	This extra/unusable default route becomes problematic if you have
	setup a guest with multiple network interfaces, with one connected to
	an isolated network and another that provides connectivity to the
	outside (example - one interface directly connecting to a physical
	interface via macvtap, with a second connected to an isolated network
	so that the host and guest can communicate (macvtap doesn't support
	guest<->host communication without an external switch that supports
	vepa, or reflecting all traffic back)). In this case, if the guest
	chooses the default route of the isolated network, the guest will not
	be able to get network traffic beyond the host.

	To prevent dnsmasq from sending a default route, you can tell it to
	send 0 bytes of data for the default route option (option number 3)
	with --dhcp-option=3 (normally the data to send for the option would
	follow the option number; no extra data means "don't send this option").

	I have checked on RHEL5 (a good representative of the oldest supported
	libvirt platforms) and its version of dnsmasq (2.45) does support
	--dhcp-option, so this shouldn't create any compatibility problems.

2011-03-14  Jiri Denemark  <jdenemar@redhat.com>

	python: Use hardcoded python path in libvirt.py
	This partially reverts (and fixes that part in a different way) commit
	e4384459c93e3e786aa483c7f077d1d22148f689, which replaced
	``/usr/bin/python'' with ``/usr/bin/env python'' in all examples or
	scripts used during build to generate other files.

	However, python bindings module is compiled and linked against a
	specific python discovered or explicitly provided in configure phase.
	Thus libvirt.py, which is generated and installed into the system,
	should use the same python binary for which the module has been built.

	The hunk in Makefile.am replaces $(srcdir) with $(PYTHON), which might
	seem wrong but it is not. generator.py didn't use any of its command
	line arguments so passing $(srcdir) to it was redundant.

	virsh: Allow starting domains by UUID

2011-03-14  Osier Yang  <jyang@redhat.com>

	virsh: Free stream when shutdown console
	Otherwise connection of hypervisor driver will be leaked when
	one shutdown the guest in console. e.g.

	[root@localhost]# init 0
	......
	init: Re-executing /sbin/init
	Halting system...
	Power down.

	error: Failed to disconnect from the hypervisor, 1 leaked reference(s)

2011-03-14  Guido Günther  <agx@sigxcpu.org>

	Add missing checks for read only connections
	As pointed on CVE-2011-1146, some API forgot to check the read-only
	status of the connection for entry point which modify the state
	of the system or may lead to a remote execution using user data.
	The entry points concerned are:
	  - virConnectDomainXMLToNative
	  - virNodeDeviceDettach
	  - virNodeDeviceReAttach
	  - virNodeDeviceReset
	  - virDomainRevertToSnapshot
	  - virDomainSnapshotDelete

	* src/libvirt.c: fix the above set of entry points to error on read-only
	                 connections

2011-03-12  Laine Stump  <laine@laine.org>

	network driver: Use a separate dhcp leases file for each network
	By default, all dnsmasq processes share the same leases file. libvirt
	also uses the --dhcp-lease-max option to control the maximum number of
	leases allowed. The problem is that libvirt puts in a number equal to
	the number of addresses in the range for the one network handled by a
	single instance of dnsmasq, but dnsmasq checks the total number of
	leases in the file (which could potentially contain many more).

	The solution is to tell each instance of dnsmasq to create and use its
	own leases file. (/var/lib/libvirt/network/<net-name>.leases).

	This file is created by dnsmasq when it starts, but not deleted when
	it exists. This is fine when the network is just being stopped, but if
	the leases file was left around when a network was undefined, we could
	end up with an ever-increasing number of dead files - instead, we
	explicitly unlink the leases file when a network is undefined.

	Note that Ubuntu carries a patch against an older version of libvirt for this:

	hhttps://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/713071
	ttp://bazaar.launchpad.net/~serge-hallyn/ubuntu/maverick/libvirt/bugall/revision/109

	I was certain I'd also seen discussion of this on libvir-list or
	libvirt-users, but couldn't find it.

	network driver: Fix indentation from previous commit
	The previous commit put a large portion of networkBuildDnsmasqArgv
	inside an if { } block. This readjusts the indentation.

	network driver: Start dnsmasq even if no dhcp ranges/hosts are specified.
	This fixes a regression introduced in commit ad48df, and reported on
	the libvirt-users list:

	  https://www.redhat.com/archives/libvirt-users/2011-March/msg00018.html

	The problem in that commit was that we began searching a list of ip
	address definitions (rather than just having one) to look for a dhcp
	range or static host; when we didn't find any, our pointer (ipdef) was
	left at NULL, and when ipdef was NULL, we returned without starting up
	dnsmasq.

	Previously dnsmasq was started even without any dhcp ranges or static
	entries, because it's still useful for DNS services.

	Another problem I noticed while investigating was that, if there are
	IPv6 addresses, but no IPv4 addresses of any kind, we would jump out
	at an ever higher level in the call chain.

	This patch does the following:

	1) networkBuildDnsmasqArgv() = all uses of ipdef are protected from
	   NULL dereference. (this patch doesn't change indentation, to make
	   review easier. The next patch will change just the
	   indentation). ipdef is intended to point to the first IPv4 address
	   with DHCP info (or the first IPv4 address if none of them have any
	   dhcp info).

	2) networkStartDhcpDaemon() = if the loop looking for an ipdef with
	   DHCP info comes up empty, we then grab the first IPv4 def from the
	   list. Also, instead of returning if there are no IPv4 defs, we just
	   return if there are no IP defs at all (either v4 or v6). This way a
	   network that is IPv6-only will still get dnsmasq listening for DNS
	   queries.

	3) in networkStartNetworkDaemon() - we will startup dhcp not just if there
	   are any IPv4 addresses, but also if there are any IPv6 addresses.

2011-03-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	Don't use INT64_MAX in libvirt.h because it requires stdint.h
	VIR_DOMAIN_MEMORY_PARAM_UNLIMITED uses INT64_MAX but stdint.h
	was not and should not be included. Therefore, libvirt.h was
	not self-contained.

	Instead of including stdint.h specify the value directly.

2011-03-12  Philipp Hahn  <hahn@univention.de>

	libvirt-guest.init: handle domain name with spaces
	awk splits the line on consecutive spaces, which breaks getting the name
	of a domain whose name contains spaces. Use sed instead to strip the
	"Name:" prefix from the line

	domain.rng vs. formatdomain.html#elementsUSB
	The Relax-NG schema for domains regarding <hostdev> doesn't match what's
	implemented in src/conf/domain_conf.c#virDomainHostdevDefFormat(): The
	implementation only requires @type, but the schema currently either
	required none or all three attributes (@mode, @type, and @managed) to be
	defined together, because they are declared in the same
	<optional)-section. (@managed is currently even undocumented on
	<http://libvirt.org/formatdomain.html#elementsUSB>).

	Thus the following minimal <hostdev>-example fails to validate:
	<domain type='test'>
	        <name>N</name>
	        <memory>4096</memory>
	        <bootloader>/bin/false</bootloader>
	        <os>
	                <type arch='x86_64' machine='xenpv'>linux</type>
	        </os>
	        <devices>
	                <hostdev type='pci'>
	                        <source>
	                                <address bus='0x06' slot='0x00' function='0x0'/>
	                        </source>
	                </hostdev>
	        </devices>
	</domain>

	The schema is changed to match the current implementation:
	1. @mode is optional (which defaults to 'subsystem')
	2. @type is required
	3. @managed is optional (which defaults to 'no')

	The documentation is updated to mention @managed.

2011-03-12  Eric Blake  <eblake@redhat.com>

	qemu: fix -global argument usage
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Pass two
	separate arguments, and fix indentation.

	docs: fix missing </p>
	* docs/formatdomain.html.in: Fix typo in last patch.
	Reported by Matthias Bolte.

2011-03-12  Philipp Hahn  <hahn@univention.de>

	Ignore backing file errors in FS storage pool
	Currently a single storage volume with a broken backing file will disable the
	whole storage pool. This can happen when the backing file is on some
	unavailable network storage or if the backing volume is deleted, while the
	storage volumes using it remain.
	Since the storage pool can not be re-activated, re-creating the missing
	or deleting the now useless volumes using libvirt only is not possible.

	Fixing this is a little bit tricky:
	1. virStorageBackendProbeTarget() only detects the missing backing file,
	   if the backing file format is not explicitly specified. If the
	   backing file is created using
		   kvm-img create -f qcow2 -o backing_fmt=qcow2,backing_file=... ...
	   no error is detected at this stage.
	   The new return code -3 signals that the backing file could not be
	   opened.
	2. The backingStore.format must be >= 0, since values < 0 would break
	   virStorageVolTargetDefFormat() when dumping the XML data such as
	       <format type='...'/>
	   Because of this the format is faked as VIR_STORAGE_FILE_RAW.
	3. virStorageBackendUpdateVolTargetInfo() always opens the backing file
	   and thus always detects a missing backing file.
	   Since it "only" updates the capacity, allocation, owner, group, mode
	   and SELinux label, just ignore errors at this stage, print an error
	   message and continue.
	4. Using vol-dump on a broken volume still doesn't work, but at least
	   vol-destroy and pool-refresh do work now.

	To reproduce:
	  dir=$(mktemp -d)
	  virsh pool-create-as tmp dir '' '' '' '' "$dir"
	  virsh vol-create-as --format qcow2 tmp back 1G
	  virsh vol-create-as --format qcow2 --backing-vol-format qcow2 --backing-vol back tmp cow 1G
	  virsh vol-delete --pool tmp back
	  virsh pool-refresh tmp
	After the last step, the pool will be gone (because it was not persistent). As
	long as the now broken image stays in the directory, you will not be able to
	re-create or re-start the pool.

2011-03-12  Gerhard Stenzel  <gstenzel@linux.vnet.ibm.com>

	documenting the 802.1Qbg parameters of a 'direct' interface
	This patchs adds documentation about the 802.1Qbg related parameters
	of the virtualport element in a 'direct' interface definition.

2011-03-11  Gui Jianfeng  <guijianfeng@cn.fujitsu.com>

	remote-protocol: implement new BlkioParameters API
	Remote protocol implementation of virDomainSetBlkioParameters and virDomainGetBlkioParameters.

	virsh: Adding blkiotune command to virsh tool
	Adding blkiotune command to virsh tool

	qemu: implement new BlkioParameters API
	Implement domainSetBlkioParameters and domainGetBlkioParameters for QEmu

	libvirt: implements virDomain{Get,Set}BlkioParameters
	Implements virDomainSetBlkioParameters and virDomainGetBlkioParameters and initialization

	libvirt: add virDomain{Get,Set}BlkioParameters
	Add virDomainSetBlkioParameters virDomainGetBlkioParameters

2011-03-11  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	setmem: add the new options to "virsh setmem" command
	This patch adds the new options (--live and --config)  to "virsh setmem" command.
	The behavior of above options is the same as that of "virsh setvcpus" and so on.
	That is, when the --config option is specified, a modification is effective for
	the persistent domain. Moreover we can modify the memory size of inactive domains
	as well as that of active domains.

	setmem: implement the remote protocol to address the new API
	This patch implements the remote protocol to address the new API.

	setmem: implement the code to address the new API in the qemu driver
	This patch implements the code to address the new API
	in the qemu driver.

	setmem: introduce a new libvirt API (virDomainSetMemoryFlags)
	This patch introduces a new libvirt API (virDomainSetMemoryFlags) and
	a flag (virDomainMemoryModFlags).

2011-03-11  Guido Günther  <agx@sigxcpu.org>

	Make sure we reset the umask on the error path

2011-03-10  Eric Blake  <eblake@redhat.com>

	audit: audit use of /dev/net/tun, /dev/tapN, /dev/vhost-net
	Opening raw network devices with the intent of passing those fds to
	qemu is worth an audit point.  This makes a multi-part audit: first,
	we audit the device(s) that libvirt opens on behalf of the MAC address
	of a to-be-created interface (which can independently succeed or
	fail), then we audit whether qemu actually started the network device
	with the same MAC (so searching backwards for successful audits with
	the same MAC will show which fd(s) qemu is actually using).  Note that
	it is possible for the fd to be successfully opened but no attempt
	made to pass the fd to qemu (for example, because intermediate
	nwfilter operations failed) - no interface start audit will occur in
	that case; so the audit for a successful opened fd does not imply
	rights given to qemu unless there is a followup audit about the
	attempt to start a new interface.

	Likewise, when a network device is hot-unplugged, there is only one
	audit message about the MAC being discontinued; again, searching back
	to the earlier device open audits will show which fds that qemu quits
	using (and yes, I checked via /proc/<qemu-pid>/fd that qemu _does_
	close out the fds associated with an interface on hot-unplug).  The
	code would require much more refactoring to be able to definitively
	state which device(s) were discontinued at that point, since we
	currently don't record anywhere in the XML whether /dev/vhost-net was
	opened for a given interface.

	* src/qemu/qemu_audit.h (qemuAuditNetDevice): New prototype.
	* src/qemu/qemu_audit.c (qemuAuditNetDevice): New function.
	* src/qemu/qemu_command.h (qemuNetworkIfaceConnect)
	(qemuPhysIfaceConnect, qemuOpenVhostNet): Adjust prototype.
	* src/qemu/qemu_command.c (qemuNetworkIfaceConnect)
	(qemuPhysIfaceConnect, qemuOpenVhostNet): Add audit points and
	adjust parameters.
	(qemuBuildCommandLine): Adjust caller.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.

	qemu: don't request cgroup ACL access for /dev/net/tun
	Since libvirt always passes /dev/net/tun to qemu via fd, we should
	never trigger the cases where qemu tries to directly open the
	device.  Therefore, it is safer to deny the cgroup device ACL.

	* src/qemu/qemu_cgroup.c (defaultDeviceACL): Remove /dev/net/tun.
	* src/qemu/qemu.conf (cgroup_device_acl): Reflect this change.

	qemu: support vhost in attach-interface
	* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Honor vhost
	designations, similar to qemu_command code paths.
	* src/qemu/qemu_command.h (qemuOpenVhostNet): New prototype.
	* src/qemu/qemu_command.c (qemuOpenVhostNet): Export.

2011-03-10  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Stop guest CPUs before creating a snapshot

	qemu: Refactor qemuDomainSnapshotCreateXML

	qemu: Escape snapshot name passed to {save,load,del}vm

	qemu: Fallback to HMP for snapshot commands
	qemu driver in libvirt gained support for creating domain snapshots
	almost a year ago in libvirt 0.8.0. Since then we enabled QMP support
	for qemu >= 0.13.0 but QMP equivalents of {save,load,del}vm commands are
	not implemented in current qemu (0.14.0) so the domain snapshot support
	is not very useful.

	This patch detects when the appropriate QMP command is not implemented
	and tries to use human-monitor-command (aka HMP passthrough) to run
	it's HMP equivalent.

	qemu: Rename qemuMonitorCommandWithHandler as qemuMonitorText*
	To make it more obvious that it is only used for text monitor. The
	naming also matches the style of qemuMonitorTextCommandWithFd.

	qemu: Rename qemuMonitorCommand{,WithFd} as qemuMonitorHMP*
	So that it's obvious that they are supposed to be used with HMP commands.

	qemu: Setup infrastructure for HMP passthrough
	JSON monitor command implementation can now just directly call text
	monitor implementation and it will be automatically encapsulated into
	QMP's human-monitor-command.

	qemu: Fix warnings in event handlers
	Some qemu monitor event handlers were issuing inadequate warning when
	virDomainSaveStatus() failed. They copied the message from I/O error
	handler without customizing it to provide better information on why
	virDomainSaveStatus() was called.

2011-03-10  Osier Yang  <jyang@redhat.com>

	storage: Update qemu-img flag checking
	For newer qemu-img, the help string for "backing file format" is
	"[-F backing_fmt]".

	Fix the wrong logic error by commit e997c268.

	* src/storage/storage_backend.c

	qemu: Replace deprecated option of qemu-img
	qemu-img silently disable "-e", so we can't use it for volume
	encryption anymore, change it into "-o encryption=on" if qemu
	supports "-o" option.

2011-03-10  Eric Blake  <eblake@redhat.com>

	audit: also audit cgroup ACL permissions
	* src/qemu/qemu_audit.h (qemuAuditCgroupMajor)
	(qemuAuditCgroupPath): Add parameter.
	* src/qemu/qemu_audit.c (qemuAuditCgroupMajor)
	(qemuAuditCgroupPath): Add 'acl=rwm' to cgroup audit entries.
	* src/qemu/qemu_cgroup.c: Update clients.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Likewise.

	cgroup: allow fine-tuning of device ACL permissions
	Adding audit points showed that we were granting too much privilege
	to qemu; it should not need any mknod rights to recreate any
	devices.  On the other hand, lxc should have all device privileges.
	The solution is adding a flag parameter.

	This also lets us restrict write access to read-only disks.

	* src/util/cgroup.h (virCgroup*Device*): Adjust prototypes.
	* src/util/cgroup.c (virCgroupAllowDevice)
	(virCgroupAllowDeviceMajor, virCgroupAllowDevicePath)
	(virCgroupDenyDevice, virCgroupDenyDeviceMajor)
	(virCgroupDenyDevicePath): Add parameter.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Update clients.
	* src/lxc/lxc_controller.c (lxcSetContainerResources): Likewise.
	* src/qemu/qemu_cgroup.c: Likewise.
	(qemuSetupDiskPathAllow): Also, honor read-only disks.

	audit: rename remaining qemu audit functions
	Also add ATTRIBUTE_NONNULL markers.

	* src/qemu/qemu_audit.h: The pattern qemuDomainXXXAudit is
	inconsistent; prefer qemuAuditXXX instead.
	* src/qemu/qemu_audit.c: Reflect the renames.
	* src/qemu/qemu_driver.c: Likewise.
	* src/qemu/qemu_hotplug.c: Likewise.
	* src/qemu/qemu_migration.c: Likewise.
	* src/qemu/qemu_process.c: Likewise.

	audit: also audit cgroup controller path
	Although the cgroup device ACL controller path can be worked out
	by researching the code, it is more efficient to include that
	information directly in the audit message.

	* src/util/cgroup.h (virCgroupPathOfController): New prototype.
	* src/util/cgroup.c (virCgroupPathOfController): Export.
	* src/libvirt_private.syms: Likewise.
	* src/qemu/qemu_audit.c (qemuAuditCgroup): Use it.

	audit: split cgroup audit types to allow more information
	Device names can be manipulated, so it is better to also log
	the major/minor device number corresponding to the cgroup ACL
	changes that libvirt made.  This required some refactoring
	of the relatively new qemu cgroup audit code.

	Also, qemuSetupChardevCgroup was only auditing on failure, not success.

	* src/qemu/qemu_audit.h (qemuDomainCgroupAudit): Delete.
	(qemuAuditCgroup, qemuAuditCgroupMajor, qemuAuditCgroupPath): New
	prototypes.
	* src/qemu/qemu_audit.c (qemuDomainCgroupAudit): Rename...
	(qemuAuditCgroup): ...and drop a parameter.
	(qemuAuditCgroupMajor, qemuAuditCgroupPath): New functions, to
	allow listing device major/minor in audit.
	(qemuAuditGetRdev): New helper function.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Adjust callers.
	* src/qemu/qemu_cgroup.c (qemuSetupDiskPathAllow)
	(qemuSetupHostUsbDeviceCgroup, qemuSetupCgroup)
	(qemuTeardownDiskPathDeny): Likewise.
	(qemuSetupChardevCgroup): Likewise, fixing missing audit.

2011-03-09  Eric Blake  <eblake@redhat.com>

	audit: tweak audit messages to match conventions
	* src/qemu/qemu_audit.c (qemuDomainHostdevAudit): Avoid use of
	"type", which has a pre-defined meaning.
	(qemuDomainCgroupAudit): Likewise, as well as "item".

	docs: silence warnings about generated API docs
	I noticed these while testing 'make dist'.

	Parsing ./../src/util/event.c
	Function comment for virEventRegisterDefaultImpl lacks description of return value
	Function comment for virEventRunDefaultImpl lacks description of return value
	Parsing ./../src/util/virterror.c
	Missing comment for function virSetErrorLogPriorityFunc

	* src/util/event.c (virEventRegisterDefaultImpl)
	(virEventRunDefaultImpl): Document return types.
	* src/util/virterror.c (virSetErrorLogPriorityFunc): Provide docs.

	docs: document <driver name='vhost'/> for interfaces
	* docs/formatdomain.html.in: Document virtio backend selection.

2011-03-09  Guido Günther  <agx@sigxcpu.org>

	Make sure the rundir is accessible by the user
	otherwise the user might not have enough permissions to access the
	socket if root's umask is 077.

	http://bugs.debian.org/614210

2011-03-09  Cole Robinson  <crobinso@redhat.com>

	Don't overwrite virRun error messages
	virRun gives pretty useful error output, let's not overwrite it unless there
	is a good reason. Some places were providing more information about what
	the commands were _attempting_ to do, however that's usually less useful from
	a debugging POV than what actually happened.

2011-03-09  Guido Günther  <agx@sigxcpu.org>

	libvirtd: Remove indirect linking
	as described at
	http://wiki.debian.org/ToolChain/DSOLinking
	https://fedoraproject.org/wiki/UnderstandingDSOLinkChange

	otherwise the build fails on current Debian unstable with:

	CCLD   libvirtd
	/usr/bin/ld: ../src/.libs/libvirt_driver_lxc.a(libvirt_driver_lxc_la-lxc_container.o): undefined reference to symbol 'capng_apply'
	/usr/bin/ld: note: 'capng_apply' is defined in DSO //usr/lib/libcap-ng.so.0 so try adding it to the linker command line

	CCLD   libvirtd
	/usr/bin/ld: ../src/.libs/libvirt_driver_storage.a(libvirt_driver_storage_la-storage_backend.o): undefined reference to symbol 'fgetfilecon'
	/usr/bin/ld: note: 'fgetfilecon' is defined in DSO //lib/libselinux.so.1 so try adding it to the linker command line
	//lib/libselinux.so.1: could not read symbols: Invalid operation

	and similar errors.

2011-03-09  Hu Tao  <hutao@cn.fujitsu.com>

	Fix a wrong error message thrown to user
	* src/qemu/qemu_driver.c: qemuDomainUpdateDeviceFlags() is not disk
	  specific as the message suggests

2011-03-09  Eric Blake  <eblake@redhat.com>

	build: avoid compiler warning on cygwin
	On cygwin:

	  CC       libvirt_driver_security_la-security_dac.lo
	security/security_dac.c: In function 'virSecurityDACSetProcessLabel':
	security/security_dac.c:618: warning: format '%d' expects type 'int', but argument 7 has type 'uid_t' [-Wformat]

	We've done this before (see src/util/util.c).

	* src/security/security_dac.c (virSecurityDACSetProcessLabel): On
	cygwin, uid_t is a 32-bit long.

	build: fix build on cygwin
	On cygwin:

	  CC        libvirt_util_la-cgroup.lo
	util/cgroup.c: In function 'virCgroupKillRecursiveInternal':
	util/cgroup.c:1458: warning: implicit declaration of function 'virCgroupNew' [-Wimplicit-function-declaration]

	* src/util/cgroup.c (virCgroupKill): Don't build on platforms
	where virCgroupNew is unsupported.

2011-03-09  Wen Congyang  <wency@cn.fujitsu.com>

	build: fix building error when building without libvirtd
	When building libvirt without libvirtd, I receive the following errors:
	make[1]: Leaving directory `/home/wency/source/test/libvirt/src'
	 (cd daemon && make  top_distdir=../libvirt-0.8.8 distdir=../libvirt-0.8.8/daemon \
	     am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)
	make[1]: Entering directory `/home/wency/source/test/libvirt/daemon'
	make[1]: *** No rule to make target `libvirtd.8.in', needed by `distdir'.  Stop.

	This bug was caused by commit 6db98a2d.

2011-03-09  Eric Blake  <eblake@redhat.com>

	docs: correct range of default NAT subnet
	* docs/formatdomain.html.in: Fix typo.

2011-03-09  Guido Günther  <agx@sigxcpu.org>

	virsh: Remove indirect link against libxml2
	as described at
	http://wiki.debian.org/ToolChain/DSOLinking
	https://fedoraproject.org/wiki/UnderstandingDSOLinkChange

	otherwise the build fails on current Debian unstable with:

	CCLD   virsh
	/usr/bin/ld: virsh-virsh.o: undefined reference to symbol 'xmlSaveTree@@LIBXML2_2.6.8'
	/usr/bin/ld: note: 'xmlSaveTree@@LIBXML2_2.6.8' is defined in DSO //usr/lib/libxml2.so.2 so try adding it to the linker command line
	//usr/lib/libxml2.so.2: could not read symbols: Invalid operation

2011-03-09  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Change option parsing functions to return tri-state information
	This is needed to detect situations when optional argument was
	specified with non-integer value: '--int-opt foo'. To keep functions
	uniform vshCommandOptString function was also changed, because it
	returns tri-state value as well. Given result pointer is updated only
	in case of success. If parsing fails, result is not updated at all.

	virsh: change vshCommandOptString return type and fix const-correctness
	This function should return pointer to const, because we don't want
	to change command option value. Therefore we can ensure const-correctness.

2011-03-09  Cole Robinson  <crobinso@redhat.com>

	docs/formatdomain: Add release info for disk <driver> attributes

2011-03-08  Daniel Veillard  <veillard@redhat.com>

	Fix build on cygwin
	Apparently some signals found on Unix are not exposed, this led
	to a compilation failure
	* src/util/logging.c: make code related to each signal dependant
	  upon the definition of that signal

2011-03-08  Wen Congyang  <wency@cn.fujitsu.com>

	support to detach USB disk

	rename qemuDomainDetachSCSIDiskDevice to qemuDomainDetachDiskDevice
	The way to detach a USB disk is the same as that to detach a SCSI
	disk. Rename this function and we can use it to detach a USB disk.

2011-03-08  Cole Robinson  <crobinso@redhat.com>

	qemu_hotplug: Reword error if spice password change not available
	Currently it sounds like spice is completely unsupported, which is
	confusing.

2011-03-08  Wen Congyang  <wency@cn.fujitsu.com>

	unlock eventLoop before calling callback function
	When I use newest libvirt to save a domain, libvirtd will be deadlock.
	Here is the output of gdb:
	(gdb) thread 3
	[Switching to thread 3 (Thread 0x7f972a1fc710 (LWP 30265))]#0  0x000000351fe0e034 in __lll_lock_wait () from /lib64/libpthread.so.0
	(gdb) bt
	    at qemu/qemu_driver.c:2074
	    ret=0x7f972a1fbbe0) at remote.c:2273
	(gdb) thread 7
	[Switching to thread 7 (Thread 0x7f9730bcd710 (LWP 30261))]#0  0x000000351fe0e034 in __lll_lock_wait () from /lib64/libpthread.so.0
	(gdb) bt
	(gdb) p *(virMutexPtr)0x6fdd60
	$2 = {lock = {__data = {__lock = 2, __count = 0, __owner = 30261, __nusers = 1, __kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 0x0}},
	    __size = "\002\000\000\000\000\000\000\000\065v\000\000\001", '\000' <repeats 26 times>, __align = 2}}
	(gdb) p *(virMutexPtr)0x1a63ac0
	$3 = {lock = {__data = {__lock = 2, __count = 0, __owner = 30265, __nusers = 1, __kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 0x0}},
	    __size = "\002\000\000\000\000\000\000\000\071v\000\000\001", '\000' <repeats 26 times>, __align = 2}}
	(gdb) info threads
	  7 Thread 0x7f9730bcd710 (LWP 30261)  0x000000351fe0e034 in __lll_lock_wait () from /lib64/libpthread.so.0
	  6 Thread 0x7f972bfff710 (LWP 30262)  0x000000351fe0b43c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
	  5 Thread 0x7f972b5fe710 (LWP 30263)  0x000000351fe0b43c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
	  4 Thread 0x7f972abfd710 (LWP 30264)  0x000000351fe0b43c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
	* 3 Thread 0x7f972a1fc710 (LWP 30265)  0x000000351fe0e034 in __lll_lock_wait () from /lib64/libpthread.so.0
	  2 Thread 0x7f97297fb710 (LWP 30266)  0x000000351fe0b43c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
	  1 Thread 0x7f9737aac800 (LWP 30260)  0x000000351fe0803d in pthread_join () from /lib64/libpthread.so.0

	The reason is that we will try to lock some object in callback function, and we may call event API with locking the same object.
	In the function virEventDispatchHandles(), we unlock eventLoop before calling callback function. I think we should
	do the same thing in the function virEventCleanupTimeouts() and virEventCleanupHandles().

2011-03-07  Daniel P. Berrange  <berrange@redhat.com>

	Expose event loop implementation as a public API
	Not all applications have an existing event loop they need
	to integrate with. Forcing them to implement the libvirt
	event loop integration APIs is an undue burden. This just
	exposes our simple poll() based implementation for apps
	to use. So instead of calling

	   virEventRegister(....callbacks...)

	The app would call

	   virEventRegisterDefaultImpl()

	And then have a thread somewhere calling

	    static bool quit = false;
	    ....
	    while (!quit)
	      virEventRunDefaultImpl()

	* daemon/libvirtd.c, tools/console.c,
	  tools/virsh.c: Convert to public event loop APIs
	* include/libvirt/libvirt.h.in, src/libvirt_private.syms: Add
	  virEventRegisterDefaultImpl and virEventRunDefaultImpl
	* src/util/event.c: Implement virEventRegisterDefaultImpl
	  and virEventRunDefaultImpl using poll() event loop
	* src/util/event_poll.c: Add full error reporting
	* src/util/virterror.c, include/libvirt/virterror.h: Add
	  VIR_FROM_EVENTS

	Move event code out of the daemon/ into src/util/
	The event loop implementation is used by more than just the
	daemon, so move it into the shared area.

	* daemon/event.c, src/util/event_poll.c: Renamed
	* daemon/event.h, src/util/event_poll.h: Renamed
	* tools/Makefile.am, tools/console.c, tools/virsh.c: Update
	  to use new virEventPoll APIs
	* daemon/mdns.c, daemon/mdns.c, daemon/Makefile.am: Update
	  to use new virEventPoll APIs

	Convert daemon/virsh over to use primary event APIs, rather than impl
	The daemon code calls virEventAddHandleImpl directly instead
	of calling the wrapper virEventAddHandle.

	* tools/console.c, daemon/libvirtd.c, daemon/mdns.c: Convert to
	  use primary event APIs

2011-03-07  Daniel Veillard  <veillard@redhat.com>

	Cleaning up some of the logging code
	* src/util/logging.c: fix virLogDumpAllFD() to avoid snprintf, simplify
	  the code and provide more useful signal descriptions. Also remove an
	  unused variable.

2011-03-06  Osier Yang  <jyang@redhat.com>

	qemu: Support vram for video of qxl type
	For qemu names the primary vga as "qxl-vga":

	  1) if vram is specified for 2nd qxl device:

	    -vga qxl -global qxl-vga.vram_size=$SIZE \
	    -device qxl,id=video1,vram_size=$SIZE,...

	  2) if vram is not specified for 2nd qxl device, (use the default
	     set by global):

	    -vga qxl -global qxl-vga.vram_size=$SIZE \
	    -device qxl,id=video1,...

	For qemu names all qxl devices as "qxl":

	  1) if vram is specified for 2nd qxl device:

	    -vga qxl -global qxl.vram_size=$SIZE \
	    -device qxl,id=video1,vram_size=$SIZE ...

	  2) if vram is not specified for 2nd qxl device:

	    -vga qxl -global qxl-vga.vram_size=$SIZE \
	    -device qxl,id=video1,...

	"-global" is the only way to define vram_size for the primary qxl
	device, regardless of how qemu names it, (It's not good a good
	way, as original idea of "-global" is to set a global default for
	a driver property, but to specify vram for first qxl device, we
	have to use it).

	For other qxl devices, as they are represented by "-device", could
	specify it directly and seperately for each, and it overrides the
	default set by "-global" if specified.

	v1 - v2:
	  * modify "virDomainVideoDefaultRAM" so that it returns 16M as the
	    default vram_size for qxl device.

	  * vram_size * 1024 (qemu accepts bytes for vram_size).

	  * apply default vram_size for qxl device for which vram_size is
	    not specified.

	  * modify "graphics-spice" tests (more sensiable vram_size)

	  * Add an argument of virDomainDefPtr type for qemuBuildVideoDevStr,
	    to use virDomainVideoDefaultRAM in qemuBuildVideoDevStr).

	v2 - v3:
	  * Modify default video memory size for qxl device from 16M to 24M

	  * Update codes to be consistent with changes on qemu_capabilities.*

2011-03-05  Phil Petty  <phpetty@cisco.com>

	fixes for several memory leaks

2011-03-04  Daniel Veillard  <veillard@redhat.com>

	Dump the debug buffer to libvirtd.log on fatal signal
	In case of imminent crash or upon request (signal USR2),
	dump the logging buffer to the libvirtd.log file for
	post-mortem analysis
	* daemon/libvirtd.c: create a sig_fatal() handler connected to
	  SIGFPE SIGSEGV SIGILL SIGABRT SIGBUS and SIGUSR2, just dumping
	  the log buffer using virLogEmergencyDumpAll

	Add an an internal API for emergency dump of debug buffer
	virLogEmergencyDumpAll() allows to dump the content of the
	debug buffer from within a signal handler. It saves to all
	log file or stderr if none is found
	* src/util/logging.h src/util/logging.c: add the new API
	  and cleanup the old virLogDump code
	* src/libvirt_private.syms: exports it as a private symbol

	Fix a counter bug in the log buffer
	* src/util/logging.c: the start pointer need to wrap around too

	Add logrotate support for libvirtd.log
	As the file may grow quite a bit especially with debug turned on.
	* daemon/libvirtd.logrotate.in daemon/Makefile.am libvirt.spec.in:
	  add new logrotate file for the daemon log

	Change default log policy to libvirtd.log instead of syslog
	Syslog is not the best place to go search for libvirt error
	logs, change it to a default file output libvirtd.log, but
	still keep standard error if not run as a daemon.
	Depending on whether it's run as root or user, the log is saved
	in the local state dir or in $HOME/.libvirt.
	* daemon/libvirtd.c: change default logging to go to libvirtd.log

	Force all logs to go to the round robbin memory buffer
	Initially only the log actually written out by libvirt were
	saved on the memory buffer, this patch forces all informations
	including info and debug to be saved in memory too. This is
	useful to get full data in case of crash.

2011-03-04  Laine Stump  <laine@laine.org>

	qemu: avoid corruption of domain hashtable and misuse of freed domains
	This was also found while investigating

	   https://bugzilla.redhat.com/show_bug.cgi?id=670848

	An EOF on a domain's monitor socket results in an event being queued
	to handle the EOF. The handler calls qemuProcessHandleMonitorEOF. If
	it is a transient domain, this leads to a call to
	virDomainRemoveInactive, which removes the domain from the driver's
	hashtable and unref's it. Nowhere in this code is the qemu driver lock
	acquired.

	However, all modifications to the driver's domain hashtable *must* be
	done while holding the driver lock, otherwise the hashtable can become
	corrupt, and (even more likely) another thread could call a different
	hashtable function and acquire a pointer to the domain that is in the
	process of being destroyed.

	To prevent such a disaster, qemuProcessHandleMonitorEOF must get the
	qemu driver lock *before* it gets the DomainObj's lock, and hold it
	until it is finished with the DomainObj. This guarantees that nobody
	else modifies the hashtable at the same time, and that anyone who had
	already gotten the DomainObj from the hashtable prior to this call has
	finished with it before we remove/destroy it.

	qemu: Add missing lock of virDomainObj before calling virDomainUnref
	This was found while researching the root cause of:

	https://bugzilla.redhat.com/show_bug.cgi?id=670848

	virDomainUnref should only be called with the lock held for the
	virDomainObj in question. However, when a transient qemu domain gets
	EOF on its monitor socket, it queues an event which frees the monitor,
	which unref's the virDomainObj without first locking it. If another
	thread has already locked the virDomainObj, the modification of the
	refcount could potentially be corrupted. In an extreme case, it could
	also be potentially unlocked by virDomainObjFree, thus left open to
	modification by anyone else who would have otherwise waited for the
	lock (not to mention the fact that they would be accessing freed
	data!).

	The solution is to have qemuMonitorFree lock the domain object right
	before unrefing it. Since the caller to qemuMonitorFree doesn't expect
	this lock to be held, if the refcount doesn't go all the way to 0,
	qemuMonitorFree must unlock it after the unref.

2011-03-04  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	AUTHORS: adjust to preferred spelling
	maybe sounds strange but I've used this signature for years.
	see http://en.wikipedia.org/wiki/Family_name

2011-03-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Escape password for XML
	Passwords are allowed to contain <, >, &, ', " characters.
	Those need to be replaced by the corresponding entities.

	Reported by Hereward Cooper.

2011-03-03  Eric Blake  <eblake@redhat.com>

	util: correct retry path in virFileOperation
	In virFileOperation, the parent does a fallback to a non-fork
	attempt if it detects that the child returned EACCES.  However,
	the child was calling _exit(-EACCES), which does _not_ appear
	as EACCES in the parent.

	* src/util/util.c (virFileOperation): Correctly pass EACCES from
	child to parent.

2011-03-03  Soren Hansen  <soren@linux2go.dk>

	Pass virSecurityManagerPtr to virSecurityDAC{Set, Restore}ChardevCallback
	virSecurityDAC{Set,Restore}ChardevCallback expect virSecurityManagerPtr,
	but are passed virDomainObjPtr instead. This makes
	virSecurityDACSetChardevLabel set a wrong uid/gid on chardevs. This
	patch fixes this behaviour.

2011-03-03  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	* .gnulib: Update to latest, for syntax-check improvement.
	* .x-sc_prohibit_empty_lines_at_EOF: Add more exemptions.

	maint: avoid long lines in more tests
	* tests/xml2sexprdata/*.sexpr: Add backslash-newlines.
	* tests/sexpr2xmldata/*.sexpr: Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-aio.args: Likewise.

2011-03-03  Jiri Denemark  <jdenemar@redhat.com>

	util: Allow removing hash entries in virHashForEach
	This fixes a possible crash of libvirtd during its startup. When qemu
	driver reconnects to running domains, it iterates over all domain
	objects in a hash. When reconnecting to an associated qemu monitor
	fails and the domain is transient, it's immediately removed from the
	hash. Despite the fact that it's explicitly forbidden to do so. If
	libvirtd is lucky enough, virHashForEach will access random memory when
	the callback finishes and the deamon will crash.

	Since it's trivial to fix virHashForEach to allow removal of hash
	entries while iterating through them, I went this way instead of fixing
	qemuReconnectDomain callback (and possibly others) to avoid deleting the
	entries.

2011-03-03  Daniel P. Berrange  <berrange@redhat.com>

	Attempt to improve an error message
	Replace the 'Unknown failure' error message with something a
	little bit more descriptive.

	* src/util/virterror.c: Improve error message

2011-03-02  Eric Blake  <eblake@redhat.com>

	qemu: avoid double close on domain restore
	qemudDomainSaveImageStartVM was evil - it closed the incoming fd
	argument on some, but not all, code paths, without informing the
	caller about that action.  No wonder that this resulted in
	double-closes: https://bugzilla.redhat.com/show_bug.cgi?id=672725

	* src/qemu/qemu_driver.c (qemudDomainSaveImageStartVM): Alter
	signature, to avoid double-close.
	(qemudDomainRestore, qemudDomainObjRestore): Update callers.

2011-03-02  Daniel P. Berrange  <berrange@redhat.com>

	add additional event debug points
	Followup to commit 2222bd24

2011-03-01  Eric Blake  <eblake@redhat.com>

	qemu: only request sound cgroup ACL when required
	When a SPICE or VNC graphics controller is present, and sound is
	piggybacked over a channel to the graphics device rather than
	directly accessing host hardware, then there is no need to grant
	host hardware access to that qemu process.

	* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Prevent sound with
	spice, and with vnc when vnc_allow_host_audio is 0.
	Reported by Daniel Berrange.

2011-02-28  Daniel P. Berrange  <berrange@redhat.com>

	Add check for kill() to fix build of cgroups on win32
	The kill() function doesn't exist on Win32, so it needs to be
	checked for at build time & code disabled in cgroups

	* configure.ac: Check for kill()
	* src/util/cgroup.c: Stub out virCGroupKill* functions
	  when kill() isn't available

2011-02-26  Michal Novotny  <minovotn@redhat.com>

	Add support for multiple serial ports into the Xen driver
	this is the patch to add support for multiple serial ports to the
	libvirt Xen driver. It support both old style (serial = "pty") and
	new style (serial = [ "/dev/ttyS0", "/dev/ttyS1" ]) definition and
	tests for xml2sexpr, sexpr2xml and xmconfig have been added as well.

	Written and tested on RHEL-5 Xen dom0 and working as designed but
	the Xen version have to have patch for RHBZ #614004 but this patch
	is for upstream version of libvirt.

	Also, this patch is addressing issue described in RHBZ #670789.

	Fix port value parsing for serial and parallel ports
	this is the patch to fix the virDomainChrDefParseTargetXML() functionality
	to parse the target port from XML if available. This is necessary for
	multiple serial port support which is the second part of this patch.

2011-02-25  Daniel P. Berrange  <berrange@redhat.com>

	Add APIs for killing off processes inside a cgroup
	The virCgroupKill method kills all PIDs found in a cgroup

	The virCgroupKillRecursively method does this recursively
	for child cgroups.

	The virCgroupKillPainfully method does a recursive kill
	several times in a row until everything has really died

	Allow hash tables to use generic pointers as keys
	Relax the restriction that the hash table key must be a string
	by allowing an arbitrary hash code generator + comparison func
	to be provided

	* util/hash.c, util/hash.h: Allow any pointer as a key
	* internal.h: Include stdbool.h as standard.
	* conf/domain_conf.c, conf/domain_conf.c,
	  conf/nwfilter_params.c, nwfilter/nwfilter_gentech_driver.c,
	  nwfilter/nwfilter_gentech_driver.h, nwfilter/nwfilter_learnipaddr.c,
	  qemu/qemu_command.c, qemu/qemu_driver.c,
	  qemu/qemu_process.c, uml/uml_driver.c,
	  xen/xm_internal.c: s/char */void */ in hash callbacks

	Remove deallocator parameter from hash functions
	Since the deallocator is passed into the constructor of
	a hash table it is not desirable to pass it into each
	function again. Remove it from all functions, but provide
	a virHashSteal to allow a item to be removed from a hash
	table without deleteing it.

	* src/util/hash.c, src/util/hash.h: Remove deallocator
	  param from all functions. Add virHashSteal
	* src/libvirt_private.syms: Add virHashSteal
	* src/conf/domain_conf.c, src/conf/nwfilter_params.c,
	  src/nwfilter/nwfilter_learnipaddr.c,
	  src/qemu/qemu_command.c, src/xen/xm_internal.c: Update
	  for changed hash API

	Make commandtest more robust wrt its execution environment
	When executed from cron, commandtest would fail to correctly
	identify daemon processes. Set session ID and process group
	IDs at startup to ensure we have a consistent environment to
	run in.

	* tests/commandtest.c: Call setsid() and setpgid()

2011-02-25  Philipp Hahn  <hahn@univention.de>

	Fix spelling mistake: seek
	Replace wrong "set" by correct "seek" in error message.

2011-02-25  Eric Blake  <eblake@redhat.com>

	audit: audit qemu pci and usb device passthrough
	* src/qemu/qemu_audit.h (qemuDomainHostdevAudit): New prototype.
	* src/qemu/qemu_audit.c (qemuDomainHostdevAudit): New function.
	(qemuDomainStartAudit): Call as appropriate.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachHostPciDevice)
	(qemuDomainAttachHostUsbDevice, qemuDomainDetachHostPciDevice)
	(qemuDomainDetachHostUsbDevice): Likewise.

	audit: audit qemu memory and vcpu adjusments
	* src/qemu/qemu_audit.h (qemuDomainMemoryAudit)
	(qemuDomainVcpuAudit): New prototypes.
	* src/qemu/qemu_audit.c (qemuDomainResourceAudit)
	(qemuDomainMemoryAudit, qemuDomainVcpuAudit): New functions.
	(qemuDomainStartAudit): Call as appropriate.
	* src/qemu/qemu_driver.c (qemudDomainSetMemory)
	(qemudDomainHotplugVcpus): Likewise.

	audit: add qemu hooks for auditing cgroup events
	* src/qemu/qemu_audit.h (qemuDomainCgroupAudit): New prototype.
	* src/qemu/qemu_audit.c (qemuDomainCgroupAudit): Implement it.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Add audit.
	* src/qemu/qemu_cgroup.c (qemuSetupDiskPathAllow)
	(qemuSetupChardevCgroup, qemuSetupHostUsbDeviceCgroup)
	(qemuSetupCgroup, qemuTeardownDiskPathDeny): Likewise.

	audit: prepare qemu for listing vm in cgroup audits
	* src/qemu/qemu_cgroup.h (struct qemuCgroupData): New helper type.
	(qemuSetupDiskPathAllow, qemuSetupChardevCgroup)
	(qemuTeardownDiskPathDeny): Drop unneeded prototypes.
	(qemuSetupDiskCgroup, qemuTeardownDiskCgroup): Adjust prototype.
	* src/qemu/qemu_cgroup.c
	(qemuSetupDiskPathAllow, qemuSetupChardevCgroup)
	(qemuTeardownDiskPathDeny): Mark static and use new type.
	(qemuSetupHostUsbDeviceCgroup): Use new type.
	(qemuSetupDiskCgroup): Alter signature.
	(qemuSetupCgroup): Adjust caller.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachHostUsbDevice)
	(qemuDomainDetachPciDiskDevice, qemuDomainDetachSCSIDiskDevice):
	Likewise.
	* src/qemu/qemu_driver.c (qemudDomainAttachDevice)
	(qemuDomainUpdateDeviceFlags): Likewise.

	cgroup: determine when skipping non-devices
	* src/util/cgroup.c (virCgroupAllowDevicePath)
	(virCgroupDenyDevicePath): Don't fail with EINVAL for
	non-devices.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Update caller.
	* src/qemu/qemu_cgroup.c (qemuSetupDiskPathAllow)
	(qemuSetupChardevCgroup, qemuSetupHostUsbDeviceCgroup)
	(qemuSetupCgroup, qemuTeardownDiskPathDeny): Likewise.

	virExec: avoid uninitialized memory usage
	valgrind warns:

	==21079== Syscall param rt_sigaction(act->sa_mask) points to uninitialised byte(s)
	==21079==    at 0x329840F63E: __libc_sigaction (sigaction.c:67)
	==21079==    by 0x4E5A8E7: __virExec (util.c:661)

	Regression introduced in commit ab07533e.  Technically, sa_mask
	shouldn't affect operation if sa_flags selects sa_handler, and
	sa_handler selects SIG_IGN, but better safe than sorry.

	* src/util/util.c (__virExec): Supply missing sigemptyset.

2011-02-24  Daniel P. Berrange  <berrange@redhat.com>

	Allow 32-on-64 execution for LXC guests
	Using the 'personality(2)' system call, we can make a container
	on an x86_64 host appear to be i686. Likewise for most other
	Linux 64bit arches.

	* src/lxc/lxc_conf.c: Fill in 32bit capabilities for x86_64 hosts
	* src/lxc/lxc_container.h, src/lxc/lxc_container.c: Add API to
	  check if an arch has a 32bit alternative
	* src/lxc/lxc_controller.c: Set the process personality when
	  starting guest

	Put <stdbool.h> into internal.h so it is available everywhere
	Remove the <stdbool.h> header from all source files / headers
	and just put it into internal.h

	* src/internal.h: Add <stdbool.h>

2011-02-24  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Switch over command line capabilities to virBitmap
	This is done for two reasons:
	- we are getting very close to 64 flags which is the maximum we can use
	  with unsigned long long
	- by using LL constants in enum we already violates C99 constraint that
	  enum values have to fit into int

	qemu: Rename qemud\?CmdFlags to qemuCaps
	The new name complies more with the fact that it contains a set of
	qemuCapsFlags.

	qemu: Use helper functions for handling cmd line capabilities
	Three new functions (qemuCapsSet, qemuCapsClear, and qemuCapsGet) were
	introduced replacing direct bit operations.

	qemu: Rename QEMUD_CMD_FLAG_* to QEMU_CAPS_*
	The new names comply more with the fact that they are all members of
	enum qemuCapsFlags.

	util: Add API for converting virBitmap into printable string

	util: Use unsigned long as a base type for virBitmap

2011-02-23  Daniel P. Berrange  <berrange@redhat.com>

	Expose name + UUID to LXC containers via env variables
	When spawning 'init' in the container, set

	  LIBVIRT_LXC_UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
	  LIBVIRT_LXC_NAME=YYYYYYYYYYYY

	to allow guest software to detect & identify that they
	are in a container

	* src/lxc/lxc_container.c: Set LIBVIRT_LXC_UUID and
	  LIBVIRT_LXC_NAME env vars

	Fix discard of expected errors
	In a couple of commands virsh catches & ignores errors, but fails
	to reset last_error. Thus the error is ignored, but still reported
	to the user.

	* tools/virsh.c: Reset last_error if ignoring an error

	Fix off-by-1 in virFileAbsPath.
	The virFileAbsPath was not taking into account the '/' directory
	separator when allocating memory for combining cwd + path. Convert
	to use virAsprintf to avoid this type of bug completely.

	* src/util/util.c: Convert virFileAbsPath to use virAsprintf

	Fix group/mode for /dev/pts inside LXC container
	Normal practice for /dev/pts is to have it mode=620,gid=5
	but LXC was leaving mode=000,gid=0 preventing unprivilegd
	users in the guest use of PTYs

	* src/lxc/lxc_controller.c: Fix /dev/pts setup

2011-02-23  Eric Blake  <eblake@redhat.com>

	security: avoid memory leak
	Leak introduced in commit d6623003.

	* src/qemu/qemu_driver.c (qemuSecurityInit): Avoid leak on failure.
	* src/security/security_stack.c (virSecurityStackClose): Avoid
	leaking component drivers.

2011-02-22  Roopa Prabhu  <roprabhu@cisco.com>

	802.1Qbh: Delay IFF_UP'ing interface until migration final stage
	Current code does an IFF_UP on a 8021Qbh interface immediately after a port
	profile set. This is ok in most cases except when its the migration prepare
	stage. During migration we want to postpone IFF_UP'ing the interface on the
	destination host until the source host has disassociated the interface.
	This patch moves IFF_UP of the interface to the final stage of migration.
	The motivation for this change is to postpone any addr registrations on the
	destination host until the source host has done the addr deregistrations.

	While at it, for symmetry with associate move ifDown of a 8021Qbh interface
	to before disassociate

2011-02-22  Osier Yang  <jyang@redhat.com>

	storage: make debug log more useful
	"__func__" is useless there, as VIR_DEBUG will print the function
	name.

	* src/storage/storage_backend_mpath.c

	virsh: replace vshPrint with vshPrintExtra for snapshot list Otherwise extra information will be printed even if "--quiet" is specified.
	* tools/virsh.c

2011-02-22  Wen Congyang  <wency@cn.fujitsu.com>

	check device-mapper when building with mpath or disk storage driver
	Currently, we need virIsDevMapperDevice() when we build libvirt with
	disk or mpath storage drivers.  So we should check device-mapper-devel
	when we build with disk storage driver but without mpath storage
	driver.

2011-02-22  Eric Blake  <eblake@redhat.com>

	build: add dependency on gnutls-utils
	* libvirt.spec.in (Requires): Add gnutls-utils, for virt-pki-validate.
	Suggested by Daniel P. Berrange.

2011-02-22  Markus Groß  <gross@univention.de>

	Renamed functions in xenxs

	Moved XM formatting functions to xenxs

	Moved XM parsing functions to xenxs

	Moved SEXPR formatting functions to xenxs

	Moved SEXPR parsing functions to xenxs

	Moved some SEXPR functions from xen-unified

	Moved SEXPR unit to utils

2011-02-22  Wen Congyang  <wency@cn.fujitsu.com>

	protect the scsi controller to be deleted when it is in use
	Steps to reproduce this bug:
	1. virsh attach-disk domain --source imagefile --target sdb --sourcetype file --driver qemu --subdriver raw
	2. virsh detach-device controller.xml # remove scsi controller 0
	3. virsh detach-disk domain sdb
	   error: Failed to detach disk
	   error: operation failed: detaching scsi0-0-1 device failed: Device 'scsi0-0-1' not found

	I think we should not detach a controller when it is used by some other device.

2011-02-22  Eric Blake  <eblake@redhat.com>

	maint: fix grammar in error message
	* python/tests/create.py: Use correct wording.

2011-02-22  Dan Kenigsberg  <danken@redhat.com>

	virt-*-validate.in: quote all variable references
	Alas, the shell is not a real programming language.

	Patch generated by manual confirmation of vim's
	s/[^"]\@<=\$\S\+\s\@=/"&"/gc
	and
	s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches.

	This patch generate a lot of noise and carries little benefits, as
	I do not really expect $PKI to contain spaces or backticks. I'm just
	fuming, and would not really mind if this patch is ignored

	virt-pki-validate: behave when CERTTOOL is missing

2011-02-22  Eric Blake  <eblake@redhat.com>

	autobuild.sh: use VPATH build
	Try to avoid future regressions on the VPATH front.

	* autobuild.sh: Uncomment VPATH use.
	* .gitignore: Exclude build directory.

	maint: fix 'make dist' in VPATH build
	A diff of 'make dist' from in-tree vs. a VPATH build showed
	that we were missing docs/api_extension/*.patch files, but
	shipping other files that we didn't need.

	* bootstrap.conf (gnulib_extra_files): Don't distribute files we
	don't care about.
	* docs/Makefile.am (patches): Perform wildcard correctly.

	build: don't require pod2man for tarball builds
	Right now, 'man libvirtd' includes information that depends on
	configure results, so it must be generated on the fly and live
	in $(builddir); however, requiring pod2man on all end user
	machines is overkill.  Meanwhile, 'man virsh' doesn't mention
	any configure results, so it can be built at 'make dist' time.
	If that situation changes in the future, we can generate virsh.1
	in the same way that we generate libvirtd.8.

	* daemon/Makefile.am (libvirtd.8.in): New rule, to run pod2man in
	advance of distribution.
	(libvirtd.8): Use only sed from tarball.
	(EXTRA_DIST): Ship new file.
	(libvirtd.pod): Delete unused rule.
	(man8_MANS): Let automake know which section to use.
	(CLEANFILES, MAINTAINERCLEANFILES): Adjust to new files.
	* tools/Makefile.am (dist_man1_MANS): Distribute pre-built man
	pages, fine since they don't require any substitution.
	(virt-xml-validate.1, virt-pki-validate.1): Change input source.
	(virsh.1): Build into srcdir.
	(CLEANFILES, MAINTAINERCLEANFILES): Adjust to new build style.
	* daemon/.gitignore: Update.
	Reported by Diego Elio Pettenò.

2011-02-21  Eric Blake  <eblake@redhat.com>

	maint: kill all remaining uses of old DEBUG macro
	Done mechanically with:
	$ git grep -l '\bDEBUG0\? *(' | xargs -L1 sed -i 's/\bDEBUG0\? *(/VIR_&/'

	followed by manual deletion of qemudDebug in daemon/libvirtd.c, along
	with a single 'make syntax-check' fallout in the same file, and the
	actual deletion in src/util/logging.h.

	* src/util/logging.h (DEBUG, DEBUG0): Delete.
	* daemon/libvirtd.h (qemudDebug): Likewise.
	* global: Change remaining clients over to VIR_DEBUG counterpart.

	hash: make virHashFree more free-like
	Two-argument free functions are uncommon; match the style elsewhere
	by caching the callback at creation.

	* src/util/hash.h (virHashCreate, virHashFree): Move deallocator
	argument to creation.
	* cfg.mk (useless_free_options): Add virHashFree.
	* src/util/hash.c (_virHashTable): Track deallocator.
	(virHashCreate, virHashFree): Update to new signature.
	* src/conf/domain_conf.c (virDomainObjListDeinit)
	(virDomainObjListInit, virDomainDiskDefForeachPath)
	(virDomainSnapshotObjListDeinit, virDomainSnapshotObjListInit):
	Update callers.
	* src/conf/nwfilter_params.c (virNWFilterHashTableFree)
	(virNWFilterHashTableCreate): Likewise.
	* src/conf/nwfilter_conf.c (virNWFilterTriggerVMFilterRebuild):
	Likewise.
	* src/cpu/cpu_generic.c (genericHashFeatures, genericBaseline):
	Likewise.
	* src/xen/xm_internal.c (xenXMOpen, xenXMClose): Likewise.
	* src/nwfilter/nwfilter_learnipaddr.c (virNWFilterLearnInit)
	(virNWFilterLearnShutdown): Likewise.
	* src/qemu/qemu_command.c (qemuDomainPCIAddressSetCreate)
	(qemuDomainPCIAddressSetFree): Likewise.
	* src/qemu/qemu_process.c (qemuProcessWaitForMonitor): Likewise.

2011-02-21  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix API docs generation in VPATH build
	XSLT allows for two ways of generating the output of transformation.
	Either implicit, which xsltproc prints to stdout and can be redirected
	to a file using -o file. Or explicit, which means the stylesheet
	contains <xsl:document> element which specifies where the output should
	be saved. This can be used for generating more files by a single run of
	xsltproc and -o directory/ can change the directory where the output
	files will be stored.

	devhelp.xsl is special in that it combines both options in one
	stylesheet, which doesn't work well with -o:

	xsltproc --nonet -o ./devhelp/ ./devhelp/devhelp.xsl ./libvirt-api.xml

	Outputs 4 *.html files into ./devhelp but then tries to write to
	./devhelp/ as a file (hence the I/O error) rather than writing output to
	the fifth file devhelp/libvirt.devhelp.

	This patch modifies devhelp.xsl so that all files are generated using
	<xsl:document> element and -o directory/ can be used to override output
	directory where those files are saved.

2011-02-21  Daniel P. Berrange  <berrange@redhat.com>

	Remove all object hashtable caches from virConnectPtr
	The virConnectPtr struct will cache instances of all other
	objects. APIs like virDomainLookupByUUID will return a
	cached object, so if you do virDomainLookupByUUID twice in
	a row, you'll get the same exact virDomainPtr instance.

	This does not have any performance benefit, since the actual
	logic in virDomainLookupByUUID (and other APIs returning
	virDomainPtr, etc instances) is not short-circuited. All
	it does is to ensure there is only one single virDomainPtr
	in existance for any given UUID.

	The caching has a number of downsides though, all relating
	to stale data. If APIs aren't careful to always overwrite
	the 'id' field in virDomainPtr it may become out of data.
	Likewise for the name field, if a guest is renamed, or if
	a guest is deleted, and then a new one created with the
	same UUID but different name.

	This has been an ongoing, endless source of bugs for all
	applications using libvirt from languages with garbage
	collection, causing them to get virDomainPtr instances
	from long ago with stale data.

	The caching is also a waste of memory resources, since
	both applications, and language bindings often maintain
	their own hashtable caches of object instances.

	This patch removes all the hash table caching, so all
	APIs return brand new virDomainPtr (etc) object instances.

	* src/datatypes.h: Delete all hash tables.
	* src/datatypes.c: Remove all object caching code

2011-02-19  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: enable rejection of packets
	This patch adds the possibility to not just drop packets, but to also have them rejected where iptables at least sends an ICMP msg back to the originator. On ebtables this again maps into dropping packets since rejecting is not supported.

	I am adding 'since 0.8.9' to the docs assuming this will be the next version of libvirt.

2011-02-19  Guido Günther  <agx@sigxcpu.org>

	Drop empty argument from dnsmasq call
	since dnsmasq >= 2.56 now bails out with empty arguments. See
	    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=613944
	for the Debian bug and
	    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589885
	for the upstream reasoning.

2011-02-19  Eric Blake  <eblake@redhat.com>

	build: fix broken mingw cross-compilation
	Two regressions:
	Commit df1011ca broke builds for systems that lack devmapper
	(non-Linux, as well as Linux with ./autogen.sh --without-libvirtd
	and without the libraries present).
	Commit ce6fd650 broke cross-compilation, due to a gnulib bug.

	* .gnulib: Update to latest, for cross-compilation fix.
	* src/util/util.c (virIsDevMapperDevice): Provide stub for
	platforms not using storage driver.
	* configure.ac (devmapper): Arrange to define HAVE_LIBDEVMAPPER_H.
	devmapper issue reported by Wen Congyang.

2011-02-19  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Ignore malformed host UUID from BIOS
	Etienne Gosset reported that libvirt fails to connect to his ESX
	server because it failed to parse its malformed host UUID, that
	contains an additional space and lacks one hexdigit in the last
	group:

	xxxxxxxx-xxxx-xxxx-xxxx- xxxxxxxxxxx

	Don't treat this as a fatal error, just ignore it.

2011-02-19  Michal Privoznik  <mprivozn@redhat.com>

	virsh: freecell --all getting wrong NUMA nodes count
	Virsh freecell --all was not only getting wrong NUMA nodes count, but
	even the NUMA nodes IDs. They doesn't have to be continuous, as I've
	found out during testing this. Therefore a modification of
	nodeGetCellsFreeMemory() error message.

2011-02-19  Eric Blake  <eblake@redhat.com>

	build: speed up non-maintainer builds
	* configure.ac (gl_ASSERT_NO_GNULIB_POSIXCHECK): Use to reduce
	time spent in configure.

2011-02-18  Eric Blake  <eblake@redhat.com>

	build: recompute symbols after changing configure options
	$ ./configure
	...
	$ make
	...
	  GEN    libvirt.syms
	...
	$ ./configure --with-driver-modules
	...
	$ make
	...

	libvirt.syms doesn't get regenerated but it should as it should
	contain virDriverLoadModule now.

	* src/Makefile.am (libvirt.syms): Depend on configure changes.
	Reported by Matthias Bolte.

2011-02-18  Jiri Denemark  <jdenemar@redhat.com>

	maint: Expand tabs in python code
	Also cfg.mk is tweaked to force this for all future changes to *.py
	files.

2011-02-18  Osier Yang  <jyang@redhat.com>

	Requires gettext for client package
	libvirt-guests invokes functions in gettext.sh, so we need to
	require gettext package in spec file.

	Demo with the fix:
	% rpm -q gettext
	package gettext is not installed

	% rpm -ivh libvirt-client-0.8.8-1.fc14.x86_64.rpm
	error: Failed dependencies:
		gettext is needed by libvirt-client-0.8.8-1.fc14.x86_64

	* libvirt.spec.in

2011-02-18  Jim Fehlig  <jfehlig@novell.com>

	Do not add drive 'boot=on' param when a kernel is specified
	libvirt-tck was failing several domain tests [1] with qemu 0.14, which
	is now less tolerable of specifying 2 bootroms with the same boot index [2].

	Drop the 'boot=on' param if kernel has been specfied.

	[1] https://www.redhat.com/archives/libvir-list/2011-February/msg00559.html
	[2] http://lists.nongnu.org/archive/html/qemu-devel/2011-02/msg01892.html

2011-02-18  Christophe Fergeau  <teuf@gnome.org>

	remove duplicated call to reportOOMError

	remove space between function name and (
	There were several occurrences of an extra space inserted between
	a function name and the ( opening the argument list in
	datatypes.c. This is not consistent with the coding style used in
	the rest of this file so removing this extra space makes the
	code slightly more readable.

	don't check for NULL before calling virHashFree
	virHashFree follows the convention described in HACKING that
	XXXFree() functions can be called with a NULL argument.

	remove no longer needed calls to virReportOOMError
	Now that the virHash handling functions call virReportOOMError by
	themselves when needed, users of the virHash API no longer need to
	do it by themselves. Since users of the virHash API were not
	consistently calling virReportOOMError after memory failures from
	the virHash code, this has the added benefit of making OOM
	reporting from this code more consistent and reliable.

	factor common code in virHashAddEntry and virHashUpdateEntry
	The only difference between these 2 functions is that one errors
	out when the entry is already present while the other modifies
	the existing entry. Add an helper function with a boolean argument
	indicating whether existing entries should be updated or not, and
	use this helper in both functions.

	add hash table rebalancing in virHashUpdateEntry
	The code in virHashUpdateEntry and virHashAddEntry is really
	similar. However, the latter rebalances the hash table when
	one of its buckets contains too many elements while the former
	does not. Fix this discrepancy.

2011-02-18  Eric Blake  <eblake@redhat.com>

	hash: modernize debug code
	* src/util/hash.c (virHashGrow) [DEBUG_GROW]: Use modern logging.
	Reported by Christophe Fergeau.

	build: improve 'make install' for VPATH builds
	This still doesn't fix {html,devhelp}/libvirt-{libvirt-virterror}.html,
	but it's progress in the right direction.

	* docs/Makefile.am (%.html): Build into srcdir.

2011-02-18  Wen Congyang  <wency@cn.fujitsu.com>

	check more error info about whether drive_add failed
	When we attach a disk, but we specify a wrong format of disk image,
	qemu monitor command drive_add will fail, but libvirt does not detect
	this error.

2011-02-18  Eric Blake  <eblake@redhat.com>

	logging: make VIR_ERROR and friends preserve errno
	Followup to commit 17e19add, and would have prevented the bug
	independently fixed in commit 76c57a7c.

	* src/util/logging.c (virLogMessage): Preserve errno, since
	logging should be as unintrusive as possible.

	maint: avoid 'make syntax-check' from tarball
	* .gnulib: update to latest gnulib for maint.mk fixes

2011-02-18  Laine Stump  <laine@laine.org>

	Give each virtual network bridge its own fixed MAC address
	This fixes https://bugzilla.redhat.com/show_bug.cgi?id=609463

	The problem was that, since a bridge always acquires the MAC address
	of the connected interface with the numerically lowest MAC, as guests
	are started and stopped, it was possible for the MAC address to change
	over time, and this change in the network was being detected by
	Windows 7 (it sees the MAC of the default route change), so on each
	reboot it would bring up a dialog box asking about this "new network".

	The solution is to create a dummy tap interface with a MAC guaranteed
	to be lower than any guest interface's MAC, and attach that tap to the
	bridge as soon as it's created. Since all guest MAC addresses start
	with 0xFE, we can just generate a MAC with the standard "0x52, 0x54,
	0" prefix, and it's guaranteed to always win (physical interfaces are
	never connected to these bridges, so we don't need to worry about
	competing numerically with them).

	Note that the dummy tap is never set to IFF_UP state - that's not
	necessary in order for the bridge to take its MAC, and not setting it
	to UP eliminates the clutter of having an (eg) "virbr0-nic" displayed
	in the output of the ifconfig command.

	I chose to not auto-generate the MAC address in the network XML
	parser, as there are likely to be consumers of that API that don't
	need or want to have a MAC address associated with the
	bridge.

	Instead, in bridge_driver.c when the network is being defined, if
	there is no MAC, one is generated. To account for virtual network
	configs that already exist when upgrading from an older version of
	libvirt, I've added a %post script to the specfile that searches for
	all network definitions in both the config directory
	(/etc/libvirt/qemu/networks) and the state directory
	(/var/lib/libvirt/network) that are missing a mac address, generates a
	random address, and adds it to the config (and a matching address to
	the state file, if there is one).

	docs/formatnetwork.html.in: document <mac address.../>
	docs/schemas/network.rng: add nac address to schema
	libvirt.spec.in: %post script to update existing networks
	src/conf/network_conf.[ch]: parse and format <mac address.../>
	src/libvirt_private.syms: export a couple private symbols we need
	src/network/bridge_driver.c:
	    auto-generate mac address when needed,
	    create dummy interface if mac address is present.
	tests/networkxml2xmlin/isolated-network.xml
	tests/networkxml2xmlin/routed-network.xml
	tests/networkxml2xmlout/isolated-network.xml
	tests/networkxml2xmlout/routed-network.xml: add mac address to some tests

	Allow brAddTap to create a tap device that is down
	An upcoming patch has a use for a tap device to be created that
	doesn't need to be actually put into the "up" state, and keeping it
	"down" keeps the output of ifconfig from being unnecessarily cluttered
	(ifconfig won't show down interfaces unless you add "-a").

	bridge.[ch]: add "up" as an arg to brAddTap()
	uml_conf.c, qemu_command.c: add "up" (set to "true") to brAddTap() call.

	Add txmode attribute to interface XML for virtio backend
	This is in response to:

	   https://bugzilla.redhat.com/show_bug.cgi?id=629662

	Explanation

	qemu's virtio-net-pci driver allows setting the algorithm used for tx
	packets to either "bh" or "timer". This is done by adding ",tx=bh" or
	",tx=timer" to the "-device virtio-net-pci" commandline option.

	'bh' stands for 'bottom half'; when this is set, packet tx is all done
	in an iothread in the bottom half of the driver. (In libvirt, this
	option is called the more descriptive "iothread".)

	'timer' means that tx work is done in qemu, and if there is more tx
	data than can be sent at the present time, a timer is set before qemu
	moves on to do other things; when the timer fires, another attempt is
	made to send more data. (libvirt retains the name "timer" for this
	option.)

	The resulting difference, according to the qemu developer who added
	the option is:

	    bh makes tx more asynchronous and reduces latency, but potentially
	    causes more processor bandwidth contention since the cpu doing the
	    tx isn't necessarily the cpu where the guest generated the
	    packets.

	Solution

	This patch provides a libvirt domain xml knob to change the option on
	the qemu commandline, by adding a new attribute "txmode" to the
	<driver> element that can be placed inside any <interface> element in
	a domain definition. It's use would be something like this:

	    <interface ...>
	      ...
	      <model type='virtio'/>
	      <driver txmode='iothread'/>
	      ...
	    </interface>

	I chose to put this setting as an attribute to <driver> rather than as
	a sub-element to <tune> because it is specific to the virtio-net
	driver, not something that is generally usable by all network drivers.
	(note that this is the same placement as the "driver name=..."
	attribute used to choose kernel vs. userland backend for the
	virtio-net driver.)

	Actually adding the tx=xxx option to the qemu commandline is only done
	if the version of qemu being used advertises it in the output of

	    qemu -device virtio-net-pci,?

	If a particular txmode is requested in the XML, and the option isn't
	listed in that help output, an UNSUPPORTED_CONFIG error is logged, and
	the domain fails to start.

	Restructure domain struct interface "driver" data for easier expansion
	When the <driver> element (and its "name" attribute) was added to the
	domain XML's interface element, a "backend" enum was simply added to
	the toplevel of the virDomainNetDef struct.

	Ignoring the naming inconsistency ("name" vs. "backend"), this is fine
	when there's only a single item contained in the driver element of the
	XML, but doesn't scale well as we add more attributes that apply to
	the backend of the virtio-net driver, or add attributes applicable to
	other drivers.

	This patch changes virDomainNetDef in two ways:

	1) Rename the item in the struct from "backend" to "name", so that
	   it's the same in the XML and in the struct, hopefully avoiding
	   confusion for someone unfamiliar with the function of the
	   attribute.

	2) Create a "driver" union within virDomainNetDef, and a "virtio"
	   struct in that struct, which contains the "name" enum value.

	3) Move around the virDomainNetParse and virDomainNetFormat functions
	   to allow for simple plugin of new attributes without disturbing
	   existing code. (you'll note that this results in a seemingly
	   redundant if() in the format function, but that will no longer be
	   the case as soon as a 2nd attribute is added).

	In the future, new attributes for the virtio driver backend can be
	added to the "virtio" struct, and any other network device backend that
	needs an attribute will have its own struct added to the "driver"
	union.

2011-02-17  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix VPATH build
	Even VPATH make dist succeeds now

2011-02-17  Daniel P. Berrange  <berrange@redhat.com>

	Move all the QEMU migration code to a new file
	The introduction of the v3 migration protocol, along with
	support for migration cookies, will significantly expand
	the size of the migration code. Move it all to a separate
	file to make it more manageable

	The functions are not moved 100%. The API entry points
	remain in the main QEMU driver, but once the public
	virDomainPtr is resolved to the internal virDomainObjPtr,
	all following code is moved.

	This will allow the new v3 API entry points to call into the
	same shared internal migration functions

	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Add
	  qemuDomainFormatXML helper method
	* src/qemu/qemu_driver.c: Remove all migration code
	* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Add
	  all migration code.

	Split all QEMU process mangement code into separate file
	Move the qemudStartVMDaemon and qemudShutdownVMDaemon
	methods into a separate file, renaming them to
	qemuProcessStart, qemuProcessStop. All helper methods
	called by these are also moved & renamed to match

	* src/Makefile.am: Add qemu_process.c/.h
	* src/qemu/qemu_command.c: Add qemuDomainAssignPCIAddresses
	* src/qemu/qemu_command.h: Add VNC port min/max
	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Add
	  domain event queue helpers
	* src/qemu/qemu_driver.c, src/qemu/qemu_driver.h: Remove
	  all QEMU process startup/shutdown functions
	* src/qemu/qemu_process.c, src/qemu/qemu_process.h: Add
	  all QEMU process startup/shutdown functions

2011-02-17  Osier Yang  <jyang@redhat.com>

	storage: Allow to delete device mapper disk partition
	The name convention of device mapper disk is different, and 'parted'
	can't be used to delete a device mapper disk partition. e.g.

	Name                 Path
	-----------------------------------------
	3600a0b80005ad1d7000093604cae912fp1 /dev/mapper/3600a0b80005ad1d7000093604cae912fp1

	Error: Expecting a partition number.

	This patch introduces 'dmsetup' to fix it.

	Changes:
	  - New function "virIsDevMapperDevice" in "src/utils/utils.c"
	  - remove "is_dm_device" in "src/storage/parthelper.c", use
	    "virIsDevMapperDevice" instead.
	  - Requires "device-mapper" for 'with-storage-disk" in "libvirt.spec.in"
	  - Check "dmsetup" in 'configure.ac' for "with-storage-disk"
	  - Changes on "src/Makefile.am" to link against libdevmapper
	  - New entry for "virIsDevMapperDevice" in "src/libvirt_private.syms"

	Changes from v1 to v3:
	  - s/virIsDeviceMapperDevice/virIsDevMapperDevice/g
	  - replace "virRun" with "virCommand"
	  - sort the list of util functions in "libvirt_private.syms"
	  - ATTRIBUTE_NONNULL(1) for virIsDevMapperDevice declaration.

	e.g.

	Name                 Path
	-----------------------------------------
	3600a0b80005ad1d7000093604cae912fp1 /dev/mapper/3600a0b80005ad1d7000093604cae912fp1

	Vol /dev/mapper/3600a0b80005ad1d7000093604cae912fp1 deleted

	Name                 Path
	-----------------------------------------

2011-02-17  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.8.8
	* configure.ac docs/news.html.in libvirt.spec.in: bump version and add docs
	* po/*.po*: updated Gujarati, Polish and Dutch localisations and regenerated

2011-02-17  Osier Yang  <jyang@redhat.com>

	qemu: Error prompt when saving a shutoff domain
	"qemudDomainSaveFlag" goto wrong label "endjob", which will cause
	error when security manager trying to restore label (regression).

	As it's more reasonable to check if vm is shutoff immediately, and
	return right away if it is, remove the checking in "qemudDomainSaveFlag",
	and add checking in "qemudDomainSave".

	* src/qemu/qemu_driver.c

2011-02-17  Eric Blake  <eblake@redhat.com>

	maint: delete unused 'make install' step
	Libxml2-Logo-90x34.gif was removed from the repository in Sep 2009
	(commit d6d528c) because our docs no longer reference it.

	* docs/Makefile.am (install-data-local): Don't install missing file.

2011-02-16  Eric Blake  <eblake@redhat.com>

	cgroup: preserve correct errno on failure
	* src/util/cgroup.c (virCgroupSetValueStr, virCgroupGetValueStr)
	(virCgroupRemoveRecursively): VIR_DEBUG can clobber errno.
	(virCgroupRemove): Use VIR_DEBUG rather than DEBUG.

2011-02-16  Zdenek Styblik  <stybla@turnovfree.net>

	Update czech localization

2011-02-16  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix command line generation with faked host CPU
	The code expected that host CPU architecture matches the architecture on
	which libvirt runs. This is normally true but not in tests, where host
	CPU is faked to produce consistent results.

	tests: Fake host capabilities properly
	Since we fake host CPU we should also fake host arch instead of taking
	the real architecture tests are running on.

2011-02-16  Eric Blake  <eblake@redhat.com>

	docs: fix typos
	* docs/drvopenvz.html.in: Spell administrator correctly.
	* docs/drvuml.html.in: Likewise.
	* src/qemu/qemu.conf: Likewise.  Fix other typos, too.

2011-02-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	Avoid empty strings when --with-packager(-version) is not specified
	Make with_packager and with_packager_version default to "no". This way
	--without-packager-version (as shorthand for --with-packager(-version)=no)
	works correctly too.

	Prior to this patch libvirt outputs a line like this when
	--with-packager(-version) was not specified

	# ./daemon/libvirtd
	14:11:15.018: 31796: info : libvirt version: 0.8.8, package:  ()

	Now the unspecified parts are correctly omitted.

	Reported by Osier Yang.

2011-02-16  Eric Blake  <eblake@redhat.com>

	build: address clang reports about virCommand
	clang had 5 reports against virCommand; three were false positives
	(a NULL deref in ProcessIO solved by sa_assert, and two uninitialized
	memory operations solved by adding an initializer), but two were real.

	* src/util/command.c (virCommandProcessIO): Fix real bug of
	possible NULL dereference.  Teach clang that buf is never NULL.
	(virCommandRun): Teach clang that infd is only ever accessed when
	initialized.

	build: silence some clang warnings
	* tools/virsh.c (cmdHelp): Kill dead variables.

	qemu: don't mask real error with oom report
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Don't report oom
	after qemuBuildControllerDevStr, which reported its own errors.

	qemu: avoid NULL derefs
	The processWatchdogEvent fix is real, although it can only trigger
	on OOM, since bad things happen if doCoreDump is called with a NULL
	pathname argument.  The other fixes silence clang, but aren't a real
	bug because virReportErrorHelper tolerates a NULL format string even
	though *printf does not.

	* src/qemu/qemu_driver.c (processWatchdogEvent): Exit on OOM.
	(qemuDomainIsActive, qemuDomainIsPersistent, qemuDomainIsUpdated):
	Provide valid message.

	virDomainMemoryStats: avoid null dereference
	* src/libvirt.c (virDomainMemoryStats): Check domain before flags.

2011-02-15  Justin Clift  <jclift@redhat.com>

	docs: added link for nimbus to apps page

2011-02-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak of mutex attributes in POSIX threads impl
	* src/util/threads-pthread.c: Fix mutex leak

	Fix leak in SCSI storage backend
	The SCSI storage backend leaks a string containing the pathname
	for each block device it discovers

	* src/storage/storage_backend_scsi.c: Free the device name

2011-02-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	Output commandline on status != 0 in virCommandWait
	This helps identifying which command exited with status != 0.

2011-02-15  Christophe Fergeau  <teuf@gnome.org>

	add missing error handling to virGetDomain
	When creating the virDomain::snapshots hash table, virGetDomain
	wasn't checking if the creation was successful. This would then
	lead to failures in the vir*DomainSnapshot functions. Better to
	report this error early and make virGetDomain fail if the
	snapshots hash couldn't be created.
	* src/datatypes.c: report failure to make a hash table

	call virReportOOMError when appropriate in hash.c
	A couple of allocation were not calling virReportOOMError on allocation
	errors

	* src/util/hash.c: add the needed call in virHashCreate and
	  virHashAddOrUpdateEntry

2011-02-15  Osier Yang  <jyang@redhat.com>

	storage: Create enough volumes for mpath pool
	"virStorageBackendCreateVols":
	  "names->next" serves as condition expression for "do...while",
	however, "names" was shifted before, it then results in one less
	loop, and thus, one less volume will be created for mpath pool,
	the patch is to fix it.

	* src/storage/storage_backend_mpath.c

2011-02-15  Eric Blake  <eblake@redhat.com>

	maint: kill dead assignments
	* src/network/bridge_driver.c (networkStartNetworkDaemon): Delete
	unused assignments.

	qemu: avoid NULL deref on error
	* src/qemu/qemu_command.c (qemuParseCommandLineDisk): Report error
	before cleaning def.

	build: silence false positive clang report
	clang complained that STREQ(group->controllers[i].mountPoint,...)  was
	a NULL dereference when i==VIR_CGROUP_CONTROLLER_CPUSET, because it
	assumes the worst about virCgroupPathOfController.  Marking the
	argument const doesn't yet have an effect, per this clang bug:
	http://llvm.org/bugs/show_bug.cgi?id=7758

	So, we use sa_assert, which was designed to shut up false positives
	from tools like clang.

	* src/util/cgroup.c (virCgroupMakeGroup): Teach clang that there
	is no NULL dereference.

	qemu: ignore failure of qemu -M ? on older qemu
	https://bugzilla.redhat.com/show_bug.cgi?id=676563

	Regression introduced in commit 2211518.

	* src/qemu/qemu_capabilities.c (qemuCapsProbeMachineTypes): Allow
	non-zero exit status.

	xml: avoid compiler warning
	Detected by clang.

	* src/util/xml.c (virXPathStringLimit): Use %zd, not obsolete %Zd.

2011-02-15  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: reorder match extensions relative to state match
	This patch reorders the connlimit and comment match extensions relative to the state match (-m state); connlimit being most useful if found after a -m state --state NEW and not before it.

2011-02-15  Jiri Denemark  <jdenemar@redhat.com>

	conf: Fix XML generation for smartcards
	When formatting XML for smartcard device with mode=host, libvirt
	generates invalid XML if the device has address info associated:

	<smartcard mode='host' <address type='ccid' controller='0' slot='1'/>

2011-02-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix cleanup on VM state after failed QEMU startup
	Commit 9962e406c664ed5521f5aca500c860a331cb3979 introduced a
	problem where if the VM failed to startup, it would not be
	correctly cleaned up. Amongst other things the SELinux
	security label would not be removed, which prevents the VM
	from ever starting again.

	The virDomainIsActive() check at the start of qemudShutdownVMDaemon
	checks for vm->def->id not being -1. By moving the assignment of the
	VM id to the start of qemudStartVMDaemon, we can ensure cleanup will
	occur on failure

	* src/qemu/qemu_driver.c: Move initialization of 'vm->def->id'
	  so that qemudShutdownVMDaemon() will process the shutdown

2011-02-14  Jiri Denemark  <jdenemar@redhat.com>

	libvirt-qemu: Fix enum type declaration

2011-02-14  Christophe Fergeau  <teuf@gnome.org>

	fix OOM handling in hash routines
	* src/util/hash.c: virHashAddEntry and virHashUpdateEntry were missing NULL
	  checks on strdup
	* AUTHORS: add Christophe Fergeau

2011-02-13  Matthias Bolte  <matthias.bolte@googlemail.com>

	Update src/README
	Add missing subdirectories.

2011-02-12  Eric Blake  <eblake@redhat.com>

	virsh: avoid mingw compiler warnings
	Compilation on mingw was warning about %lld use in fprintf, and
	in the gnulib strptime module about dead labels.

	* tools/virsh.c (vshPrint): Change redirect.
	(vshPrintExtra): Allow use within vshPrint.  Avoid fprintf on
	arbitrary formats, since we aren't using gnulib module; instead,
	use virVasprintf to pre-format.
	(vshError): Likewise.
	* .gnulib: Update to latest, for mingw strptime warning fix.
	Reported by Matthias Bolte.

	build: avoid problems with autogen.sh runs from tarball
	Introduced by commit fac97c65c distributing cfg.mk, which
	previously could blindly assume it was in a git checkout.

	* cfg.mk (_update_required): Also check for .git.
	* autogen.sh: Don't run bootstrap from a tarball.
	Reported by Daniel Veillard.

2011-02-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: Distribute XSLT files to generate HACKING

	qemu: Report a more informative error for missing cgroup controllers
	Also use VIR_ERR_OPERATION_INVALID instead of VIR_ERR_NO_SUPPORT, as
	the operation could succeed when the cgroup controller was mounted.

2011-02-12  Osier Yang  <jyang@redhat.com>

	xen: Prevent updating device when attaching a device
	When attaching a device that already exists, xend driver updates
	the device with "device_configure", it causes problems (e.g. for
	disk device, 'device_configure' only can be used to update device
	like CDROM), on the other hand, we provide additional API
	(virDomainUpdateDevice) to update device, this fix is to raise up
	errors instead of updating the existed device which is not CDROM
	device.

	Changes from v1 to v2:
	  - allow to update CDROM

	* src/xen/xend_internal.c

2011-02-12  Eric Blake  <eblake@redhat.com>

	build: fix cygwin strerror_r failure
	Building the 0.8.8 release candidate on cygwin produced this compiler
	warning, which is indicative of catastrophic failure on any attempt to
	print an error message with errno turned to a string:

	  CC       strerror_r.lo
	strerror_r.c: In function 'rpl_strerror_r':
	strerror_r.c:67: warning: assignment makes integer from pointer without a cast

	This has been fixed in gnulib.

	* .gnulib: Update to latest, for strerror_r fix.
	* src/util/memory.c (includes): Satisfy 'make syntax-check'.

2011-02-12  Philipp Hahn  <hahn@univention.de>

	qemu: Fix escape_monitor(escape_shell(command))
	Suspending a VM which contains shell meta characters doesn't work with
	libvirt-0.8.7:
	/var/log/libvirt/qemu/andreas_231-ne\ doch\ nicht.log:
	  sh: -c: line 0: syntax error near unexpected token `doch'
	  sh: -c: line 0: `cat | { dd bs=4096 seek=1 if=/dev/null && dd bs=1048576; }

	Although target="andreas_231-ne doch nicht" contains shell meta
	characters (here: blanks), they are not properly escaped by
	src/qemu/qemu_monitor_{json,text}.c#qemuMonitor{JSON,Text}MigrateToFile()

	First, the filename needs to be properly escaped for the shell, than
	this command line has to be properly escaped for qemu again.

	For this to work, remove the old qemuMonitorEscapeArg() wrapper, rename
	qemuMonitorEscape() to it removing the handling for shell=TRUE, and
	implement a new qemuMonitorEscapeShell() returning strings using single
	quotes.

	Using double quotes or escaping special shell characters with backslashes
	would also be possible, but the set of special characters heavily
	depends on the concrete shell (dsh, bash, zsh) and its setting (history
	expansion, interactive use, ...)

2011-02-11  Daniel P. Berrange  <berrange@redhat.com>

	Imprint all logs with version + package build information
	The logging functions are enhanced so that immediately prior to
	the first log message being printed to any output channel, the
	libvirt package version will be printed.

	eg

	 $ LIBVIRT_DEBUG=1 virsh
	 18:13:28.013: 17536: info : libvirt version: 0.8.7
	 18:13:28.013: 17536: debug : virInitialize:361 : register drivers
	 ...

	The 'configure' script gains two new arguments which can be
	used as

	   --with-packager="Fedora Project, x86-01.phx2.fedoraproject.org, 01-27-2011-18:00:10"
	   --with-packager-version="1.fc14"

	to allow distros to append a custom string with package specific
	data.

	The RPM specfile is modified so that it appends the RPM version,
	the build host, the build date and the packager name.

	eg

	 $ LIBVIRT_DEBUG=1 virsh
	 18:14:52.086: 17551: info : libvirt version: 0.8.7, package: 1.fc13 (Fedora Project, x86-01.phx2.fedoraproject.org, 01-27-2011-18:00:10)
	 18:14:52.086: 17551: debug : virInitialize:361 : register drivers

	Thus when distro packagers receive bug reports they can clearly
	see what version was in use, even if the bug reporter mistakenly
	or intentionally lies about version/builds

	* src/util/logging.c: Output version data prior to first log message
	* libvirt.spec.in: Include RPM release, date, hostname & packager
	* configure.ac: Add --with-packager & --with-packager-version args

2011-02-11  Wen Congyang  <wency@cn.fujitsu.com>

	qemu: fix attach-interface regression
	QEMUD_CMD_FLAG_PCI_MULTIBUS should be set in the function
	qemuCapsExtractVersionInfo()

	The flag QEMUD_CMD_FLAG_PCI_MULTIBUS is used in the function
	qemuBuildDeviceAddressStr(). All callers get qemuCmdFlags
	by the function qemuCapsExtractVersionInfo() except that
	testCompareXMLToArgvFiles() in qemuxml2argvtest.c.

	So we should set QEMUD_CMD_FLAG_PCI_MULTIBUS in the function
	qemuCapsExtractVersionInfo() instead of qemuBuildCommandLine()
	because the function qemuBuildCommandLine() does not be called
	when we attach a pci device.

	tests: set QEMUD_CMD_FLAG_PCI_MULTIBUS in testCompareXMLToArgvFiles()

	set QEMUD_CMD_FLAG_PCI_MULTIBUS before calling qemuBuildCommandLine()
	as the flags is not set by qemuCapsExtractVersionInfo().

2011-02-10  Daniel P. Berrange  <berrange@redhat.com>

	Avoid pthread_sigmask on Win32 platforms
	Win32 doesn't have a concept of signal masks so disable that
	code. It is unclear how SIGINT is delivered (if at all) on
	Win32, so this might further work to provide an alternative
	to pthread_sigmask

	* tools/virsh.c: Avoid pthread_sigmask on Win32

	Reduce log level when cgroups aren't mounted
	Quite a few hosts don't have cgroups mounted and so see warnings
	from libvirt logged, which then cause bug reports, etc. Reduce
	the log level to INFO so they're not visible by default

	* src/qemu/qemu_driver.c: Reduce log level for cgroups

	Avoid warnings from nwfilter driver when run non-root
	When run non-root the nwfilter driver logs error messages about
	being unable to find iptables/ebtables commands (they are in
	/sbin which isn't in $PATH). The nwfilter driver can't ever work
	as non-root, so simply skip it entirely thus avoiding the error
	messages

	* src/conf/nwfilter_conf.h, src/nwfilter/nwfilter_driver.c,
	  src/nwfilter/nwfilter_gentech_driver.c,
	  src/nwfilter/nwfilter_gentech_driver.h: Pass 'bool privileged'
	  flag down to final driver impl
	* src/nwfilter/nwfilter_ebiptables_driver.c: Skip initialization
	  if not privileged

2011-02-10  Michal Privoznik  <mprivozn@redhat.com>

	Fix typo in parsing of spice 'auth' data
	A typo s/spice/vnc/ caused parsing of the spice 'auth' data
	to write into the wrong part of the struct, blowing away
	other unrelated data.

	* src/conf/domain_conf.c: s/vnc/spice/ in parsing spice auth

2011-02-10  Eric Blake  <eblake@redhat.com>

	build: distribute 'make syntax-check' tweaks
	* Makefile.am (EXTRA_DIST): Distribute cfg.mk.

2011-02-10  Michal Novotny  <minovotn@redhat.com>

	docs: Add information about libvirt-php new location

2011-02-10  Eric Blake  <eblake@redhat.com>

	maint: whitespace cleanup
	* .dir-locals.el (html-mode): Let emacs help out.
	* cfg.mk (sc_TAB_in_indentation): Check more files.
	* docs/internals/command.html.in: Fix offenders.
	* docs/formatdomain.html.in: Likewise.
	* docs/internals.html.in: Likewise.
	Reported by Jiri Denemark.

2011-02-10  Daniel P. Berrange  <berrange@redhat.com>

	Adjust some log levels in udev driver
	Most of te VIR_INFO calls in the udev driver are only relevant
	to developers so can switch to VIR_DEBUG. Failure to initialize
	libpciaccess though is a fatal error

	* src/node_device/node_device_udev.c: Adjust log levels

	Add check for binary existing in machine type probe
	When probing machine types if the QEMU binary does not exist
	we get a hard to diagnose error, due to the execve() in the
	child failing

	error: internal error Child process exited with status 1.

	Add an explicit check so that we get

	error: Cannot find QEMU binary /usr/libexec/qem3u-kvm: No such file or directory

	* src/qemu/qemu_capabilities.c: Check for QEMU binary

	Add a little more debugging for async events
	To make it easier to investigate problems with async event
	delivery, add two more debugging lines

	* daemon/remote.c: Debug when an event is queued for dispatch
	* src/remote/remote_driver.c: Debug when an event is received
	  for processing

	Move connection driver modules directory
	When built as modules, the connection drivers live
	in $LIBDIR/libvirt/drivers. Now we add lock manager
	drivers, we need to distinguish. So move the existing
	modules to 'connection-driver'

	* src/Makefile.am: Move module install dir
	* src/driver.c: Move module search dir

	Reset logging filter function when forking
	To ensure child processes will log all error messages, reset
	the logging filter function when forking

	* src/util/util.c: Reset log filter in fork

	Block SIGPIPE around virExec hook functions
	Some functionality run in virExec hooks may do I/O which
	can trigger SIGPIPE. Renable SIGPIPE blocking around the
	hook function

	* src/util/util.c: Block SIGPIPE around hooks

	Support SCSI RAID type & lower log level for unknown types
	The Linux kernel headers don't have a value for SCSI type 12,
	but HAL source code shows this to be a 'raid'. Add workaround
	for this type. Lower log level for unknown types since
	this is not a fatal error condition. Include the device sysfs
	path in the log output to allow identification of which device
	has problems.

	* src/node_device/node_device_udev.c: Add SCSI RAID type

	Only initialize/cleanup libpciaccess once
	libpciaccess has many bugs in its pci_system_init/cleanup
	functions that makes calling them multiple times unwise.
	eg it will double close() FDs, and leak other FDs.

	* src/node_device/node_device_udev.c: Only initialize
	  libpciaccess once

2011-02-09  Serge E. Hallyn  <serge.hallyn@canonical.com>

	Don't use CLONE_NEWUSER for now
	Until now, user namespaces have not done much, but (for that
	reason) have been innocuous to glob in with other CLONE_
	flags.  Upcoming userns development, however, will make tasks
	cloned with CLONE_NEWUSER far more restricted.  In particular,
	for some time they will be unable to access files with anything
	other than the world access perms.

	This patch assumes that noone really needs the user namespaces
	to be enabled.  If that is wrong, then we can try a more
	baroque patch where we create a file owned by a test userid with
	700 perms and, if we can't access it after setuid'ing to that
	userid, then return 0.  Otherwise, assume we are using an
	older, 'harmless' user namespace implementation.

	Comments appreciated.  Is it ok to do this?

2011-02-09  Eric Blake  <eblake@redhat.com>

	sysinfo: implement qemu support
	* src/qemu/qemu_driver.c (qemuGetSysinfo): New function.
	(qemuDriver): Install it.

	sysinfo: refactor xml formatting
	* src/util/sysinfo.h (virSysinfoFormat): New prototype.
	* src/conf/domain_conf.c (virDomainSysinfoDefFormat): Move guts...
	* src/util/sysinfo.c (virSysinfoFormat): ...into new function.
	* src/libvirt_private.syms: Export it.

	sysinfo: implement virsh support
	* tools/virsh.c (cmdSysinfo): New function.
	(hostAndHypervisorCmds): Add it.
	* tools/virsh.pod: Document it.

	sysinfo: implement the remote protocol
	Done by editing the first three files, then running
	'make -C src rpcgen', then editing src/remote_protocol-structs
	to match.

	* daemon/remote.c (remoteDispatchGetSysinfo): New function.
	* src/remote/remote_driver.c (remoteGetSysinfo, remote_driver):
	Client side serialization.
	* src/remote/remote_protocol.x (remote_get_sysinfo_args)
	(remote_get_sysinfo_ret): New types.
	(REMOTE_PROC_GET_SYSINFO): New enum value.
	* daemon/remote_dispatch_args.h: Regenerate.
	* daemon/remote_dispatch_prototypes.h: Likewise.
	* daemon/remote_dispatch_ret.h: Likewise.
	* daemon/remote_dispatch_table.h: Likewise.
	* src/remote/remote_protocol.c: Likewise.
	* src/remote/remote_protocol.h: Likewise.
	* src/remote_protocol-structs: Likewise.

	sysinfo: implement the public API
	* src/libvirt.c (virConnectGetSysinfo): New function.
	* docs/formatdomain.html.in: Mention it.

	sysinfo: define internal driver API
	* src/driver.h (virDrvGetSysinfo): New typedef.
	(_virDriver): New callback member.
	* src/esx/esx_driver.c (esxDriver): Add stub for driver.
	* src/lxc/lxc_driver.c (lxcDriver): Likewise.
	* src/opennebula/one_driver.c (oneDriver): Likewise.
	* src/openvz/openvz_driver.c (openvzDriver): Likewise.
	* src/phyp/phyp_driver.c (phypDriver): Likewise.
	* src/qemu/qemu_driver.c (qemuDriver): Likewise.
	* src/remote/remote_driver.c (remote_driver): Likewise.
	* src/test/test_driver.c (testDriver): Likewise.
	* src/uml/uml_driver.c (umlDriver): Likewise.
	* src/vbox/vbox_tmpl.c (Driver): Likewise.
	* src/vmware/vmware_driver.c (vmwareDriver): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDriver): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDriver): Likewise.

	sysinfo: expose new API
	The new virConnectGetSysinfo() API allows one to get the system
	information associated to a connection host, providing the same
	data as a guest that uses <os><smbios mode='host'/></os>, and in
	a format that can be pasted into the guest and edited when using
	<os><smbios mode='sysinfo'/></os>.

	* include/libvirt/libvirt.h.in (virConnectGetSysinfo): Declare.
	* src/libvirt_public.syms: Export new symbol.

2011-02-09  Daniel Veillard  <veillard@redhat.com>

	Adding Michal Novotny for previous patch

2011-02-09  Michal Novotny  <minovotn@redhat.com>

	Add libvirt-php information page
	This adds a ibvirt-php information page with some
	basic information on libvirt-php project compilation, contribution
	and other useful information.

2011-02-09  Gui Jianfeng  <guijianfeng@cn.fujitsu.com>

	cgroup: Add documentation for blkiotune elements.
	Add documentation for blkiotune elements.

	LXC: LXC Blkio weight configuration support.
	LXC Blkio weight configuration support.

	Reviewed-by: "Nikunj A. Dadhania" <nikunj@linux.vnet.ibm.com>

	qemu: Implement blkio tunable XML configuration and parsing.
	Implement blkio tunable XML configuration and parsing.

	Reviewed-by: "Nikunj A. Dadhania" <nikunj@linux.vnet.ibm.com>

	cgroup: Update XML Schema for new entries.
	Update XML Schema for new entries.

	cgroup: Implement blkio.weight tuning API.
	Implement blkio.weight tuning API.

	Acked-by: Daniel P. Berrange <berrange@redhat.com>

	cgroup: Enable cgroup hierarchy for blkio cgroup
	Enable cgroup hierarchy for blkio cgroup

	Acked-by: Daniel P. Berrange <berrange@redhat.com>

2011-02-09  Eric Blake  <eblake@redhat.com>

	maint: update AUTHORS
	* AUTHORS: Adjust for recent commits.

2011-02-08  Daniel Veillard  <veillard@redhat.com>

	Update Dutch and Polish localizations

	Revert "Czech translation updates"
	This reverts commit 9169c0eeb4b68a0001b57d35d11e41f9c1bc6148.
	The patch didn't applied cleanly and completely broke po regeneration

2011-02-08  Zdenek Styblik  <stybla@turnovfree.net>

	Czech translation updates

2011-02-08  Hero Phương  <herophuong93@gmail.com>

	Vietnamese translations for libvirt

2011-02-08  Niels de Vos  <ndevos@redhat.com>

	docs/index.html.in: update KVM url

2011-02-05  Eric Blake  <eblake@redhat.com>

	spicevmc: support older -device spicevmc of qemu 0.13.0
	qemu 0.13.0 (at least as built for Fedora 14, and also backported to
	RHEL 6.0 qemu) supported an older syntax for a spicevmc channel; it's
	not as flexible (it has an implicit name and hides the chardev
	aspect), but now that we support spicevmc, we might as well target
	both variants.

	* src/qemu/qemu_capabilities.h (QEMUD_CMD_FLAG_DEVICE_SPICEVMC):
	New flag.
	* src/qemu/qemu_capabilities.c (qemuCapsParseDeviceStr): Set it
	correctly.
	* src/qemu/qemu_command.h (qemuBuildVirtioSerialPortDevStr): Drop
	declaration.
	* src/qemu/qemu_command.c (qemuBuildVirtioSerialPortDevStr): Alter
	signature, check flag.
	(qemuBuildCommandLine): Adjust caller and check flag.
	* tests/qemuhelptest.c (mymain): Update test.
	* tests/qemuxml2argvtest.c (mymain): New test.
	* tests/qemuxml2argvdata/qemuxml2argv-channel-spicevmc-old.xml:
	New file.
	* tests/qemuxml2argvdata/qemuxml2argv-channel-spicevmc-old.args:
	Likewise.

	smartcard: add spicevmc support
	Adds <smartcard mode='passthrough' type='spicevmc'/>, which uses the
	new <channel name='smartcard'/> of <graphics type='spice'>.

	* docs/schemas/domain.rng: Support new XML.
	* docs/formatdomain.html.in: Document it.
	* src/conf/domain_conf.h (virDomainGraphicsSpiceChannelName): New
	enum value.
	(virDomainChrSpicevmcName): New enum.
	(virDomainChrSourceDef): Distinguish spicevmc types.
	* src/conf/domain_conf.c (virDomainGraphicsSpiceChannelName): Add
	smartcard.
	(virDomainSmartcardDefParseXML): Parse it.
	(virDomainChrDefParseXML, virDomainSmartcardDefParseXML): Set
	spicevmc name.
	(virDomainChrSpicevmc): New enum conversion functions.
	* src/libvirt_private.syms: Export new functions.
	* src/qemu/qemu_command.c (qemuBuildChrChardevStr): Conditionalize
	name.
	* tests/qemuxml2argvtest.c (domain): New test.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-passthrough-spicevmc.args:
	New file.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-passthrough-spicevmc.xml:
	Likewise.

2011-02-04  Daniel P. Berrange  <berrange@redhat.com>

	spicevmc: support new qemu chardev
	Inspired by https://bugzilla.redhat.com/show_bug.cgi?id=615757

	Add a new character device backend for virtio serial channels that
	activates the QEMU spice agent on the main channel using the vdagent
	spicevmc connection.  The <target> must be type='virtio', and supports
	an optional name that specifies how the guest will see the channel
	(for now, name must be com.redhat.spice.0).

	<channel type='spicevmc'>
	  <target type='virtio'/>
	  <address type='virtio-serial' controller='1' bus='0' port='3'/>
	</channel>

	* docs/schemas/domain.rng: Support new XML.
	* docs/formatdomain.html.in: Document it.
	* src/conf/domain_conf.h (virDomainChrType): New enum value.
	* src/conf/domain_conf.c (virDomainChr): Add spicevmc.
	(virDomainChrDefParseXML, virDomainChrSourceDefParseXML)
	(virDomainChrDefParseTargetXML): Parse and enforce proper use.
	(virDomainChrSourceDefFormat, virDomainChrDefFormat): Format.
	* src/qemu/qemu_command.c (qemuBuildChrChardevStr)
	(qemuBuildCommandLine): Add qemu support.
	* tests/qemuxml2argvtest.c (domain): New test.
	* tests/qemuxml2argvdata/qemuxml2argv-channel-spicevmc.xml: New
	file.
	* tests/qemuxml2argvdata/qemuxml2argv-channel-spicevmc.args:
	Likewise.

2011-02-04  Eric Blake  <eblake@redhat.com>

	smartcard: turn on qemu support
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Emit smartcard
	options.
	(qemuAssignDeviceAliases): Assign an alias for smartcards.
	(qemuBuildControllerDevStr): Manage the usb-ccid controller.
	* tests/qemuxml2argvtest.c (mymain): Add new tests.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-host.args: New
	file.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-host-certificates.args:
	Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-passthrough.args:
	Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-controller.args:
	Likewise.

	smartcard: enable SELinux support
	* src/security/security_selinux.c
	(SELinuxRestoreSecuritySmartcardCallback)
	(SELinuxSetSecuritySmartcardCallback): New helper functions.
	(SELinuxRestoreSecurityAllLabel, SELinuxSetSecurityAllLabel): Use
	them.

	smartcard: check for qemu capability
	Qemu smartcard/spicevmc support exists on branches (such as
	http://cgit.freedesktop.org/~alon/qemu/commit/?h=usb_ccid.v15&id=024a37b)
	but is not yet upstream.  The added -help output matches a scratch build
	that will be close to the RHEL 6.1 qemu-kvm.

	* src/qemu/qemu_capabilities.h (QEMUD_CMD_FLAG_CCID_EMULATED)
	(QEMUD_CMD_FLAG_CCID_PASSTHRU, QEMUD_CMD_FLAG_CHARDEV_SPICEVMC):
	New flags.
	* src/qemu/qemu_capabilities.c (qemuCapsComputeCmdFlags)
	(qemuCapsParseDeviceStr): Check for smartcard capabilities.
	(qemuCapsExtractVersionInfo): Tweak comment.
	* tests/qemuhelptest.c (mymain): New test.
	* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel61: New file.
	* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel61-device: Likewise.

	smartcard: add domain conf support
	* src/conf/domain_conf.h (virDomainSmartcardType): New enum.
	(virDomainSmartcardDef, virDomainDeviceCcidAddress): New structs.
	(virDomainDef): Include smartcards.
	(virDomainSmartcardDefIterator): New typedef.
	(virDomainSmartcardDefFree, virDomainSmartcardDefForeach): New
	prototypes.
	(virDomainControllerType, virDomainDeviceAddressType): Add ccid
	enum values.
	(virDomainDeviceInfo): Add ccid address type.
	* src/conf/domain_conf.c (virDomainSmartcard): Convert between
	enum and string.
	(virDomainSmartcardDefParseXML, virDomainSmartcardDefFormat)
	(virDomainSmartcardDefFree, virDomainDeviceCcidAddressParseXML)
	(virDomainDefMaybeAddSmartcardController): New functions.
	(virDomainDefParseXML): Parse the new XML.
	(virDomainDefFormat): Convert back to XML.
	(virDomainDefFree): Clean up.
	(virDomainDeviceInfoIterate): Iterate over passthrough aliases.
	(virDomainController, virDomainDeviceAddress)
	(virDomainDeviceInfoParseXML, virDomainDeviceInfoFormat)
	(virDomainDefAddImplicitControllers): Support new values.
	* src/libvirt_private.syms (domain_conf.h): New exports.
	* cfg.mk (useless_free_options): List new function.

	smartcard: add XML support for <smartcard> device
	Assuming a hypervisor that supports multiple smartcard devices in the
	guest, this would be a valid XML description:

	<devices>
	  <smartcard mode='host'/>
	  <smartcard mode='host-certificates'>
	    <certificate>/path/to/cert1</certificate>
	    <certificate>/path/to/cert2</certificate>
	    <certificate>/path/to/cert3</certificate>
	  </smartcard>
	  <smartcard mode='passthrough' type='tcp'>
	    <source mode='bind' host='127.0.0.1' service='2001'/>
	    <protocol type='raw'/>
	  </smartcard>
	</devices>

	(As of this commit, the qemu hypervisor will be the first
	implementation, but it only supports one smartcard.)

	* docs/formatdomain.html.in (Smartcard devices): New section.
	* docs/schemas/domain.rng (smartcard): New define, used in
	devices.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-host.xml: New file
	to test schema.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-host-certificates.xml:
	Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-passthrough-tcp.xml:
	Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-controller.xml:
	Likewise.

2011-02-04  Alon Levy  <alevy@redhat.com>

	docs/index.html.in: update QEMU url

2011-02-04  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Support booting from hostdev PCI devices

	Support booting from hostdev devices

	qemu: Add shortcut for HMP pass through
	Currently users who want to use virDomainQemuMonitorCommand() API or
	it's virsh equivalent has to use the same protocol as libvirt uses for
	communication to qemu. Since the protocol is QMP with current qemu and
	HMP much more usable for humans, one ends up typing something like the
	following:

	    virsh qemu-monitor-command DOM \
	'{"execute":"human-monitor-command","arguments":{"command-line":"info kvm"}}'

	which is not a very convenient way of debugging qemu.

	This patch introduces --hmp option to qemu-monitor-command, which says
	that the provided command is in HMP. If libvirt uses QMP to talk with
	qemu, the command will automatically be converted into QMP. So the
	example above is simplified to just

	    virsh qemu-monitor-command --hmp DOM "info kvm"

	Also the result is converted from

	    {"return":"kvm support: enabled\r\n"}

	to just plain HMP:

	    kvm support: enabled

	If libvirt talks to qemu in HMP, --hmp flag is obviously a noop.

2011-02-04  Stefan Berger  <stefanb@us.ibm.com>

	macvtap: fix 2 nla_put expressions (non-serious bug)
	This patch fixes 2 occurrences of nla_put expression with a '!' in
	front of them that basically prevented the detection that the buffer
	is too small. However, code further below would then detect that the
	buffer is too small when further parts are added to the netlink message.

2011-02-04  Eric Blake  <eblake@redhat.com>

	qemu: avoid double shutdown
	* src/qemu/qemu_driver.c (qemudShutdownVMDaemon): Check that vm is
	still active.
	Reported by Wen Congyang as follows:

	Steps to reproduce this bug:

	1. use gdb to debug libvirtd, and set breakpoint in the function
	   qemuConnectMonitor()
	2. start a vm, and the libvirtd will be stopped in qemuConnectMonitor()
	3. kill -STOP $(cat /var/run/libvirt/qemu/<domain>.pid)
	4. continue to run libvirtd in gdb, and libvirtd will be blocked in the
	   function qemuMonitorSetCapabilities()
	5. kill -9 $(cat /var/run/libvirt/qemu/<domain>.pid)

	Here is log of the qemu:
	=========
	LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin ...
	char device redirected to /dev/pts/3
	2011-01-27 09:38:48.101: shutting down
	2011-01-27 09:41:26.401: shutting down
	=========

	The vm is shut down twice. I do not know whether this behavior has
	side effect, but I think we should shutdown the vm only once.

2011-02-03  Davidlohr Bueso  <dave@gnu.org>

	Fix conflicts with glibc globals
	When compiling libvirt with GCC 3.4.6 the following warning is being triggered quite a lot:

	util/memory.h:60: warning: declaration of 'remove' shadows a global declaration
	/usr/include/stdio.h:175: warning: shadowed declaration is here

	Fix this by renaming the parameter to 'toremove'.

2011-02-03  Daniel Veillard  <veillard@redhat.com>

	Fix compilation when building without sasl
	Use of saslDecoded field need to be guarded by #if HAVE_SASL/endif
	* src/remote/remote_driver.c: fix remoteIOEventLoop accordingly

2011-02-03  Eric Blake  <eblake@redhat.com>

	docs: more on qemu locking patterns
	* src/qemu/THREADS.txt: Improve documentation.

2011-02-03  Niels de Vos  <ndevos@redhat.com>

	qemuBuildDeviceAddressStr() checks for QEMUD_CMD_FLAG_PCI_MULTIBUS
	Depending if the qemu binary supports multiple pci-busses, the device
	options will contain "bus=pci" or "bus=pci.0".

	Only x86_64 and i686 seem to have support for multiple PCI-busses. When
	a guest of these architectures is started, set the
	QEMUD_CMD_FLAG_PCI_MULTIBUS flag.

2011-02-02  Daniel P. Berrange  <berrange@redhat.com>

	Don't sleep in poll() if there is existing SASL decoded data
	In the SASL codepath we typically read far more data off the
	wire than we immediately need. When using a connection from a
	single thread this isn't a problem, since only our reply will
	be pending (or an event we can handle directly). When using a
	connection from multiple threads though, we may read the data
	from replies from other threads. If those replies occur after
	our own reply, they'll not be processed. The other thread will
	then go into poll() and wait for its reply which has already
	been received and decoded. The solution is to set poll() timeout
	to 0 if there is pending SASL data.

	* src/remote/remote_driver.c: Don't sleep in poll() if SASL
	  data exists

2011-02-02  Justin Clift  <jclift@redhat.com>

	docs: renamed hudson project link to jenkins, matching project rename

2011-02-02  Stefan Berger  <stefanb@us.ibm.com>

	macvtap: fix variable in debugging output
	This patch fixes a variable in the debugging output.

2011-02-02  Eric Blake  <eblake@redhat.com>

	build: fix parted detection at configure time
	* configure.ac (PARTED_FOUND): Issue configure error if
	--with-storage-disk=yes but no parted is found.

2011-02-01  Osier Yang  <jyang@redhat.com>

	docs: Update docs for cpu_shares setting
	* tools/virsh.pod

	qemu: Build command line for incoming tunneled	migration
	Command line building for incoming tunneled migration is missed,
	as a result, all the tunneled migration will fail with "unknown
	migration protocol".

	* src/qemu/qemu_command.c

2011-02-01  Paweł Krześniak  <pawel.krzesniak@gmail.com>

	bridge_driver: handle DNS over IPv6
	* dnsmasq listens on all defined IPv[46] addresses for network
	* Add ip6tables rules to allow DNS traffic to host

2011-02-01  Juerg Haefliger  <juerg.haefliger@hp.com>

	tests: handle backspace-newline pairs in test input files
	This patch teaches testutil how to read multi-line input files with
	backspace-newline line continuation markers.

	The patch also breaks up all the single-line arguments test input files into
	multi-line files with lines shorter than 80 characters.

2011-01-31  Osier Yang  <jyang@redhat.com>

	qemu: More clear error parsing domain def failure of tunneled migration
	* src/qemu/qemu_driver.c

2011-01-31  Wen Congyang  <wency@cn.fujitsu.com>

	Initialization error of controller in QEmu SCSI hotplug
	Bug manifests itself by:

	1. # virsh attach-disk --target sdb ...
	2. # virsh attach-disk --target sdh ...
	   error: Failed to attach disk
	   error: operation failed: target scsi:0 already exists

	sdh uses scsi:1, rather than scsi:0.

	* src/qemu/qemu_hotplug.c: properly set controller idx in
	  qemuDomainFindOrCreateSCSIDiskController()

2011-01-31  Daniel Veillard  <veillard@redhat.com>

	Osier get commit rights

2011-01-30  Eric Blake  <eblake@redhat.com>

	maint: reject raw close, popen in 'make syntax-check'
	commit f1fe9671e was supposed to make sure we use files.h
	macros to avoid double close, but it didn't work.

	Meanwhile, virCommand is vastly superior to system(), fork(),
	and popen() (also to virExec, but we haven't completed that
	conversion), so enforce that, too.

	* cfg.mk (sc_prohibit_close): Fix typo that excluded close, and
	add pclose.
	(sc_prohibit_fork_wrappers): New rule, for fork, system, and popen.
	* .x-sc_prohibit_close: More exemptions.
	* .x-sc_prohibit_fork_wrappers: New file.
	* Makefile.am (syntax_check_exceptions): Ship new file.
	* src/datatypes.c (virReleaseConnect): Tweak comment to avoid
	false positive.
	* src/util/files.h (VIR_CLOSE): Likewise.

	build: avoid close, system
	* src/fdstream.c (virFDStreamOpenFile, virFDStreamCreateFile):
	Use VIR_FORCE_CLOSE instead of close.
	* tests/commandtest.c (mymain): Likewise.
	* tools/virsh.c (editFile): Use virCommand instead of system.
	* src/util/util.c (__virExec): Special case preservation of std
	file descriptors to child.

2011-01-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	Prefer C style comments over C++ ones
	Pure cosmetic change.

	esx: Ensure max-memory has 4 megabyte granularity

	Add VIR_DIV_UP to divide memory or storage request sizes with round up
	Use it in all places where a memory or storage request size is converted
	to a larger granularity. This avoids requesting too small memory or storage
	sizes that could result from the truncation done by a simple division.

	This extends the round up fix in 6002e0406c338668ea0ecbfeb6c1ef20a8b67efe
	to the whole codebase.

	Instead of reporting errors for odd values in the VMX code round them up.

	Update the QEMU Argv tests accordingly as the original memory size 219200
	isn't a even multiple of 1024 and is rounded up to 215 megabyte now. Change
	it to 219100 and 219136. Use two different values intentionally to make
	sure that rounding up works.

	Update virsh.pod accordingly, as rounding down and rejecting are replaced
	by rounding up.

2011-01-29  Eric Blake  <eblake@redhat.com>

	qemu: fix augeas support for vnc_auto_unix_socket
	Fixes test failure that was overlooked after commit 1e1f7a8950.

	* daemon/Makefile.am (check-local): Let 'make check' fail on error.
	* daemon/test_libvirtd.aug: Move qemu-specific option...
	* src/qemu/test_libvirtd_qemu.aug: ...into correct test.
	* src/qemu/libvirtd_qemu.aug: Parse new option.

2011-01-29  Michal Privoznik  <mprivozn@redhat.com>

	virsh: added --all flag to freecell command
	This will iterate over all NUMA nodes, showing
	free memory for each and sum at the end.
	Existing default behavior is not changed.

2011-01-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Don't try to change max-memory of an active domain
	Report an VIR_ERR_OPERATION_INVALID error in that case instead of letting
	the SOAP call fail with an VIR_ERR_INTERNAL_ERROR error.

2011-01-29  Eric Blake  <eblake@redhat.com>

	qemu aio: enable support
	qemu allows the user to choose what io storage api should be used,
	either the default (threads) or native (linux aio) which in the latter
	case can result in better performance.

	Based on a patch originally by Matthias Dahl.

	Red Hat Bugzilla #591703

2011-01-29  Matthias Dahl  <mdvirt@designassembly.de>

	qemu aio: parse aio support from qemu -help

	qemu aio: add XML parsing
	Allows io={threads|native} as an optional attribute to <driver>.

2011-01-28  Juerg Haefliger  <juerg.haefliger@hp.com>

	docs: replace CRLF with LF

2011-01-28  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus log warning lines when launching QEMU
	The refactoring of QEMU command startup was comitted with
	a couple of VIR_WARN lines left in from debugging.

	* src/qemu/qemu_driver.c: Remove log warning lines

	Remove double close of qemu monitor
	When qemuMonitorSetCapabilities() fails, there is no need to
	call qemuMonitorClose(), because the caller will already see
	the error code and tear down the entire VM. The extra call to
	qemuMonitorClose resulted in a double-free due to it removing
	a ref count prematurely.

	* src/qemu/qemu_driver.c: Remove premature close of monitor

	Prevent overfilling of self-pipe in python event loop
	If the event loop takes a very long time todo something, it is
	possible for the 'self pipe' buffer to become full at which
	point the entire event loop + remote driver deadlock. Use a
	boolean flag to ensure we have strict one-in, one-out behaviour
	on writes/reads of the 'self pipe'

2011-01-28  Osier Yang  <jyang@redhat.com>

	docs: Add docs for new extra parameter pkipath
	* docs/remote.html.in

2011-01-28  Eric Blake  <eblake@redhat.com>

	qemu: fix error messages
	Regression in commit caa805ea let a lot of bad messages slip in.

	* cfg.mk (msg_gen_function): Fix function name.
	* src/qemu/qemu_cgroup.c (qemuRemoveCgroup): Fix fallout from
	'make syntax-check'.
	* src/qemu/qemu_driver.c (qemudDomainGetInfo)
	(qemuDomainWaitForMigrationComplete, qemudStartVMDaemon)
	(qemudDomainSaveFlag, qemudDomainAttachDevice)
	(qemuDomainUpdateDeviceFlags): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachHostUsbDevice)
	(qemuDomainDetachPciDiskDevice, qemuDomainDetachSCSIDiskDevice):
	Likewise.

2011-01-28  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: Report more accurate error on failure to attach device.
	When attaching device from a xml file and the device is mis-configured,
	virsh gives mis-leading message "out of memory". This patch fixes this.

2011-01-28  Wen Congyang  <wency@cn.fujitsu.com>

	Force guest suspend at timeout
	If the memory of guest OS is changed constantly, the live migration
	can not be ended ever for ever.

	We can use the command 'virsh migrate-setmaxdowntime' to control the
	live migration. But the value of maxdowntime is diffcult to calculate
	because it depends on the transfer speed of network and constantly
	changing memroy size. We need a easy way to control the live migration.

	This patch adds the support of forcing guest to suspend at timeout.
	With this patch, when we migrate the guest OS, we can specify a
	timeout. If the live migration timeouts, auto-suspend the guest OS,
	where the migration will complete offline.

	Show migration progress.
	Show migration progress if `migrate --verbose'.

2011-01-28  Hu Tao  <hutao@cn.fujitsu.com>

	Cancel migration if user presses Ctrl-C when migration is in progress
	While migration is in progress and virsh is waiting for its
	completion, user may want to terminate the progress by pressing
	Ctrl-C. But virsh just exits on user's Ctrl-C leaving migration
	in background that user isn't even aware of. It's not reasonable.

	This patch changes the behaviour for migration. For other
	commands Ctrl-C still terminates virsh itself.

2011-01-28  Eric Blake  <eblake@redhat.com>

	qemu: use separate alias for chardev and associated device
	* src/qemu/qemu_command.c (qemuBuildChrChardevStr): Alter the
	chardev alias.
	(qemuBuildCommandLine): Output an id for the chardev counterpart.
	* tests/qemuxml2argvdata/*: Update tests to match.
	Reported by Daniel P. Berrange.

2011-01-28  Wen Congyang  <wency@cn.fujitsu.com>

	avoid vm to be deleted if qemuConnectMonitor failed
	Steps to reproduce this bug:
	1. service libvirtd start
	2. virsh start <domain>
	3. kill -STOP $(cat /var/run/libvirt/qemu/<domain>.pid)
	4. service libvirtd restart
	5. kill -9 $(cat /var/run/libvirt/qemu/<domain>.pid)

	Then libvirtd will core dump or be in deadlock state.

	Make sure that json is built into libvirt and the version
	of qemu is newer than 0.13.0.

	The reason of libvirtd cores dump is that:
	We add vm->refs when we alloc the memory, and decrease it
	in the function qemuHandleMonitorEOF() in other thread.

	We add vm->refs in the function qemuConnectMonitor() and
	decrease it when the vm is inactive.

	The libvirtd will block in the function qemuMonitorSetCapabilities()
	because the vm is stopped by signal SIGSTOP. Now the vm->refs is 2.

	Then we kill the vm by signal SIGKILL. The function
	qemuMonitorSetCapabilities() failed, and then we will decrease vm->refs
	in the function qemuMonitorClose().
	In another thread, mon->fd is broken and the function
	qemuHandleMonitorEOF() is called.

	If qemuHandleMonitorEOF() decreases vm->refs before qemuConnectMonitor()
	returns, vm->refs will be decrease to 0 and the memory is freed.

	We will call qemudShutdownVMDaemon() as qemuConnectMonitor() failed.
	The memory has been freed, so qemudShutdownVMDaemon() is too dangerous.

	We will reference NULL pointer in the function virDomainConfVMNWFilterTeardown():
	=============
	void
	virDomainConfVMNWFilterTeardown(virDomainObjPtr vm) {
	    int i;

	    if (nwfilterDriver != NULL) {
	        for (i = 0; i < vm->def->nnets; i++)
	            virDomainConfNWFilterTeardown(vm->def->nets[i]);
	    }
	}
	============
	vm->def->nnets is not 0 but vm->def->nets is NULL(We don't set vm->def->nnets
	to 0 when we free vm).

	We should add an extra reference of vm to avoid vm to be deleted if
	qemuConnectMonitor() failed.

2011-01-28  Jiri Denemark  <jdenemar@redhat.com>

	tests: Fix virtio channel tests
	As noticed by Eric, commit 8e28c5d40200b4c5d483bd585d237b9d870372e5,
	which fixed generation of virtio-serial port numbers, forgot to adjust
	test files which resulted in make check failure.

2011-01-28  Justin Clift  <jclift@redhat.com>

	docs: expand the man page text for virsh setmaxmem
	Addresses BZ # 622534:

	  https://bugzilla.redhat.com/show_bug.cgi?id=622534

2011-01-28  Eric Blake  <eblake@redhat.com>

	event: fix event-handling allocation crash
	Regression introduced in commit e6b68d7 (Nov 2010).

	Prior to that point, handlesAlloc was always a multiple of
	EVENT_ALLOC_EXTENT (10), and was an int (so even if the subtraction
	had been able to wrap, a negative value would be less than the count
	not try to free the handles array).  But after that point,
	VIR_RESIZE_N made handlesAlloc grow geometrically (with a pattern of
	10, 20, 30, 45 for the handles array) but still freed in multiples of
	EVENT_ALLOC_EXTENT; and the count changed to size_t.  Which means that
	after 31 handles have been created, then 30 handles destroyed,
	handlesAlloc is 5 while handlesCount is 1, and since (size_t)(1 - 5)
	is indeed greater than 1, this then tried to free 10 elements, which
	had the awful effect of nuking the handles array while there were
	still live handles.

	Nuking live handles puts libvirtd in an inconsistent state, and was
	easily reproducible by starting and then stopping 60 faqemu guests.

	* daemon/event.c (virEventCleanupTimeouts, virEventCleanupHandles):
	Avoid integer wrap-around causing us to delete the entire array
	while entries are still active.
	* tests/eventtest.c (mymain): Expose the bug.

2011-01-27  Justin Clift  <jclift@redhat.com>

	docs: fix incorrect XML element mentioned by setmem text

2011-01-27  Osier Yang  <jyang@redhat.com>

	remote: Add extra parameter pkipath for URI
	This new parameter allows user specifies where the client
	cerficate, client key, CA certificate of x509 is, instead of
	hardcoding it. If 'pkipath' is not specified, and the user
	is not root, try to find files in $HOME/.pki/libvirt, as long
	as one of client cerficate, client key, CA certificate can
	not be found, use default global location (LIBVIRT_CACERT,
	LIBVIRT_CLIENTCERT, LIBVIRT_CLIENTKEY, see
	src/remote/remote_driver.h)

	Example of use:

	[root@Osier client]# virsh -c qemu+tls://10.66.93.111/system?pkipath=/tmp/pki/client
	error: Cannot access CA certificate '/tmp/pki/client/cacert.pem': No such file
	or directory
	error: failed to connect to the hypervisor
	[root@Osier client]# ls -l
	total 24
	-rwxrwxr-x. 1 root root 6424 Jan 24 21:35 a.out
	-rw-r--r--. 1 root root 1245 Jan 23 19:04 clientcert.pem
	-rw-r--r--. 1 root root  132 Jan 23 19:04 client.info
	-rw-r--r--. 1 root root 1679 Jan 23 19:04 clientkey.pem

	[root@Osier client]# cp /tmp/cacert.pem .
	[root@Osier client]# virsh -c qemu+tls://10.66.93.111/system?pkipath=/tmp/pki/client
	Welcome to virsh, the virtualization interactive terminal.

	Type:  'help' for help with commands
	'quit' to quit

	virsh #

	* src/remote/remote_driver.c: adds support for the new pkipath URI parameter

	storage: Round up capacity for LVM volume creation
	If vol->capacity is odd, the capacity will be rounded down
	by devision, this patch is to round it up instead of rounding
	down, to be safer in case of one writes to the volume with the
	size he used to create.

	- src/storage/storage_backend_logical.c: make sure size is not rounded down

2011-01-27  Daniel Veillard  <veillard@redhat.com>

	Update localization files from Fedora i10n

2011-01-27  David Allan  <dallan@redhat.com>

	Do not use virtio-serial port 0 for generic ports
	Per the discussion in:

	https://bugzilla.redhat.com/show_bug.cgi?id=670394

	The port numbering should start from 1, not 0.  We assign maxport + 1,
	so start maxport at 0.

2011-01-26  Laine Stump  <laine@laine.org>

	Manually kill gzip if restore fails before starting qemu
	If a guest image is saved in compressed format, and the restore fails
	in some way after the intermediate process used to uncompress the
	image has been started, but before qemu has been started to hook up to
	the uncompressor, libvirt will endlessly wait for the uncompressor to
	finish, but it never will because it's still waiting to have something
	hooked up to drain its output.

	The solution is to close the pipes on both sides of the uncompressor,
	then send a SIGTERM before calling waitpid on it (only if the restore
	has failed, of course).

2011-01-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix setup of lib directory with autogen.sh --system
	On x86_64 hosts, /usr/lib64 must be used instead of /usr/lib
	Rather than attempt to whitelist architectures, just check
	for existance of /usr/lib64

	* autogen.sh: Fix to use /usr/lib64 if it exists

	Add check for poll error events in monitor
	Handle poll errors in the same way as hangup event

	* src/qemu/qemu_monitor.c: Handle error events

	Filter out certain expected error messages from libvirtd
	Add a hook to the error reporting APIs to allow specific
	error messages to be filtered out. Wire up libvirtd to
	remove VIR_ERR_NO_DOMAIN & similar error codes from the
	logs. They are still logged at DEBUG level.

	* daemon/libvirtd.c: Filter VIR_ERR_NO_DOMAIN and friends
	* src/libvirt_private.syms, src/util/virterror.c,
	  src/util/virterror_internal.h: Hook for changing error
	  reporting level

	Revert all previous error log priority hacks
	This reverts the additions in commit

	  abff683f78ffd01df5005fb7a457c0b38b8eb6e1

	taking us back to state where all errors are fully logged
	in both libvirtd and normal clients.

	THe intent was to stop VIR_ERR_NO_DOMAIN (No such domain
	with UUID XXXX) messages from client apps polluting syslog
	The change affected all error codes, but more seriously,
	it also impacted errors from internal libvirtd infrastructure
	For example guest autostart no longer logged errors. The
	libvirtd network code no longer logged some errors. This
	makes debugging incredibly hard

	* daemon/libvirtd.c: Remove error log priority filter
	* src/util/virterror.c, src/util/virterror_internal.h: Remove
	  callback for overriding log priority

	Cleanup code style in logging APIs
	Remove use of brackets around following return statement.
	Fix indentation of two switch statements

2011-01-26  Laine Stump  <laine@laine.org>

	Set SELinux context label of pipes used for qemu migration
	This patch is a partial resolution to the following bug:

	   https://bugzilla.redhat.com/show_bug.cgi?id=667756

	(to complete the fix, an updated selinux-policy package is required,
	to add the policy that allows libvirt to set the context of a fifo,
	which was previously not allowed).

	Explanation : When an incoming migration is over a pipe (for example,
	if the image was compressed and is being fed through gzip, or was on a
	root-squash nfs server, so needed to be opened by a child process
	running as a different uid), qemu cannot read it unless the selinux
	context label for the pipe has been set properly.

	The solution is to check the fd used as the source of the migration
	just before passing it to qemu; if it's a fifo (implying that it's a
	pipe), we call the newly added virSecurityManagerSetFDLabel() function
	to set the context properly.

	Add a function to the security driver API that sets the label of an open fd.
	A need was found to set the SELinux context label on an open fd (a
	pipe, as a matter of fact). This patch adds a function to the security
	driver API that will set the label on an open fd to secdef.label. For
	all drivers other than the SELinux driver, it's a NOP. For the SElinux
	driver, it calls fsetfilecon().

	If the return is a failure, it only returns error up to the caller if
	1) the desired label is different from the existing label, 2) the
	destination fd is of a type that supports setting the selinux context,
	and 3) selinux is in enforcing mode. Otherwise it will return
	success. This follows the pattern of the existing function
	SELinuxSetFilecon().

2011-01-26  Justin Clift  <jclift@redhat.com>

	docs: add a link to the bindings page under the downloads menu item
	So people looking to download the language bindings, but don't know
	they're under the "Docs" area.

2011-01-26  Michal Privoznik  <mprivozn@redhat.com>

	virsh: require --mac to avoid detach-interface ambiguity
	bugfix for https://bugzilla.redhat.com/show_bug.cgi?id=671050

	virsh simply refutes to detach-interface in case when multiple
	interfaces are attached and --mac is not specified.

2011-01-26  Wen Congyang  <wency@cn.fujitsu.com>

	dispatch error before return

2011-01-26  Osier Yang  <jyang@redhat.com>

	qemu: Error prompt when managed save a shutoff domain
	The problem was introduced by commit 4303c91, which removed the checking
	of domain state, this patch is to fix it.

	Otherwise, improper error will be thrown, e.g.

	error: Failed to save domain rhel6 state
	error: cannot resolve symlink /var/lib/libvirt/qemu/save/rhel6.save: No such
	file or directory

2011-01-25  Eric Blake  <eblake@redhat.com>

	build: avoid corrupted gnulib/tests/Makefile
	Running 'make check' can sometimes fail in the gnulib/tests
	subdirectory, when doing an incremental build, because
	./bootstrap generates a Makefile.am that tries to refer to
	../../.. instead of ../.., and gets lost.

	This may be an upstream gnulib bug, where a more elegant
	solution will present itself in the future:
	http://thread.gmane.org/gmane.comp.lib.gnulib.bugs/24898

	But in the meantime, I was able to reproduce both the issue,
	and this solution to work around it.

	* bootstrap.conf (bootstrap_epilogue): Ensure that no stray
	../../.. components remain in gnulib/tests/Makefile.in.
	Reported by Serge Hallyn.

2011-01-25  Cole Robinson  <crobinso@redhat.com>

	qemu: sound: Support intel 'ich6' model
	In QEMU, the card itself is a PCI device, but it requires a codec
	(either -device hda-output or -device hda-duplex) to actually output
	sound. Specifying <sound model='ich6'/> gives us -device intel-hda
	-device hda-duplex I think it's important that a simple <sound model='ich6'/>
	sets up a useful codec, to have consistent behavior with all other sound cards.

	This is basically Dan's proposal of

	    <sound model='ich6'>
	        <codec type='output' slot='0'/>
	        <codec type='duplex' slot='3'/>
	    </sound>

	without the codec bits implemented.

	The important thing is to keep a consistent API here, we don't want some
	<sound> devs require tweaking codecs but not others. Steps I see to
	accomplishing this:

	    - every <sound> device has a <codec type='default'/> (unless codecs are
	        manually specified)
	    - <codec type='none'/> is required to specify 'no codecs'
	    - new audio settings like mic=on|off could then be exposed in
	        <sound> or <codec> in a consistent manner for all sound models

	v2:
	    Use model='ich6'

	v3:
	    Use feature detection, from eblake
	    Set codec id, bus, and cad values

	v4:
	    intel-hda isn't supported if -device isn't available

	v5:
	    Comment spelling fixes

2011-01-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	vmx: Use VIR_ERR_CONFIG_UNSUPPORTED when appropriated

2011-01-22  Eric Blake  <eblake@redhat.com>

	event: fix event-handling data race
	This bug has been present since before the time that commit
	f8a519 (Dec 2008) tried to make the dispatch loop re-entrant.

	Dereferencing eventLoop.handles outside the lock risks crashing, since
	any other thread could have reallocated the array in the meantime.
	It's a narrow race window, however, and one that would have most
	likely resulted in passing bogus data to the callback rather than
	actually causing a segv, which is probably why it has gone undetected
	this long.

	* daemon/event.c (virEventDispatchHandles): Cache data while
	inside the lock, as the array might be reallocated once outside.

	build: fix 'make check' with older git
	* .gnulib: Update to latest, for maintainer-makefile fix.
	Reported by Matthias Bolte.

2011-01-22  Cole Robinson  <crobinso@redhat.com>

	Push unapplied fixups for previous patch
	- Add augeas tests
	- Clarify vnc_auto_unix_socket precedence in qemu.conf

	qemu: Add conf option to auto setup VNC unix sockets
	If vnc_auto_unix_socket is enabled, any VNC devices without a hardcoded
	listen or socket value will be setup to serve over a unix socket in
	/var/lib/libvirt/qemu/$vmname.vnc.

	We store the generated socket path in the transient VM definition at
	CLI build time.

	qemu: Allow serving VNC over a unix domain socket
	QEMU supports serving VNC over a unix domain socket rather than traditional
	TCP host/port. This is specified with:

	<graphics type='vnc' socket='/foo/bar/baz'/>

	This provides better security access control than VNC listening on
	127.0.0.1, but will cause issues with tools that rely on the lax security
	(virt-manager in fedora runs as regular user by default, and wouldn't be
	able to access a socket owned by 'qemu' or 'root').

	Also not currently supported by any clients, though I have patches for
	virt-manager, and virt-viewer should be simple to update.

	v2:
	    schema: Make listen vs. socket a <choice>

	qemu: Set domain def transient at beginning of startup process
	This will allow us to record transient runtime state in vm->def, like
	default VNC parameters. Accomplish this by adding an extra 'live' parameter
	to SetDefTransient, with similar semantics to the 'live' flag for
	AssignDef.

2011-01-22  Eric Blake  <eblake@redhat.com>

	maint: support --no-git option during autogen.sh
	https://bugzilla.redhat.com/show_bug.cgi?id=562743

	Also, fixes gnulib bug in dealing with strerror_r from glibc 2.13.

	* .gnulib: Update to latest, for improved bootstrap.
	* bootstrap: Resync from gnulib.
	* autogen.sh (bootstrap): Add --bootstrap-sync, to make it easier
	to keep bootstrap up-to-date.  Pass optional --no-git through.
	Reported by Aleksey Avdeev.

2011-01-22  Jim Fehlig  <jfehlig@novell.com>

	[v2] qemu: Retry JSON monitor cont cmd on MigrationExpected error
	When restoring a saved qemu instance via JSON monitor, the vm is
	left in a paused state.  Turns out the 'cont' cmd was failing with
	"MigrationExpected" error class and "An incoming migration is
	expected before this command can be executed" error description
	due to migration (restore) not yet complete.

	Detect if 'cont' cmd fails with "MigrationExpecte" error class and
	retry 'cont' cmd.

	V2: Fix potential double-free noted by Laine Stump

2011-01-22  Osier Yang  <jyang@redhat.com>

	qemu: report more proper error for unsupported graphics
	Report VIR_ERR_CONFIG_UNSUPPORTED instead of VIR_ERR_INTERNAL_ERROR,
	as it's valid in our domain schema, just unsupported by hypervisor
	here.

	* src/qemu/qemu_command.c

2011-01-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix startup with VNC password expiry on old QEMU
	The code which set VNC passwords correctly had fallback for
	the set_password command, but was lacking it for the
	expire_password command. This made it impossible to start
	a guest. It also failed to check whether QEMU was still
	running after the initial 'set_password' command completed

	* src/qemu/qemu_hotplug.c: Fix error handling when
	  password expiry fails
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_text.c: Fix
	  return code for missing expire_password command

	Fix error reporting when machine type probe fails
	Avoid overwriting the real error message with a generic
	OOM failure message, when machine type probe fails

	* src/qemu/qemu_driver.c: Don't overwrite error

	Avoid crash in security driver if model is NULL
	If the XML security model is NULL, it is assumed that the current
	model will be used with dynamic labelling. The verify step is
	meaningless and potentially crashes if dereferencing NULL

	* src/security/security_manager.c: Skip NULL model on verify

2011-01-21  Wen Congyang  <wency@cn.fujitsu.com>

	qemu: Fix a possible deadlock in p2p migration
	The function virUnrefConnect() may call virReleaseConnect() to release
	the dest connection, and the function virReleaseConnect() will call
	conn->driver->close().

	So the function virUnrefConnect() should be surrounded by
	qemuDomainObjEnterRemoteWithDriver() and
	qemuDomainObjExitRemoteWithDriver() to prevent possible deadlock between
	two communicating libvirt daemons.

	See commit f0c8e1cb3774d6f09e2681ca1988bf235a343007 for further details.

2011-01-20  Eric Blake  <eblake@redhat.com>

	docs: document <controller> element
	* docs/formatdomain.html.in: Talk about <controller> and <address>
	throughout.

2011-01-20  Justin Clift  <jclift@redhat.com>

	docs: move the apps page to the top level as its good promo

	docs: added new entries to apps page, plus adjusted a few existing
	Added new entries for Hudson, LCFG, Tivoli Provisioning Manager,
	virt-what, and Zenoss.  Adjusted the existing entries for BuildBot
	and vmware2libvirt.

2011-01-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid sending STOPPED event twice
	In some circumstances, libvirtd would issue two STOPPED events after it
	stopped a domain. This was because an EOF event can arrive after a qemu
	process is killed but before qemuMonitorClose() is called.

	qemuHandleMonitorEOF() should ignore EOF when the domain is not running.

	I wasn't able to reproduce this bug directly, only after adding an
	artificial sleep() into qemudShutdownVMDaemon().

	qemu: Fail if per-device boot is used but deviceboot is not supported

	spec: Start libvirt-guests only if it's on in current runlevel

2011-01-19  Daniel P. Berrange  <berrange@redhat.com>

	Remove redundant brackets around return values
	A large number of return values used 'return (0)' instead
	of simply 'return 0'. Remove all these redundant brackets
	so the style is consistent throughout the file

	* src/libvirt.c: Remove redundant brackets

	Increase size of driver table to make UML work again
	The driver table only has 10 slots, but there are potentially
	11 drivers that need activating. Improve the error message
	when driver registration fails

	* src/libvirt.c: Increase driver table size & improve errors

	Turn libvirt.c error reporting functions into macros
	The virLibConnError() function (and related ones) do not correctly
	report line number info. Turn them all into macros so line numbers
	are reported correctly. Drop the connection object in all of them
	since it is no longer used.

	Also from the virLibConnWarning() equivalents completely. Now
	that the Xen driver is running 100% inside libvirtd, those
	codepaths for secondary drivers cannot be reached.

	* src/libvirt.c: Replace error functions with macros

2011-01-19  Eric Blake  <eblake@redhat.com>

	docs: document <sysinfo> and <smbios> elements
	* docs/formatdomain.html.in: Talk about <sysinfo> throughout.

	build: use more gnulib modules for simpler code
	* .gnulib: Update to latest, for sigpipe and sigaction modules.
	* bootstrap.conf (gnulib_modules): Add siaction, sigpipe, strerror_r.
	* tools/virsh.c (vshSetupSignals) [!SIGPIPE]: Delete, now that
	gnulib guarantees it.
	(SA_SIGINFO): Define for mingw fallback.
	* src/util/virterror.c (virStrerror): Simplify, now that gnulib
	guarantees the POSIX interface.
	* configure.ac (AC_CHECK_FUNCS_ONCE): Drop redundant check.
	(AM_PROG_CC_STDC): Move earlier, to keep autoconf happy.

2011-01-19  Matthias Bolte  <matthias.bolte@googlemail.com>

	Remove two unused PATH_MAX-sized char arrays from the stack

	Use VIR_ERR_OPERATION_INVALID when appropriated
	VIR_ERR_OPERATION_INVALID means that the operation is not valid
	for the current state of the involved object.

	Fix misuse of VIR_ERR_INVALID_* error code
	VIR_ERR_INVALID_* is meant for invalid pointers only.

	Simplify "NWFilterPool" to "NWFilter"
	The public object is called NWFilter but the corresponding private
	object is called NWFilterPool. I don't see compelling reasons for this
	Pool suffix. One might argue that an NWFilter is a "pool" of rules, etc.

	Remove the Pool suffix from NWFilterPool. No functional change included.

	datatypes: Fix outdated function names in the documentation

	Add documentation for VIR_DOMAIN_MEMORY_PARAM_UNLIMITED
	Otherwise apibuild.py complains about it.

	datatypes: Get virSecretFreeName in sync with the other free functions

	docs: Move the "Network Filtering" page one level up in the hierarchy
	"Network Filtering" is not directly related to "Networks".

	Suggested by Daniel P. Berrange.

2011-01-19  Justin Clift  <jclift@redhat.com>

	docs: add buildbot to the apps page

2011-01-19  Eric Blake  <eblake@redhat.com>

	qemu: don't fail capabilities check on 0.12.x
	Fixes regression introduced in commit 2211518, where all qemu 0.12.x
	fails to start, as does qemu 0.13.x lacking the pci-assign device.
	Prior to 2211518, the code was just ignoring a non-zero exit status
	from the qemu child, but the virCommand code checked this to avoid
	masking any other issues, which means the real bug of provoking
	non-zero exit status has been latent for a longer time.

	* src/qemu/qemu_capabilities.c (qemuCapsExtractVersionInfo): Check
	for -device driver,? support.
	(qemuCapsExtractDeviceStr): Avoid failure if all probed devices
	are unsupported.
	Reported by Ken Congyang.

2011-01-19  Justin Clift  <jclift@redhat.com>

	docs: add new conversion heading to the apps listing

	docs: updated windows page for new 0.8.7 installer

2011-01-18  Eric Blake  <eblake@redhat.com>

	qemu: use -incoming fd:n to avoid qemu holding fd indefinitely
	https://bugzilla.redhat.com/show_bug.cgi?id=620363

	When using -incoming stdio or -incoming exec:, qemu keeps the
	stdin fd open long after the migration is complete.  Not to
	mention that exec:cat is horribly inefficient, by doubling the
	I/O and going through a popen interface in qemu.

	The new -incoming fd: of qemu 0.12.0 closes the fd after using
	it, and allows us to bypass an intermediary cat process for
	less I/O.

	* src/qemu/qemu_command.h (qemuBuildCommandLine): Add parameter.
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Support
	migration via fd: when possible.  Consolidate migration handling
	into one spot, now that it is more complex.
	* src/qemu/qemu_driver.c (qemudStartVMDaemon): Update caller.
	* tests/qemuxml2argvtest.c (mymain): Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-restore-v2-fd.args: New file.
	* tests/qemuxml2argvdata/qemuxml2argv-restore-v2-fd.xml: Likewise.

2011-01-18  Jiri Denemark  <jdenemar@redhat.com>

	tests: Add tests for per-device boot elements

	qemu: Support per-device boot ordering
	Support for this is included in qemu and seabios from upstream git.

	Introduce per-device boot element
	Currently, boot order can be specified per device class but there is no
	way to specify exact disk/NIC device to boot from.

	This patch adds <boot order='N'/> element which can be used inside
	<disk/> and <interface/>. This is incompatible with the older os/boot
	element. Since not all hypervisors support per-device boot
	specification, new deviceboot flag is included in capabilities XML for
	hypervisors which understand the new boot element. Presence of the flag
	allows (but doesn't require) users to use the new style boot order
	specification.

	conf: Move boot parsing into a separate function

2011-01-17  Eric Blake  <eblake@redhat.com>

	build: let xgettext see strings in libvirt-guests
	* tools/libvirt-guests.init.in: Rename...
	* tools/libvirt-guests.init.sh: ...so that xgettext's language
	detection via suffix will work.
	* po/POTFILES.in: Update all references.
	* tools/Makefile.am (EXTRA_DIST, libvirt-guests.init): Likewise.

2011-01-17  Laurent Léonard  <laurent@open-minds.org>

	libvirt-guests: remove bashisms
	* tools/libvirt-guests.init.sh: Use only POSIX shell features, which
	includes using gettext.sh for translation rather than $"".
	* tools/Makefile.am (libvirt-guests.init): Supply a few more substitutions.
	* po/POTFILES.in: Mark that libvirt-guests.init needs translation.

2011-01-17  Daniel Veillard  <veillard@redhat.com>

	A couple of fixes for the search PHP code

2011-01-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Remove obsolete secaatest
	Before the security driver was refactored in d6623003 seclabeltest and
	secaatest were basically the same. seclabeltest was meant for SELinux
	and secaatest for AppArmor. Both tests exited early when the specific
	security driver backend wasn't enabled.

	With the new security manager trying to initialize a disabled security
	driver backend is an error that can't be distinguished from other errors
	anymore. Therefore, the updated seclabeltest just asks for the first
	available backend as this will always work even with SELinux and AppArmor
	backend being disabled due to the new Nop backend.

	Remove the obsolete secaatest and compile and run the seclabeltest
	unconditional.

	This fixes make check on systems that support AppArmor.

	virsh: Use WITH_SECDRIVER_APPARMOR to detect AppArmor support
	There is no ENABLE_SECDRIVER_APPARMOR.

2011-01-15  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	memtune: Let virsh know the unlimited value for memory tunables
	Display or set unlimited values for memory parameters. Unlimited is
	represented by INT64_MAX in memory cgroup.

	Reported-by: Justin Clift <jclift@redhat.com>

2011-01-15  Eric Blake  <eblake@redhat.com>

	maint: improve sc_prohibit_strncmp syntax check
	* .gnulib: Update, for sc_prohibit_strcmp fix.
	* cfg.mk: Adjust copyright; the only FSF portions come from when
	this file was copied from coreutils.
	(sc_prohibit_strncmp): Copy bug-fixes from sc_prohibit_strcmp.
	* .x-sc_prohibit_strcmp: Delete, now that rule is smarter.
	* .x-sc_prohibit_strncmp: Likewise.
	* Makefile.am (syntax_check_exceptions): Track deletion.

	datatypes: avoid redundant __FUNCTION__
	virLibConnError already includes __FUNCTION__ in its output, so we
	were redundant.  Furthermore, clang warns that __FUNCTION__ is not
	a string literal (at least __FUNCTION__ will never contain %, so
	it was not a security risk).

	* src/datatypes.c: Replace __FUNCTION__ with a descriptive string.

2011-01-15  Laine Stump  <laine@laine.org>

	Enable tuning of qemu network tap device "sndbuf" size
	This is in response to a request in:

	   https://bugzilla.redhat.com/show_bug.cgi?id=665293

	In short, under heavy load, it's possible for qemu's networking to
	lock up due to the tap device's default 1MB sndbuf being
	inadequate. adding "sndbuf=0" to the qemu commandline -netdevice
	option will alleviate this problem (sndbuf=0 actually sets it to
	0xffffffff).

	Because we must be able to explicitly specify "0" as a value, the
	standard practice of "0 means not specified" won't work here. Instead,
	virDomainNetDef also has a sndbuf_specified, which defaults to 0, but
	is set to 1 if some value was given.

	The sndbuf value is put inside a <tune> element of each <interface> in
	the domain. The intent is that further tunable settings will also be
	placed inside this element.

	     <interface type='network'>
	       ...
	       <tune>
	         <sndbuf>0</sndbuf>
	       ...
	       </tune>
	     </interface>

	Add XML config switch to enable/disable vhost-net support
	This patch is in response to

	  https://bugzilla.redhat.com/show_bug.cgi?id=643050

	The existing libvirt support for the vhost-net backend to the virtio
	network driver happens automatically - if the vhost-net device is
	available, it is always enabled, otherwise the standard userland
	virtio backend is used.

	This patch makes it possible to force whether or not vhost-net is used
	with a bit of XML. Adding a <driver> element to the interface XML, eg:

	     <interface type="network">
	       <model type="virtio"/>
	       <driver name="vhost"/>

	will force use of vhost-net (if it's not available, the domain will
	fail to start). if driver name="qemu", vhost-net will not be used even
	if it is available.

	If there is no <driver name='xxx'/> in the config, libvirt will revert
	to the pre-existing automatic behavior - use vhost-net if it's
	available, and userland backend if vhost-net isn't available.

2011-01-15  Marc-André Lureau  <marcandre.lureau@redhat.com>

	Use the new set_password monitor command to set password.
	We try to use that command first when setting a VNC/SPICE password. If
	that doesn't work we fallback to the legacy VNC only password

	Allow an expiry time to be set, if that doesn't work, throw an error
	if they try to use SPICE.

	Change since v1:
	- moved qemuInitGraphicsPasswords to qemu_hotplug, renamed
	  to qemuDomainChangeGraphicsPasswords.
	- updated what looks like a typo (that appears to work anyway) in
	  initial patch from Daniel:
	    - ret = qemuInitGraphicsPasswords(driver, vm,
	    -                                 VIR_DOMAIN_GRAPHICS_TYPE_SPICE,
	    -                                 &vm->def->graphics[0]->data.vnc.auth,
	    -                                 driver->vncPassword);
	    + ret = qemuInitGraphicsPasswords(driver, vm,
	    +                                 VIR_DOMAIN_GRAPHICS_TYPE_SPICE,
	    +                                 &vm->def->graphics[0]->data.spice.auth,
	    +                                 driver->spicePassword);

	Based on patch by Daniel P. Berrange <berrange@redhat.com>.

	qemu: add set_password and expire_password monitor commands

2011-01-15  Jim Fehlig  <jfehlig@novell.com>

	Fix 'make check' after commit 04197350
	I broke 'make check' with commit 04197350 by unconditionally
	emitting 'hap=' in xen xm driver.  Only emit 'hap=' if
	xendConfigVersion >= 3.  I've tested sending 'hap=' to a Xen 3.2
	machine without support for hap setting and verified that xend
	silently drops the unrecognized setting.

2011-01-15  Eric Blake  <eblake@redhat.com>

	qemu: move monitor device out of domain_conf common code
	* src/conf/domain_conf.h (virDomainChrDeviceType): Drop monitor.
	* src/conf/domain_conf.c (virDomainChrDevice)
	(virDomainChrDefParseTargetXML, virDomainChrDefFormat): Drop
	monitor support.
	* src/qemu/qemu_command.h (qemuBuildCommandLine): Alter signature.
	* src/qemu/qemu_monitor.h (qemuMonitorOpen): Likewise.
	* src/qemu/qemu_domain.h (_qemuDomainObjPrivate): Change type of
	monConfig.
	* src/qemu/qemu_domain.c (qemuDomainObjPrivateFree)
	(qemuDomainObjPrivateXMLFormat, qemuDomainObjPrivateXMLParse):
	Adjust to type change.
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Likewise.
	* src/qemu/qemu_driver.c (qemuPrepareMonitorChr)
	(qemudStartVMDaemon, qemuDomainXMLToNative, qemuConnectMonitor)
	(qemudShutdownVMDaemon): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorOpen): Likewise.
	* tests/qemuxml2argvtest.c (testCompareXMLToArgvFiles): Likewise.

	domain_conf: split source data out from ChrDef
	This opens up the possibility of reusing the smaller ChrSourceDef
	for both qemu monitor and a passthrough smartcard device.

	* src/conf/domain_conf.h (_virDomainChrDef): Factor host
	details...
	(_virDomainChrSourceDef): ...into new struct.
	(virDomainChrSourceDefFree): New prototype.
	* src/conf/domain_conf.c (virDomainChrDefFree)
	(virDomainChrDefParseXML, virDomainChrDefFormat): Split...
	(virDomainChrSourceDefClear, virDomainChrSourceDefFree)
	(virDomainChrSourceDefParseXML, virDomainChrSourceDefFormat):
	...into new functions.
	(virDomainChrDefParseTargetXML): Update clients to reflect type
	split.
	* src/vmx/vmx.c (virVMXParseSerial, virVMXParseParallel)
	(virVMXFormatSerial, virVMXFormatParallel): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainOpenConsole): Likewise.
	* src/xen/xend_internal.c (xenDaemonParseSxprChar)
	(xenDaemonFormatSxprChr): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainDumpXML, vboxAttachSerial)
	(vboxAttachParallel): Likewise.
	* src/security/security_dac.c (virSecurityDACSetChardevLabel)
	(virSecurityDACSetChardevCallback)
	(virSecurityDACRestoreChardevLabel)
	(virSecurityDACRestoreChardevCallback): Likewise.
	* src/security/security_selinux.c (SELinuxSetSecurityChardevLabel)
	(SELinuxSetSecurityChardevCallback)
	(SELinuxRestoreSecurityChardevLabel)
	(SELinuxSetSecurityChardevCallback): Likewise.
	* src/security/virt-aa-helper.c (get_files): Likewise.
	* src/lxc/lxc_driver.c (lxcVmStart, lxcDomainOpenConsole):
	Likewise.
	* src/uml/uml_conf.c (umlBuildCommandLineChr): Likewise.
	* src/uml/uml_driver.c (umlIdentifyOneChrPTY, umlIdentifyChrPTY)
	(umlDomainOpenConsole): Likewise.
	* src/qemu/qemu_command.c (qemuBuildChrChardevStr)
	(qemuBuildChrArgStr, qemuBuildCommandLine)
	(qemuParseCommandLineChr): Likewise.
	* src/qemu/qemu_domain.c (qemuDomainObjPrivateXMLFormat)
	(qemuDomainObjPrivateXMLParse): Likewise.
	* src/qemu/qemu_cgroup.c (qemuSetupChardevCgroup): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
	* src/qemu/qemu_driver.c (qemudFindCharDevicePTYsMonitor)
	(qemudFindCharDevicePTYs, qemuPrepareChardevDevice)
	(qemuPrepareMonitorChr, qemudShutdownVMDaemon)
	(qemuDomainOpenConsole): Likewise.
	* src/qemu/qemu_command.h (qemuBuildChrChardevStr)
	(qemuBuildChrArgStr): Delete, now that they are static.
	* src/libvirt_private.syms (domain_conf.h): New exports.
	* cfg.mk (useless_free_options): Update list.
	* tests/qemuxml2argvtest.c (testCompareXMLToArgvFiles): Update
	tests.

2011-01-15  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Add support for Westmere CPU model

2011-01-14  Eric Blake  <eblake@redhat.com>

	qemu: improve device flag parsing
	* src/qemu/qemu_capabilities.h (qemuCapsParseDeviceStr): New
	prototype.
	* src/qemu/qemu_capabilities.c (qemuCapsParsePCIDeviceStrs)
	Rename and split...
	(qemuCapsExtractDeviceStr, qemuCapsParseDeviceStr): ...to make it
	easier to add and test device-specific checks.
	(qemuCapsExtractVersionInfo): Update caller.
	* tests/qemuhelptest.c (testHelpStrParsing): Also test parsing of
	device-related flags.
	(mymain): Update expected flags.
	* tests/qemuhelpdata/qemu-0.12.1-device: New file.
	* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel60-device: New file.
	* tests/qemuhelpdata/qemu-kvm-0.12.3-device: New file.
	* tests/qemuhelpdata/qemu-kvm-0.13.0-device: New file.

	util: add missing string->integer conversion functions
	It was awkward having only int conversion in the virStrToLong family,
	but only long conversion in the virXPath family.  Make both families
	support both types.

	* src/util/util.h (virStrToLong_l, virStrToLong_ul): New
	prototypes.
	* src/util/xml.h (virXPathInt, virXPathUInt): Likewise.
	* src/util/util.c (virStrToLong_l, virStrToLong_ul): New
	functions.
	* src/util/xml.c (virXPathInt, virXPathUInt): Likewise.
	* src/libvirt_private.syms (util.h, xml.h): Export them.

2011-01-14  Justin Clift  <jclift@redhat.com>

	docs: clarify virsh setvcpus and setmem usage with active domains
	Addresses BZ # 622534:

	  https://bugzilla.redhat.com/show_bug.cgi?id=622534

2011-01-14  Eric Blake  <eblake@redhat.com>

	qemu: convert capabilities to use virCommand
	* src/qemu/qemu_capabilities.c (qemuCapsProbeMachineTypes)
	(qemuCapsProbeCPUModels, qemuCapsParsePCIDeviceStrs)
	(qemuCapsExtractVersionInfo): Use virCommand rather than virExec.

2011-01-14  Justin Clift  <jclift@redhat.com>

	virsh: ensure --maximum flag used only with --config for setvcpus

2011-01-14  Jim Fehlig  <jfehlig@novell.com>

	Document HAP domain feature
	Add HAP feature to schema and documentation.

	Add HAP to xen hypervisor capabilities
	xen-unstable c/s 16931 introduced a per-domain setting for hvm
	guests to enable/disable hardware assisted paging.  If disabled,
	software techniques such as shadow page tables are used.  If enabled,
	and the feature exists in underlying hardware, hardware support for
	paging is used.

	Xen does not provide a mechanism to discover the HAP capability, so
	we advertise its availability for hvm guests on Xen >= 3.3.

	Add support for HAP feature to xen drivers
	xen-unstable c/s 16931 introduced a per-domain setting for hvm
	guests to enable/disable hardware assisted paging.  If disabled,
	software techniques such as shadow page tables are used.  If enabled,
	and the feature exists in underlying hardware, hardware support for
	paging is used.

	This provides implementation for mapping HAP setting to/from
	domxml/native formats in xen drivers.

	Add HAP to virDomainFeature enum
	Extend the virDomainFeature enumeration to include HAP (hardware
	assisted paging) feature.

	Hardware features such as Extended Page Table and Nested Page
	Table augment hypervisor software techniques such as shadow
	page table.  Adding HAP to the virDomainFeature enumeration
	allows users to select between hardware and software memory
	management mechanisms for their guests.

2011-01-13  Eric Blake  <eblake@redhat.com>

	tests: virsh is no longer in builddir/src
	Commit 870dba0 (Mar 2008) added builddir/src to PATH to pick
	up virsh.  Later, virsh was moved to tools; commit db68d6b
	(Oct 2009) noticed this, but only added the new location rather
	than deleting the old location.

	* tests/Makefile.am (path_add): Drop now-useless directory.
	Suggested by Daniel P. Berrange.

	virFindFileInPath: only find executable non-directory
	Without this patch, at least tests/daemon-conf (which sticks
	$builddir/src in the PATH) tries to execute the directory
	$builddir/src/qemu rather than a real qemu binary.

	* src/util/util.h (virFileExists): Adjust prototype.
	(virFileIsExecutable): New prototype.
	* src/util/util.c (virFindFileInPath): Reject non-executables and
	directories.  Avoid huge stack allocation.
	(virFileExists): Use lighter-weight syscall.
	(virFileIsExecutable): New function.
	* src/libvirt_private.syms (util.h): Export new function.

2011-01-13  Daniel Veillard  <veillard@redhat.com>

	Fix old PHP syntax in the search online form

2011-01-13  Eric Blake  <eblake@redhat.com>

	build: restore mingw build
	* bootstrap.conf (gnulib_modules): Add chown.

2011-01-13  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix memory leak in HostSystem managed object free function

2011-01-13  Justin Clift  <jclift@redhat.com>

	docs: fix trivial typos in currentMemory description

2011-01-13  Wen Congyang  <wency@cn.fujitsu.com>

	doc: improve the documentation of desturi

	report error when specifying wrong desturi
	When we do peer2peer migration, the dest uri is an address of the
	target host as seen from the source machine. So we must specify
	the ip or hostname of target host in dest uri. If we do not specify
	it, report an error to the user.

2011-01-13  Osier Yang  <jyang@redhat.com>

	qemu: Reject SDL graphic if it's not supported by qemu
	If the emulator doesn't support SDL graphic, we should reject
	the use of SDL graphic xml with error messages, but not ignore
	it silently, and pretend things are fine.

	"-sdl" flag was exposed explicitly by qemu since 0.10.0, more detail:
	http://www.redhat.com/archives/libvir-list/2011-January/msg00442.html

	And we already have capability flag "QEMUD_CMD_FLAG_0_10", which
	could be used to prevent the patch affecting the older versions
	of QEMU.

	* src/qemu/qemu_command.c

2011-01-12  Justin Clift  <jclift@redhat.com>

	docs: reorder apps page alphabetically, plus add libguestfs entries

	docs: add entry for archipel to the apps page

	docs: use xml entity encoding for extended character last name

2011-01-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Silently ignore missing registry key on Windows
	Don't report an error when the VirtualBox registry key is missing,
	as this just indicates that VirtualBox is not installed in general.

	This matches the behavior of the XPCOM glue that silently ignores
	a missing VBoxXPCOMC.so.

2011-01-11  Richard W.M. Jones  <rjones@redhat.com>

	qemu: Watchdog IB700 is not a PCI device (RHBZ#667091).
	Skip IB700 when assigning PCI slots.

	Note: the I6300ESB watchdog _is_ a PCI device.

	To test this: I applied this patch to libvirt-0.8.3-2.fc14 (rebasing
	it slightly: qemu_command.c didn't exist in that version) and
	installed this on my machine, then tested that I could successfully
	add an ib700 watchdog device to a guest, start the guest, and the
	ib700 was available to the guest.  I also added an i6300esb (PCI)
	watchdog to another guest, and verified that libvirt assigned a PCI
	device to it, that the guest could be started, and that i6300esb was
	present in the guest.

	Note that if you previously had a domain with a ib700 watchdog, it
	would have had an <address type='pci' .../> clause added to it in the
	libvirt configuration.  This patch does not attempt to remove this.
	You cannot start such a domain -- qemu gives an error if you try.
	With this patch you are able to remove the bogus address element
	without libvirt adding it back.

2011-01-11  Eric Blake  <eblake@redhat.com>

	cpu: plug memory leak
	* src/cpu/cpu_x86.c (x86ModelLoad): Free data before overwriting.

	network: plug memory leak
	* src/conf/network_conf.c (virNetworkDefParseXML): Release ipNodes.

	network: plug unininitialized read found by valgrind
	* src/util/network.c (virSocketAddrMask): Zero out port, so that
	iptables can initialize just the netmask then call
	virSocketFormatAddr without an uninitialized read in getnameinfo.

2011-01-11  Justin Clift  <jclift@redhat.com>

	docs: updated memtune info again in virsh command reference

2011-01-11  Cole Robinson  <crobinso@redhat.com>

	python: Use PyCapsule API if available
	On Fedore 14, virt-manager spews a bunch of warnings to the console:

	/usr/lib64/python2.7/site-packages/libvirt.py:1781: PendingDeprecationWarning: The CObject type is marked Pending Deprecation in Python 2.7.  Please use capsule objects instead.

	Have libvirt use the capsule API if available. I've verified this compiles
	fine on older python (2.6 in RHEL6 which doesn't have capsules), and
	virt-manager seems to function fine.

	event-test: Simplify debug on/off
	Make it easy to change debugging if being used by a client program.

	remote: Don't lose track of events when callbacks are slow
	After the remote driver runs an event callback, it unconditionally disables the
	loop timer, thinking it just flushed every queued event. This doesn't work
	correctly though if an event is queued while a callback is running.

	The events actually aren't being lost, it's just that the event loop didn't
	think there was anything that needed to be dispatched. So all those 'lost
	events' should actually get re-triggered if you manually kick the loop by
	generating a new event (like creating a new guest).

	The solution is to disable the dispatch timer _before_ we invoke any event
	callbacks. Events queued while a callback is running will properly reenable the
	timer.

	More info at https://bugzilla.redhat.com/show_bug.cgi?id=624252

2011-01-11  Daniel P. Berrange  <berrange@redhat.com>

	Refactor the security drivers to simplify usage
	The current security driver usage requires horrible code like

	    if (driver->securityDriver &&
	        driver->securityDriver->domainSetSecurityHostdevLabel &&
	        driver->securityDriver->domainSetSecurityHostdevLabel(driver->securityDriver,
	                                                              vm, hostdev) < 0)

	This pair of checks for NULL clutters up the code, making the driver
	calls 2 lines longer than they really need to be. The goal of the
	patchset is to change the calling convention to simply

	  if (virSecurityManagerSetHostdevLabel(driver->securityDriver,
	                                        vm, hostdev) < 0)

	The first check for 'driver->securityDriver' being NULL is removed
	by introducing a 'no op' security driver that will always be present
	if no real driver is enabled. This guarentees driver->securityDriver
	!= NULL.

	The second check for 'driver->securityDriver->domainSetSecurityHostdevLabel'
	being non-NULL is hidden in a new abstraction called virSecurityManager.
	This separates the driver callbacks, from main internal API. The addition
	of a virSecurityManager object, that is separate from the virSecurityDriver
	struct also allows for security drivers to carry state / configuration
	information directly. Thus the DAC/Stack drivers from src/qemu which
	used to pull config from 'struct qemud_driver' can now be moved into
	the 'src/security' directory and store their config directly.

	* src/qemu/qemu_conf.h, src/qemu/qemu_driver.c: Update to
	  use new virSecurityManager APIs
	* src/qemu/qemu_security_dac.c,  src/qemu/qemu_security_dac.h
	  src/qemu/qemu_security_stacked.c, src/qemu/qemu_security_stacked.h:
	  Move into src/security directory
	* src/security/security_stack.c, src/security/security_stack.h,
	  src/security/security_dac.c, src/security/security_dac.h: Generic
	  versions of previous QEMU specific drivers
	* src/security/security_apparmor.c, src/security/security_apparmor.h,
	  src/security/security_driver.c, src/security/security_driver.h,
	  src/security/security_selinux.c, src/security/security_selinux.h:
	  Update to take virSecurityManagerPtr object as the first param
	  in all callbacks
	* src/security/security_nop.c, src/security/security_nop.h: Stub
	  implementation of all security driver APIs.
	* src/security/security_manager.h, src/security/security_manager.c:
	  New internal API for invoking security drivers
	* src/libvirt.c: Add missing debug for security APIs

2011-01-11  Osier Yang  <jyang@redhat.com>

	conf: Report error if invalid type specified for character device
	If invalid type is specified, e.g.
	<serial type='foo'>
	    <target port='0'/>
	</serial>

	We replace 'foo' with "null" type implicitly, without reporting an
	error message to tell the user, and "start" or "edit" the domain
	will be success.

	It's not good to guess what the user wants, This patch is to fix
	the problem.

	* src/conf/domain_conf.c

2011-01-10  Jiri Denemark  <jdenemar@redhat.com>

	daemon: Fix core dumps if unix_sock_group is set
	Setting unix_sock_group to something else than default "root" in
	/etc/libvirt/libvirtd.conf prevents system libvirtd from dumping core on
	crash. This is because we used setgid(unix_sock_group) before binding to
	/var/run/libvirt/libvirt-sock* and setgid() back to original group.
	However, if a process changes its effective or filesystem group ID, it
	will be forbidden from leaving core dumps unless fs.suid_dumpable sysctl
	is set to something else then 0 (and it is 0 by default).

	Changing socket's group ownership after bind works better. And we can do
	so without introducing a race condition since we loosen access rights by
	changing the group from root to something else.

2011-01-08  Guido Günther  <agx@sigxcpu.org>

	Add AM_MAINTAINER_MODE
	and keep it enabled by default. This allows downstreams to turn it off
	via:

	./configure --disable-maintainer-mode

	as discussed in

	https://www.redhat.com/archives/virt-tools-list/2010-October/msg00049.html

2011-01-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Move occurrence check into esxVI_LookupObjectContentByType
	This simplifies the callers of esxVI_LookupObjectContentByType.

2011-01-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add domain autostart support

2011-01-07  Diego Elio Pettenò  <flameeyes@gmail.com>

	commandtest: avoid printing loader-control variables from commandhelper
	This avoids throwing the tests off if LD_LIBRARY_PATH or LD_PRELOAD or
	other variables are set.

2011-01-07  Justin Clift  <jclift@redhat.com>

	docs: updated release of virsh cmd reference, with memtune info

2011-01-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	vmx: Add support for video device VRAM size
	Update test suite accordingly.

	vbox: Use correct VRAM size unit
	VirtualBox uses megabyte, libvirt uses kilobyte.

2011-01-07  Osier Yang  <jyang@redhat.com>

	API: Improve log for domain related APIs
	Add VM name/UUID in log for domain related APIs.
	Format: "dom=%p, (VM: name=%s, uuid=%s), param0=%s, param1=%s

	*src/libvirt.c (introduce two macros: VIR_DOMAIN_DEBUG, and
	VIR_DOMAIN_DEBUG0)

2011-01-06  Eric Blake  <eblake@redhat.com>

	schema: tighten <serial><protocol type=...> relaxNG
	* docs/schemas/domain.rng (qemucdevSrcDef): Restrict list of
	supported <protocol type=> values.

2011-01-06  Kay Schubert  <kayegypt@web.de>

	bridge: Fix generation of dnsmasq's --dhcp-hostsfile option
	I added a host definition to a network definition:

	<network>
	  <name>Lokal</name>
	  <uuid>2074f379-b82c-423f-9ada-305d8088daaa</uuid>
	  <bridge name='virbr1' stp='on' delay='0' />
	  <ip address='192.168.180.1' netmask='255.255.255.0'>
	    <dhcp>
	      <range start='192.168.180.128' end='192.168.180.254' />
	      <host mac='23:74:00:03:42:02' name='somevm' ip='192.168.180.10' />
	    </dhcp>
	  </ip>
	</network>

	But due to the wrong if-statement the argument --dhcp-hostsfile doesn't get
	added to the dnsmasq command. The patch below fixes it for me.

2011-01-06  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix bogus warning about uninitialized saveptr
	The warning is bogus since strtok_r doesn't use the value when it's
	first called and initializes it for the following calls.

2011-01-06  Laine Stump  <laine@laine.org>

	Don't chown qemu saved image back to root after save if dynamic_ownership=0
	When dynamic_ownership=0, saved images must be owned by the same uid
	as is used to run the qemu process, otherwise restore won't work. To
	accomplish this, qemuSecurityDACRestoreSavedStateLabel() needs to
	simply return when it's called.

	This fix is in response to:

	  https://bugzilla.redhat.com/show_bug.cgi?id=661720

2011-01-06  Eric Blake  <eblake@redhat.com>

	maint: document dislike of mismatched if/else bracing
	* docs/hacking.html.in (Curly braces): Tighten recommendations to
	disallow if (cond) one-line; else { block; }.
	* HACKING: Regenerate.
	Suggested by Daniel P. Berrange.

2011-01-06  Laine Stump  <laine@laine.org>

	Log an error on attempts to add a NAT rule for non-IPv4 addresses
	Although the upper-layer code protected against it, it was possible to
	call iptablesForwardMasquerade() with an IPv6 address and have it
	attempt to add a rule to the MASQUERADE chain of ip6tables (which
	doesn't exist).

	This patch changes that function to check the protocol of the given
	address, generate an error log if it's not IPv4 (AF_INET), and finally
	hardcodes all the family parameters sent down to lower-level functions.

	Improve error reporting when parsing dhcp info for virtual networks
	This is partially in response to

	  https://bugzilla.redhat.com/show_bug.cgi?id=653300

	The crash in that report was coincidentally fixed when we switched
	from using inet_pton() to using virSocketParseAddr(), but the absence
	of an ip address in a dhcp static host definition was still silently
	ignored (and that entry discarded from the saved XML). This patch
	turns that into a logged failure; likewise if the entry has neither a
	mac address nor a name attribute (the entry is useless without at
	least one of those, plus an ip address).

	Since the network name is now pulled into this function in order for
	those error logs to be more informative, the other error messages in
	the function have also been changed to take advantage.

2011-01-05  Justin Clift  <jclift@redhat.com>

	docs: added libvirt-announce to contact page
	Also added explicit links to the subscription and
	archive pages for the user and developer mailing
	lists.

2011-01-05  Stefan Berger  <stefanb@us.ibm.com>

	qemu driver: fix positioning to end of log file
	While doing some testing with Qemu and creating huge logfiles I encountered the case where the VM could not start anymore due to the lseek() to the end of the Qemu VM's log file failing. The patch below fixes the problem by replacing the previously used 'int' with 'off_t'.

	To reproduce this error, you could do the following:

	dd if=/dev/zero of=/var/log/libvirt/qemu/<name of VM>.log bs=1024 count=$((1024*2048))

	and you should get an error like this:

	error: Failed to start domain <name of VM>
	error: Unable to seek to -2147482651 in /var/log/libvirt/qemu/<name of VM>.log: Success

2011-01-05  Eric Blake  <eblake@redhat.com>

	build: satisfy 'make syntax-check' regarding year change
	* .gnulib: Update to latest, to pick up 2011 copyrights.

2011-01-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.8.7
	* configure.ac libvirt.spec.in docs/news.html.in: bump version and add
	  documentation
	* po/*po*: regenerate po and pot files

2011-01-04  Eric Blake  <eblake@redhat.com>

	build: avoid compilation warnings
	Detected on cygwin:
	util/util.c: In function 'virSetUIDGID':
	util/util.c:2824: warning: format '%d' expects type 'int', but argument 7 has type 'gid_t' [-Wformat]
	(and three other lines)

	* src/util/util.c (virSetUIDGID): Cast, as is done elsewhere in
	this file, to avoid printf type mismatch warnings.

2011-01-04  Hu Tao  <hutao@cn.fujitsu.com>

	threadpool: allow NULL jobdata
	Don't require non-null jobdata to virThreadPoolSendJob().

2011-01-04  Chris Wright  <chrisw@redhat.com>

	node_device: udev driver does not handle SR-IOV devices
	The udev driver does not update a PCI device with its SR-IOV capabilities,
	when applicable, the way the hal driver does.  As a result, dumping the
	device's XML will not include the relevant physical or virtual function
	information.

	With this patch, the XML is correct:

	# virsh nodedev-dumpxml pci_0000_09_00_0
	<device>
	  <name>pci_0000_09_00_0</name>
	  <parent>pci_0000_00_1c_0</parent>
	  <driver>
	    <name>vxge</name>
	  </driver>
	  <capability type='pci'>
	    <domain>0</domain>
	    <bus>9</bus>
	    <slot>0</slot>
	    <function>0</function>
	    <product id='0x5833'>X3100 Series 10 Gigabit Ethernet PCIe</product>
	    <vendor id='0x17d5'>Neterion Inc.</vendor>
	    <capability type='virt_functions'>
	      <address domain='0x0000' bus='0x0a' slot='0x00' function='0x1'/>
	      <address domain='0x0000' bus='0x0a' slot='0x00' function='0x2'/>
	      <address domain='0x0000' bus='0x0a' slot='0x00' function='0x3'/>
	    </capability>
	  </capability>
	</device>

	# virsh nodedev-dumpxml pci_0000_0a_00_1
	<device>
	  <name>pci_0000_0a_00_1</name>
	  <parent>pci_0000_00_1c_0</parent>
	  <driver>
	    <name>vxge</name>
	  </driver>
	  <capability type='pci'>
	    <domain>0</domain>
	    <bus>10</bus>
	    <slot>0</slot>
	    <function>1</function>
	    <product id='0x5833'>X3100 Series 10 Gigabit Ethernet PCIe</product>
	    <vendor id='0x17d5'>Neterion Inc.</vendor>
	    <capability type='phys_function'>
	      <address domain='0x0000' bus='0x09' slot='0x00' function='0x0'/>
	    </capability>
	  </capability>
	</device>

	Cc: Dave Allan <dallan@redhat.com>

2011-01-01  Eric Blake  <eblake@redhat.com>

	virExec: fix logic bug
	As pointed out in https://bugzilla.redhat.com/show_bug.cgi?id=659855#c9,
	commit c3568ec2 introduced a regression where we no longer close any
	fd's beyond FD_SETSIZE.

	* src/util/util.c (__virExec): Continue to close fd's beyond
	keepfd range.
	Reported by Stefan Praszalowicz.

2011-01-01  Laine Stump  <laine@laine.org>

	Improve virSocketAddrMask[ByPrefix] API
	The original version of these functions would modify the address sent
	in, meaning that the caller would usually need to copy the address
	first. This change makes the original a const, and puts the resulting
	masked address into a new arg (which could point to the same
	virSocketAddr as the original, if the caller really wants to modify
	it).

	This also makes the API consistent with virSocketAddrBroadcast[ByPrefix].

	Set broadcast address for IPv4 addresses on virtual network bridges
	Previously we used ioctl() to set the IP address and netmask of the
	bridges used for virtual networks, and apparently the SIOCSIFNETMASK
	ioctl implicitly set the broadcast address for the interface. The new
	method of using the "ip" command requires broadcast address to be
	explicitly specified though.

	Utility functions to produce an IPv4 broadcast address
	These functions work only for IPv4, becasue IPv6 doesn't have the same
	concept of "broadcast address" as IPv4. They merely OR the inverse of
	the netmask with the given host address, thus turning on all the host
	bits.

2010-12-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix "occurence" typo (again)
	Also include some whitespace changes. No functional change included.

2010-12-28  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Add support for VirtualBox 4.0
	Add vboxArrayGetWithUintArg to handle new signature variations. Also
	refactor vboxArrayGet* implementation to use a common helper function.

	Deal with the incompatible changes in the VirtualBox 4.0 API. This
	includes major changes in virtual machine and storage medium lookup,
	in RDP server property handling, in session/lock handling and other
	minor areas.

	VirtualBox 4.0 also dropped the old event API and replaced it with a
	completely new one. This is not fixed yet and will be addressed in
	another patch. Therefore, currently the domain events are supported
	for VirtualBox 3.x only.

	Based on initial work from Jean-Baptiste Rouault.

	Fix misuse of VIR_ERR_INVALID_DOMAIN
	VIR_ERR_INVALID_DOMAIN is meant for invalid domain pointers.
	VIR_ERR_NO_DOMAIN is meant for non-existing domains.

	vbox: Handle different IID representation in Version 2.2 on Windows
	On Windows IID's are represented as GUID by value, instead of nsID
	by reference on non-Windows platforms.

	Patch the vbox_CAPI_v2_2.h header to deal with this difference.

	Rewrite vboxIID abstraction that deals with the different IID
	representations. Add support for the GUID representation. Also unify
	the four context dependent free functions for vboxIIDs

	  vboxIIDUnalloc, vboxIIDFree, vboxIIDUtf8Free, vboxIIDUtf16Free

	into vboxIIDUnalloc that is now safe to be called (even multiple
	times) on a vboxIID independent of the source and context of the
	vboxIID.

	The new vboxIID is designed to be used as a stack allocated variable.
	It has a value member that represents the actual IID value.

2010-12-24  MORITA Kazutaka  <morita.kazutaka@lab.ntt.co.jp>

	update docs for network disks

2010-12-24  Wen Congyang  <wency@cn.fujitsu.com>

	build: fix building error when building without libvirtd
	When I build libvirt without libvirtd, I receive some errors:
	cp: cannot stat `/home/wency/rpmbuild/BUILDROOT/libvirt-0.8.6-1.el6.x86_64/etc/libvirt/qemu/networks/default.xml': No such file or directory

	My build step:
	# ./autogen.sh --without-libvirtd
	# make dist
	# rpmbuild --nodeps --define "_sourcedir `pwd`" --define "_without_libvirtd 1" -ba libvirt.spec

	The reason is we disable network when we do not build libvirt daemon in configure.ac.
	After fixing this bug, I build libvirt without libvirtd, I receive other errors:
	RPM build errors:
	    Installed (but unpackaged) file(s) found:
	   /usr/share/doc/libvirt-0.8.6/html/32favicon.png
	   /usr/share/doc/libvirt-0.8.6/html/api.html
	..

2010-12-24  Eric Blake  <eblake@redhat.com>

	qemu: add -incoming fd:n capability checking
	* src/qemu/qemu_capabilities.h (QEMUD_CMD_FLAG_MIGRATE_QEMU_FD):
	New enum value.
	* src/qemu/qemu_capabilities.c (qemuCapsComputeCmdFlags): Populate
	flags according to qemu version.
	* tests/qemuhelptest.c (mymain): Adjust test.

2010-12-24  Jiri Denemark  <jdenemar@redhat.com>

	spec: Enable ESX driver on RHEL

2010-12-24  Daniel P. Berrange  <berrange@redhat.com>

	spec: Automatically turn on cgconfig service
	A number of the libvirt APIs require the use of cgroups. This is not
	enabled by default on a RHEL6 install. After discussion with cgroups
	team, it was decided that upon installation of the libvirt RPM, we
	should automatically turn on the cgroups service. This will activate a
	default configuration that turns on all cgroups controllers libvirt
	requires for full operation.

2010-12-24  Jiri Denemark  <jdenemar@redhat.com>

	bridge: Fix uninitialized variable

2010-12-24  Laine Stump  <laine@laine.org>

	Replace setuid/setgid/initgroups with virSetUIDGID()
	This patch fixes https://bugzilla.redhat.com/show_bug.cgi?id=664406

	If qemu is run as a different uid, it has been unable to access mode
	0660 files that are owned by a different user, but with a group that
	the qemu is a member of (aside from the one group listed in the passwd
	file), because initgroups() is not being called prior to the
	exec. initgroups will change the group membership of the process (and
	its children) to match the new uid.

	To make this happen, the setregid()/setreuid() code in
	qemuSecurityDACSetProcessLabel has been replaced with a call to
	virSetUIDGID(), which does both of those, plus calls initgroups.

	Similar, but not identical, code in qemudOpenAsUID() has been replaced
	with virSetUIDGID(). This not only consolidates the functionality to a
	single location, but also potentially fixes some as-yet unreported
	bugs.

	new virSetUIDGID() utility function
	virSetUIDGID() sets both the real and effective group and user of the
	process, and additionally calls initgroups() to assure that the
	process joins all the auxiliary groups that the given uid is a member
	of.

	Preserve errno across calls to error reporting functions & VIR_FREE
	There are cases when we want log an error message, and possibly free
	some memory as part of the cleanup, while still preserving errno for a
	caller, but the functions that log errors, and virFree (VIR_FREE) make
	system calls that will clear errno. This patch preserves errno during
	those most basic functions (corresponding to virReportSystemError(),
	virReportOOMError(), networkReportError(), etc, as well as
	virStrError()). It does *not preserve errno across calls to higher
	level items such as virDispatchError(), as it's assumed the caller is
	all finished with any need for errno by the time it dispatches the
	error.

	Run radvd for virtual networks with IPv6 addresses
	Running an instance of the router advertisement daemon (radvd) allows
	guests using the virtual network to automatically acquire an IPv6
	address and default route. Note that acquiring an address only works
	for networks with a prefix length of exactly 64 - radvd is still run
	in other circumstances, and still advertises routes, but autoconf will
	not work because it requires exactly 64 bits of address info from the
	network prefix.

	This patch avoids a race condition with the pidfile by manually
	daemonizing radvd rather than allowing it to daemonize itself, then
	creating our own pidfile (in addition to radvd's own file, which is
	unnecessary, but there is no way to tell radvd to not create it). This
	is accomplished by exec'ing it with "--debug 1" in the commandline,
	and using virCommand's features to fork, create a pidfile, and detach
	from the newly forked process.

	Turn on IPv6 support in the bridge_driver.c virtual network driver
	At this point everything is already in place to make IPv6 happen, we just
	need to add a few rules, remove some checks for IPv4-only, and document
	the changes to the XML on the website.

	Update iptables.c to also support ip6tables.
	All of the iptables functions eventually call down to a single
	bottom-level function, and fortunately, ip6tables syntax (for all the
	args that we use) is identical to iptables format (except the
	addresses), so all we need to do is:

	1) Get an address family down to the lowest level function in each
	   case, either implied through an address, or explicitly when no
	   address is in the parameter list, and

	2) At the lowest level, just decide whether to call "iptables" or
	   "ip6tables" based on the family.

	The location of the ip6tables binary is determined at build time by
	autoconf. If a particular target system happens to not have ip6tables
	installed, any attempts to run it will generate an error, but that
	won't happen unless someone tries to define an IPv6 address for a
	network. This is identical behavior to IPv4 addresses and iptables.

	Support multiple IP addresses on one network in bridge_driver.c
	This patch reorganizes the code in bridge_driver.c to account for the
	concept of a single network with multiple IP addresses, without adding
	in the extra variable of IPv6. A small bit of code has been
	temporarily added that checks all given addresses to verify they are
	IPv4 - this will be removed when full IPv6 support is turned on.

	Change virtual network XML parsing/formatting to support IPv6
	This commit adds support for IPv6 parsing and formatting to the
	virtual network XML parser, including moving around data definitions
	to allow for multiple <ip> elements on a single network, but only
	changes the consumers of this API to accommodate for the changes in
	API/structure, not to add any actual IPv6 functionality. That will
	come in a later patch - this patch attempts to maintain the same final
	functionality in both drivers that use the network XML parser - vbox
	and "bridge" (the Linux bridge-based driver used by the qemu
	hypervisor driver).

	* src/libvirt_private.syms: Add new private API functions.
	* src/conf/network_conf.[ch]: Change C data structure and
	  parsing/formatting.
	* src/network/bridge_driver.c: Update to use new parser/formatter.
	* src/vbox/vbox_tmpl.c: update to use new parser/formatter
	* docs/schemas/network.rng: changes to the schema -
	  * there can now be more than one <ip> element.
	  * ip address is now an ip-addr (ipv4 or ipv6) rather than ipv4-addr
	  * new optional "prefix" attribute that can be used in place of "netmask"
	  * new optional "family" attribute - "ipv4" or "ipv6"
	    (will default to ipv4)
	  * define data types for the above
	* tests/networkxml2xml(in|out)/nat-network.xml: add multiple <ip> elements
	  (including IPv6) to a single network definition to verify they are being
	  correctly parsed and formatted.

	make the <dhcp> element optional in network.rng
	In practice this has always been optional, but the RNG has shown it as
	mandatory, and since all the examples for make check had it, it was
	never noticed. One of the existing test cases has been changed to
	check for this.

	I also noticed that the dhcp/host/ip was still defined as <text/>,
	but should really be <ref name='ipv4-addr'/>

	Replace brSetInetAddress/brSetInetNetmask with brAddInetAddress
	brSetInetAddress can only set a single IP address on the bridge, and
	uses a method (ioctl(SIOCSETIFADDR)) that only works for IPv4. Replace
	it and brSetInetNetmask with a single function that uses the external
	"ip addr add" command to add an address/prefix to the interface - this
	supports IPv6, and allows adding multiple addresses to the interface.

	Although it isn't currently used in the code, we also add a
	brDelInetAddress for completeness' sake.

	Also, while we're modifying bridge.c, we change brSetForwardDelay and
	brSetEnableSTP to use the new virCommand API rather than the
	deprecated virRun, and also log an error message in bridge_driver.c if
	either of those fail (previously the failure would be completely
	silent).

	Make virtual network netmasks optional
	When a netmask isn't specified for an IPv4 address, one can be implied
	based on what network class range the address is in. The
	virNetworkDefPrefix function does this for us, so netmask isn't
	required.

	Pass prefix rather than netmask into iptables functions
	IPv6 will use prefix exclusively, and IPv4 will also optionally be
	able to use it, and the iptables functions really need a prefix
	anyway, so use the new virNetworkDefPrefix() function to send prefixes
	into iptables functions instead of netmasks.

	Also, in a couple places where a netmask is actually needed, use the
	new private API function for it rather than getting it directly. This
	will allow for cases where no netmask or prefix is specified (it
	returns the default for the current class of network.)

	Consistently return 0 on success, -1 on failure in bridge_driver.c
	Some functions in this file were returning 1 on success and 0 on
	failure, and others were returning 0 on success and -1 on
	failure. Switch them all to return the libvirt-preferred 0/-1.

	Fix logging of failed iptables commands
	The functions in iptables.c all return -1 on failure, but all their
	callers (which all happen to be in bridge_driver.c) assume that they
	are returning an errno, and the logging is done accordingly. This
	patch fixes all the error checking and logging to assume < 0 is an
	error, and nothing else.

	New virNetworkDef utility functions
	Later patches will add the possibility to define a network's netmask
	as a prefix (0-32, or 0-128 in the case of IPv6). To make it easier to
	deal with definition of both kinds (prefix or netmask), add two new
	functions:

	virNetworkDefNetmask: return a copy of the netmask into a
	virSocketAddr. If no netmask was specified in the XML, create a
	default netmask based on the network class of the virNetworkDef's IP
	address.

	virNetworkDefPrefix: return the netmask as numeric prefix (or the
	default prefix for the network class of the virNetworkDef's IP
	address, if no netmask was specified in the XML)

	New virSocketAddr utility functions
	virSocketPrefixToNetmask: Given a 'prefix', which is the number of 1
	bits in a netmask, fill in a virSocketAddr object with a netmask as an
	IP address (IPv6 or IPv4).

	virSocketAddrMask: Mask off the host bits in one virSocketAddr
	according to the netmask in another virSocketAddr.

	virSocketAddrMaskByPrefix, Mask off the host bits in a virSocketAddr
	according to a prefix (number of 1 bits in netmask).

	VIR_SOCKET_FAMILY: return the family of a virSocketAddr

2010-12-24  Wen Congyang  <wency@cn.fujitsu.com>

	fix syntax error in configure.ac
	When I run configure, I receive some syntax error.

	.....
	checking where to find <rpc/rpc.h>... none
	checking for library containing dlopen... -ldl
	/configure: line 52500: test: =: unary operator expected
	/configure: line 52766: test: =: unary operator expected
	checking linux/kvm.h usability... yes
	checking linux/kvm.h presence... yes
	.....

2010-12-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: Make VMware Workstation / Player page appear in the menu
	By adding it to sitemap.html.in. Also <ul> can't be nested in <p>.

2010-12-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Reparent children when deleting a snapshot
	Shorten qemuDomainSnapshotWriteSnapshotMetadata function name
	and make it take a snapshot pointer instead of dealing with
	the current snapshot. Update other functions accordingly.

	Add a qemuDomainSnapshotReparentChildren hash iterator to
	reparent the children of a snapshot that is being deleted. Use
	qemuDomainSnapshotWriteMetadata to write updated metadata
	to disk.

	This fixes a problem where outdated parent information breaks
	the snapshot tree and hinders the deletion of child snapshots.

	Reported by Philipp Hahn.

2010-12-23  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	Add info about VMware driver to the libvirt website

2010-12-23  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Add --force option to update-device

2010-12-23  Jim Fehlig  <jfehlig@novell.com>

	Set bitmap size when allocating a bitmap
	I began noticing a race when reserving VNC ports as described here

	https://www.redhat.com/archives/libvir-list/2010-November/msg00379.html

	Turns out that we were not initializing the size field of bitmap
	struct when allocating the bitmap.  This subsequently caused
	virBitmapSetBit() to fail since bitmap->size is 0, hence we never
	actually reserved the port.

2010-12-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add support for storage volume wiping

	esx: Add support for storage volume deletion

2010-12-23  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Return SPICE ports on domain shutdown
	Commit ed0d9f6c0cdd56f38ce31b8d9b5293162addaa23 added support for
	automatic port allocation for SPICE but forgot to mark such ports as
	unused when they are not used anymore.

2010-12-23  Eric Blake  <eblake@redhat.com>

	virterror: avoid API breakage with vmware
	Fix glitch in commit cddd2a06 (thankfully post-0.8.6, so no
	released version has the glitch).

	Document and try to workaround glitch in commit 46e9b0f (in 0.8.0),
	which invalidated 6 virErrorNumber values dating as far back as 0.7.1.

	My audit did not find any other glitches until pre-0.1.0 days.  I'm
	not sure how to add a syntax-check off the top of my head, but
	hopefully the explicit numbering will make people think twice about
	renumbering in the future.

	* include/libvirt/virterror.h (virErrorDomain): Avoid inserting
	new values in the middle, and add explicit numbering to help avoid
	this in the future.
	(virErrorNumber): Add explicit numbering, and document the snafu.
	* src/remote/remote_driver.c (remoteIO): Compensate for the snafu.

2010-12-22  Hu Tao  <hutao@cn.fujitsu.com>

	Fix memory leak in virsh

2010-12-22  Justin Clift  <jclift@redhat.com>

	docs: fixed typo, added table of contents

2010-12-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	Distribute libvirt_vmx.syms
	This fixes the build from a tarball and makes autobuild.sh
	work again.

	This should actually have been part of this earlier commit:

	  esx: Move VMX handling code out of the driver directory
	  42b2f35d36a9e33f03e973130267c19cff910f2e

	Reported by Eric Blake.

	vmware: Fix undefine symbol with loadable drivers enabled
	All other drivers are explicitly linked to gnulib. The VMware
	driver lacked this, resulting in mdir_name being an undefine
	symbol.

	Explicitly link the VMware driver to gnulib to fix this.

	esx: Move VMX handling code out of the driver directory
	Now the VMware driver doesn't depend on the ESX driver anymore.

	Add a WITH_VMX option that depends on WITH_ESX and WITH_VMWARE.
	Also add a libvirt_vmx.syms file.

	Move some escaping functions from esx_util.c to vmx.c.

	Adapt the test suite, ESX and VMware driver to the new code layout.

	esx: Fix cluster resource lookup when connecting to a vCenter
	Connecting to a ESX(i) server that is part of a cluster failed
	when the connection also involved a vCenter.

	Accept ClusterComputeResource type in addition to ComputeResource
	type in the object lookup function.

	Reported by Guillaume Le Louët.

2010-12-22  Eric Blake  <eblake@redhat.com>

	maint: avoid space-tab
	* daemon/Makefile.am: Avoid spurious space before tabs.
	* src/Makefile.am: Likewise.
	* examples/dominfo/Makefile.am: Likewise.
	* examples/domsuspend/Makefile.am: Likewise.
	* tools/Makefile.am: Likewise.
	* src/datatypes.h (VIR_CONNECT_MAGIC): Likewise.
	* src/internal.h (TODO): Likewise.
	* src/qemu/qemu_monitor.h (QEMU_MONITOR_MIGRATE): Likewise.
	* src/xen/xen_hypervisor.c (XEN_V2_OP_GETAVAILHEAP): Likewise.
	* src/xen/xs_internal.h: Likewise.

	command: avoid hanging on daemon processes
	* src/util/command.c (virCommandRun): Don't capture output on
	daemons.
	* tests/commandtest.c (test18): Expose the bug.
	Reported by Laine Stump.

	build: skip vmware driver when building for RHEL
	* libvirt.spec.in: Provide vmware conditionals.

2010-12-21  Osier Yang  <jyang@redhat.com>

	storage: Ignore dangling symbolic link for filesystem pool
	If there is a dangling symbolic link in filesystem pool, the pool
	will fail to start or refresh, this patch is to fix it by ignoring
	it with a warning log.

2010-12-21  Josh Durgin  <joshd@hq.newdream.net>

	Skip file-based security checks for network disks
	Network disks are accessed by qemu directly, and have no
	associated file on the host, so checking for file ownership etc.
	is unnecessary.

2010-12-21  Justin Clift  <jclift@redhat.com>

	docs: added compiling page and significantly expanded windows page
	Also added an additional menu placement for the windows page, in
	order to attract further potential testers.

2010-12-21  Eric Blake  <eblake@redhat.com>

	build: make building on cygwin easier
	* configure.ac (dlopen): Cygwin dlopen is in libc; avoid spurious
	failure.
	(XDR_CFLAGS): Define when needed.
	* src/Makefile.am (libvirt_driver_remote_la_CFLAGS): Use it.

	qemu: use virAsprintf instead of PATH_MAX
	* src/qemu/qemu_driver.c (qemudLogFD, qemudLogReadFD)
	(qemudStartup, qemudGetProcessInfo): Use heap instead of stack.

	tests: avoid spurious failure of nodeinfotest
	When running 'make check' under a multi-cpu Dom0 xen machine,
	nodeinfotest had a spurious failure it was reading from
	/sys/devices/system/cpu, but xen has no notion of topology.  The test
	was intended to be isolated from reading any real system files; the
	regression was introduced in Mar 2010 with commit aa2f6f96dd.

	Fix things by allowing an early exit for the testsuite.

	* src/nodeinfo.c (linuxNodeInfoCPUPopulate): Add parameter.
	(nodeGetInfo): Adjust caller.
	* tests/nodeinfotest.c (linuxTestCompareFiles): Likewise.

	tests: avoid data race
	I got some spurious failures when commandhelper won the race and
	ran to the point of parent detection prior to the intermediate
	daemonizing process getting a chance to exit.  This fixes it.

	* tests/commandhelper.c (main): Checking for re-parenting to
	init(1) is racy; instead check that we belong to a new session.

	build: improve testsuite results with older automake
	* tests/Makefile.am (TESTS_ENVIRONMENT, commandtest_CFLAGS)
	(commandhelper_CFLAGS): Avoid $(builddir) and $(abs_builddir) in
	automake 1.9.6; fixes spurious failures of commandtest.

	build: allow older libselinux again
	* configure.ac (with_selinux): Check for <selinux/label.h>.
	* src/security/security_selinux.c (getContext): New function.
	(SELinuxRestoreSecurityFileLabel): Use it to restore compilation
	when using older libselinux.

	build: allow autoconf 2.59 again
	Autoconf 2.59 doesn't define ${localedir}, so libvirt was failing
	to compile due to a missing LOCALEDIR until today's configmake fix.

	* .gnulib: Update to latest for configmake fix.
	* configure.ac (libpcap): Avoid AS_CASE.

2010-12-21  Wen Congyang  <wency@cn.fujitsu.com>

	build: fix typo that broke 'make dist'
	* src/Makefile.am (VMWARE_DRIVER_SOURCES): Fix vmware_driver.h.

2010-12-20  Eric Blake  <eblake@redhat.com>

	libvirt-guests: avoid sourcing failure
	* tools/libvirt-guests.init.in (libvirtd): Skip function library
	if it is not present.
	Suggested by Guido Günther.

2010-12-20  Paweł Krześniak  <pawel.krzesniak@gmail.com>

	bridge_driver: avoid double call to VIR_FREE
	While not technically a double free (since VIR_FREE NULLs the
	pointer), this is unnecessary extra code.

	This crept in when the function was converted from virRun to virCommand.

	The AUTHORS file has also been updated.

2010-12-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: Add additional indentation to level 3 menu items
	formatnetwork.html has a menu item at level 3. libvirt.css
	doesn't have a explicit rule for level 3 and level 3 and
	level 2 items end up at the same indentation level.

	Add an additional 1em indentation to level 3 menu items.

	vbox: Don't leak domain names in vboxListDefinedDomains

	vbox: Don't leak arrays from XPCOM
	XPCOM returns an array as a pointer to an array of pointers to the
	actual items. When the array isn't needed anymore the items are
	released, but the actual array containing the pointers to the items
	was not freed and leaked.

	Free the actual array using ComUnallocMem.

	This doesn't affect MSCOM as SafeArrayDestroy releases all items
	and frees the array.

	vbox: Handle different array representations of XPCOM and MSCOM
	Add a vboxArray to hide the details from the general driver code.

	vbox: Add glue layer for MSCOM on Windows
	Don't require dlopen, but link to ole32 and oleaut32 on Windows.

	Don't expose g_pVBoxFuncs anymore. It was only used to get the
	version of the API. Make VBoxCGlueInit return the version instead.
	This simplifies the implementation of the MSCOM glue layer.

	Get the VirtualBox version from the registry.

	Add a dummy implementation of the nsIEventQueue to the MSCOM glue
	as there seems to be no direct equivalent with MSCOM. It might be
	implemented using the normal window message loop. This requires
	additional investigation.

	vbox: Match struct layout of the MSCOM implementation on Windows

	vbox: Use stdcall convention for all COM methods on Windows
	MSCOM requires stdcall convention.

2010-12-18  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	Add VMware Workstation and Player driver

2010-12-18  Eric Blake  <eblake@redhat.com>

	maint: improve tests distribution
	* tests/Makefile.am (EXTRA_DIST): Sort, and add directories.
	(SUBDIRS): Drop automake recursion into subdirs.
	* tests/commanddata/Makefile.am: Delete.
	* tests/confdata/Makefile.am: Likewise.
	* tests/sexpr2xmldata/Makefile.am: Likewise.
	* tests/xencapsdata/Makefile.am: Likewise.
	* tests/xmconfigdata/Makefile.am: Likewise.
	* tests/xml2sexprdata/Makefile.am: Likewise.

	build: fix typo that broke 'make dist'
	* src/Makefile.am (QEMU_DRIVER_SOURCES): Ship qemu_cgroup.h.

2010-12-18  Daniel P. Berrange  <dan@berrange.com>

	Update QEMU test cases for new file locations & API renames
	* qemuargv2xmltest.c, qemuhelptest.c,
	  qemuxml2argvtest.c, testutilsqemu.c: Update includes and
	  cope with API renames

2010-12-17  Daniel P. Berrange  <berrange@redhat.com>

	Move QEMU hotplug helper code out of the QEMU driver
	The QEMU driver file is far too large. Move all the hotplug
	helper code out into a separate file. No functional change.

	* src/qemu/qemu_hotplug.c, src/qemu/qemu_hotplug.h,
	  src/Makefile.am: Add hotplug helper file
	* src/qemu/qemu_driver.c: Delete hotplug code

	Move QEMU domain lock / job helper code to separate file
	To allow the APIs to be used from separate files, move the domain
	lock / job helper code into qemu_domain.c

	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Add domain lock
	  / job code
	* src/qemu/qemu_driver.c: Remove domain lock / job code

	Move QEMU driver lock helpers to a separate file
	To allow their use from other source files, move qemuDriverLock
	and qemuDriverUnlock to qemu_conf.h and make them non-static

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Add qemuDriverLock
	  qemuDriverUnlock
	* src/qemu/qemu_driver.c: Remove qemuDriverLock and qemuDriverUnlock

	Move QEMU hostdev helper code out of the QEMU driver
	The QEMU driver file is far too large. Move all the hostdev
	helper code out into a separate file. No functional change.

	* src/qemu/qemu_hostdev.c, src/qemu/qemu_hostdev.h,
	  src/Makefile.am: Add hostdev helper file
	* src/qemu/qemu_driver.c: Delete hostdev code

	Move QEMU cgroup helper code out of the QEMU driver
	The QEMU driver file is far too large. Move all the cgroup
	helper code out into a separate file. No functional change.

	* src/qemu/qemu_cgroup.c, src/qemu/qemu_cgroup.h,
	  src/Makefile.am: Add cgroup helper file
	* src/qemu/qemu_driver.c: Delete cgroup code

	Move QEMU audit helper code out of the QEMU driver
	The QEMU driver file is far too large. Move all the audit
	helper code out into a separate file. No functional change.

	* src/qemu/qemu_audit.c, src/qemu/qemu_audit.h,
	  src/Makefile.am: Add audit helper file
	* src/qemu/qemu_driver.c: Delete audit code

	Move QEMU private data & namespace code into separate file
	Move the code for handling the QEMU virDomainObjPtr private
	data, and custom XML namespace into a separate file

	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: New file
	  for private data & namespace code
	* src/qemu/qemu_driver.c, src/qemu/qemu_driver.h: Remove
	  private data & namespace code
	* src/qemu/qemu_driver.h, src/qemu/qemu_command.h: Update
	  includes
	* src/Makefile.am: Add src/qemu/qemu_domain.c

	Move QEMU command line management into a separate file
	The qemu_conf.c code is doing three jobs, driver config file
	loading, QEMU capabilities management and QEMU command line
	management. Move the command line code into its own file

	* src/qemu/qemu_command.c, src/qemu/qemu_command.h: New
	  command line management code
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Delete command
	  line code
	* src/qemu/qemu_conf.h, src/qemu_conf.c: Adapt for API renames
	* src/Makefile.am: add src/qemu/qemu_command.c
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_text.c: Add
	  import of qemu_command.h

	Move QEMU capabilities management into a separate file
	The qemu_conf.c code is doing three jobs, driver config file
	loading, QEMU capabilities management and QEMU command line
	management. Move the capabilities code into its own file

	* src/qemu/qemu_capabilities.c, src/qemu/qemu_capabilities.h: New
	  capabilities management code
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Delete capabilities
	  code
	* src/qemu/qemu_conf.h: Adapt for API renames
	* src/Makefile.am: add src/qemu/qemu_capabilities.c

2010-12-17  Eric Blake  <eblake@redhat.com>

	maint: doc fix
	* src/libvirt.c: Avoid duplicate word.

2010-12-14  Hu Tao  <hutao@cn.fujitsu.com>

	Add a new function doStartCPUs

	Add a new function doStopCPUs

	Add a macro timeval_to_ms to compute micro seconds from timeval

2010-12-14  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Unify CPUID data structures
	So far, CPUID data were stored in two different data structures. First
	of them was a structure allowing direct access for CPUID data according
	to function number and the second was a plain array of struct
	cpuX86cpuid. This was a silly design which resulted in converting data
	from one type to the other and back again or implementing similar
	functionality for both data structures.

	The patch leaves only the direct access structure. This makes the code
	both smaller and more maintainable since operations on different objects
	can use common low-level operations.

	All 57 tests for cpu subsystem still pass after this rewrite.

	util: Fix logical error in virReportSystemErrorFull

	util: Fix error message in __virExec
	Remove superfluous ": %s" suffix from the error message.

	daemon: Change CWD to / before daemonizing
	We were doing so for child processes but not for libvirtd itself.

2010-12-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add support for storage volume cloning

2010-12-14  Eric Blake  <eblake@redhat.com>

	selinux: avoid memory overhead of matchpathcon
	https://bugzilla.redhat.com/show_bug.cgi?id=658657

	* src/security/security_selinux.c
	(SELinuxRestoreSecurityFileLabel): Use selabel_lookup instead of
	matchpathcon.
	Suggested by Daniel Walsh.

	daemon, threads: plug a memory leak
	* daemon/libvirtd.c (qemudStartWorker, qemudStartEventLoop): Avoid
	leaking pthread_attr resources.
	* src/util/threads-pthread.c (virThreadCreate): Likewise.

	tests: test Fedora 14 qemu-kvm -help parsing
	* tests/qemuhelpdata/qemu-kvm-0.13.0: New file.
	* tests/qemuhelptest.c (mymain): New test from Fedora 14 qemu-kvm,
	which covers some options (like -fstype passthrough) not tested elsewhere.

	tests: test RHEL 6.0 qemu-kvm -help parsing
	* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel60: New file.
	* tests/qemuhelptest.c (mymain): New test from RHEL 6.0 qemu-kvm,
	which covers some options (like -vga=qxl) not tested elsewhere.
	* .x-sc_prohibit_empty_lines_at_EOF: Exempt qemu help output.

	sysinfo: convert to virCommand
	* src/util/sysinfo.c (virSysinfoRead): Use virCommand instead of
	virExec.

	sysinfo: formatting cleanups
	* src/util/sysinfo.c: Indentation and () fixups.

	build: allow mingw compilation with virCommand
	Allows compilation, but no creation of child processes yet.  Take it
	one step at a time.

	* src/util/util.c (virExecWithHook) [WIN32]: New dummy function.
	* src/libvirt_private.syms: Export it.

	build: update gnulib for pipe on mingw
	* .gnulib: Update to latest.
	* bootstrap.conf (gnulib_modules): Import pipe-posix and waitpid
	for mingw.
	* src/remote/remote_driver.c (pipe) [WIN32]: Drop dead macro.
	* daemon/event.c (pipe) [WIN32]: Drop dead function.

	test: fix commandtest under autobuild.sh
	* tests/commandtest.c (mymain): Kill off any leaked-in fds.
	* autobuild.sh: Don't leak fds.

2010-12-14  Diego Elio Pettenò  <flameeyes@gmail.com>

	build: quote AC_LANG_PROGRAM to avoid warnings with autoconf 2.68

	build: properly handle ./configure --with-libpcap
	Without this fix, ./configure --with-libpcap will cause --with-libpcap=yes
	to be implicitly passed down, which cause yes/bin/pcap-config to be
	searched for rather than /usr/bin/pcap-config.

	Also output pcap: no when pcap is not found or disabled.

2010-12-14  Osier Yang  <jyang@redhat.com>

	qemu: Introduce two new job types
	Currently, all of domain "save/dump/managed save/migration"
	use the same function "qemudDomainWaitForMigrationComplete"
	to wait the job finished, but the error messages are all
	about "migration", e.g. when a domain saving job is canceled
	by user, "migration was cancled by client" will be throwed as
	an error message, which will be confused for user.

	As a solution, intoduce two new job types(QEMU_JOB_SAVE,
	QEMU_JOB_DUMP), and set "priv->jobActive" to "QEMU_JOB_SAVE"
	before saving, to "QEMU_JOB_DUMP" before dumping, so that we
	could get the real job type in
	"qemudDomainWaitForMigrationComplete", and give more clear
	message further.

	And as It's not important to figure out what's the exact job
	is in the DEBUG and WARN log, also we don't need translated
	string in logs, simply repace "migration" with "job" in some
	statements.

	* src/qemu/qemu_driver.c

2010-12-14  Laurent Léonard  <laurent@open-minds.org>

	Missing "Default-Stop" field in LSB comment in libvirt-guests
	The "Default-Stop" field in LSB comment in libvirt-guests is missing and should
	be added. I also suggests to add runlevel 2 to the "Default-Start" field.

	--
	Laurent Léonard

2010-12-14  Eric Blake  <eblake@redhat.com>

	daemon: plug a memory leak
	* daemon/libvirtd.c (qemudFreeClient): Avoid a leak.
	(qemudDispatchServer): Avoid null dereference.

2010-12-14  Roopa Prabhu  <roprabhu@cisco.com>

	802.1Qbh: Add support for IFLA_VF_MAC
	Current code does not pass VM mac address to a 802.1Qbh direct attach
	interface using IFLA_VF_MAC.  This patch adds support in macvtap code to
	send IFLA_VF_MAC netlink request during port profile association on a
	802.1Qbh interface.

	Stefan Cc'ed for comments because this patch changes a condition for
	802.1Qbg

	802.1Qbh support for IFLA_VF_MAC in enic driver has been posted and is
	pending acceptance at http://marc.info/?l=linux-netdev&m=129185244410557&w=2

2010-12-11  Eric Blake  <eblake@redhat.com>

	command: ease use with virBuffer, and fix qemu leak
	* src/util/command.h (virCommandAddArgBuffer)
	(virCommandAddEnvBuffer): New prototypes.
	* src/util/command.c (virCommandAddArgBuffer)
	(virCommandAddEnvBuffer): Implement them.
	* src/libvirt_private.syms (command.h): Export them.
	* src/qemu/qemu_conf.c (qemudBuildCommandLine): Use them, plugging
	a memory leak on rbd_hosts in the process.

	conf: plug memory leaks
	* src/conf/domain_conf.c (virDomainGraphicsDefParseXML)
	(virDomainDeviceVirtioSerialAddressParseXML)
	(virDomainDiskDefFree): Free various leaks.

	tests: plug memory leaks
	* tests/qemuxml2argvtest.c (testCompareXMLToArgvFiles): Don't
	allocate, since we don't use virDomainChrDefFree.

	virExec: avoid undefined behavior
	* src/util/util.c (__virExec): Don't use FD_ISSET on out-of-bounds fd.

2010-12-11  Laine Stump  <laine@laine.org>

	Convert dhcpStartDhcpDaemon from virRun to virCommand
	This is pretty straightforward - even though dnsmasq gets daemonized
	and uses a pid file, those things are both handled by the dnsmasq
	binary itself. And libvirt doesn't need any of the output of the
	dnsmasq command either, so we just setup the args and call
	virRun(). Mainly it was just a (mostly) mechanical job of replacing
	the APPEND_ARG() macro (and some other *printfs()) with
	virCommandAddArg*().

2010-12-11  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Refactor storage pool type lookup into a function

	esx: Improve error reporting for failed tasks
	Instead of just reporting that a task failed get the
	localized message from the TaskInfo error and include
	it in the reported error message.

	Implement minimal deserialization support for the
	MethodFault type in order to obtain the actual fault
	type.

	For example, this changes the reported error message
	when trying to create a volume with zero size from

	  Could not create volume

	to

	  Could not create volume: InvalidArgument - A specified parameter was not correct.

	Not perfect yet, but better than before.

2010-12-10  Eric Blake  <eblake@redhat.com>

	command: plug memory leak
	* src/util/command.c (virCommandFree): Free data from
	virCommandSetInputBuffer.

	build: distribute commandtest files
	* tests/Makefile.am (SUBDIRS): Add commanddata.
	* tests/commandtest.c (checkoutput): Delete correct file.
	(test4): Delete pid file.
	(mymain): Delete unused variable.
	* tests/commanddata/Makefile.am: New file.
	* configure.ac (AC_OUTPUT): Build new makefile.
	Reported by Dominik Klein.

2010-12-10  Hu Tao  <hutao@cn.fujitsu.com>

	Update documentation of watchdog dump option and add test data for it
	The xml watchdog dump option is converted to qemu watchdog pause arg
	but it is not reasonable to convert it back from qemu watchdog pause
	arg since there already is a xml watchdog pause option, so a test for
	the dump option to convert it from arg to xml is not added.

2010-12-10  Dan Kenigsberg  <danken@redhat.com>

	spec: do not start libvirt-guests if that service is off
	starting a service during rpm installation is impolite. It is even worse if done
	during upgrade, for a service that was explicitly turned off.

2010-12-10  Josh Durgin  <joshd@hq.newdream.net>

	tests: Add tests for network disks

	qemu: Add RBD support and some network disk fixes
	Changes common to all network disks:
	-Make source name optional in the domain schema, since NBD doesn't use it
	-Add a hostName type to the domain schema, and use it instead of genericName, which doesn't include .
	-Don't leak host names or ports
	-Set the source protocol in qemuParseCommandline

2010-12-10  MORITA Kazutaka  <morita.kazutaka@lab.ntt.co.jp>

	add network disk support
	This patch adds network disk support to libvirt/QEMU.  The currently
	supported protocols are nbd, rbd, and sheepdog.  The XML syntax is like
	this:

	    <disk type="network" device="disk">
	      <driver name="qemu" type="raw" />
	      <source protocol='rbd|sheepdog|nbd' name="...some image identifier...">
	        <host name="mon1.example.org" port="6000">
	        <host name="mon2.example.org" port="6000">
	        <host name="mon3.example.org" port="6000">
	      </source>
	      <target dev="vda" bus="virtio" />
	    </disk>

2010-12-10  Wen Congyang  <wency@cn.fujitsu.com>

	correct the signal's name
	The signal's name is wrong...

2010-12-10  Hu Tao  <hutao@cn.fujitsu.com>

	Add a watchdog action `dump'
	`dump' watchdog action lets libvirtd to dump the guest when receives a
	watchdog event (which probably means a guest crash)

	Currently only qemu is supported.

	Add a new function doCoreDump
	This patch prepares for the next patch.

	threadpool impl
	* src/util/threadpool.c, src/util/threadpool.h: Thread pool
	  implementation
	* src/Makefile.am: Build thread pool
	* src/libvirt_private.syms: Export public functions

2010-12-10  Eric Blake  <eblake@redhat.com>

	command: avoid memory leak
	* src/util/command.c (virCommandRun): Fix yesterday's regression
	on logging, and avoid leaking log-only output captures.
	Reported by Hu Tao.

2010-12-09  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Distinguish between domain shutdown and crash
	When we get an EOF event on monitor connection, it may be a result of
	either crash or graceful shutdown. QEMU which supports async events
	(i.e., we are talking to it using JSON monitor) emits SHUTDOWN event on
	graceful shutdown. In case we don't get this event by the time monitor
	connection is closed, we assume the associated domain crashed.

2010-12-09  Ryan Harper  <ryanh@us.ibm.com>

	qemu: call drive_del in DetachPciDiskDevice
	Currently libvirt doesn't confirm whether the guest has responded to the
	disk removal request.  In some cases this can leave the guest with
	continued access to the device while the mgmt layer believes that it has
	been removed.  With a recent qemu monitor command[1] we can
	deterministically revoke a guests access to the disk (on the QEMU side)
	to ensure no futher access is permitted.

	This patch adds support for the drive_del() command and introduces it
	in the disk removal paths.  If the guest is running in a QEMU without this
	command we currently explicitly check for unknown command/CommandNotFound
	and log the issue.

	If QEMU supports the command we issue the drive_del command after we attempt
	to remove the device.  The guest may respond and remove the block device
	before we get to attempt to call drive_del.  In that case, we explicitly check
	for 'Device not found' from the monitor indicating that the target drive
	was auto-deleted upon guest responds to the device removal notification.

	1. http://thread.gmane.org/gmane.comp.emulators.qemu/84745

	qemu: call drive_unplug in DetachPciDiskDevice
	Currently libvirt doesn't confirm whether the guest has responded to the
	disk removal request.  In some cases this can leave the guest with
	continued access to the device while the mgmt layer believes that it has
	been removed.  With a recent qemu monitor command[1] we can
	deterministically revoke a guests access to the disk (on the QEMU side)
	to ensure no futher access is permitted.

	This patch adds support for the drive_unplug() command and introduces it
	in the disk removal paths.  There is some discussion to be had about how
	to handle the case where the guest is running in a QEMU without this
	command (and the fact that we currently don't have a way of detecting
	what monitor commands are available).

	Changes since v2:
	 - use VIR_ERROR to report when unplug command not found
	Changes since v1:
	 - return > 0 when command isn't present, < 0 on command failure
	 - detect when drive_unplug command isn't present and log error
	   instead of failing entire command

2010-12-09  Anthony Liguori  <aliguori@us.ibm.com>

	qemud: fix memory leak in io error events
	The extra data isn't being free()'d for IO error events that have a reason.

2010-12-08  Osier Yang  <jyang@redhat.com>

	qemu: Only build devstr when needs (attach PCI controller)
	- qemudDomainAttachPciControllerDevice: Don't build "devstr"
	  if "-device" of qemu is not available, as "devstr" will only
	  be used by "qemuMonitorAddDevice", which depends on "-device"
	  argument of qemu is supported.

	- "qemudDomainSaveImageOpen": Fix indent problem.

	* src/qemu/qemu_driver.c

2010-12-08  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Enable disabled debug messages

	qemu: Use -vga none only if it is supported
	Commit febc591683cf51e4551f8bcf3ce279a776056e1c introduced -vga none in
	case no video card is included in domain XML. However, old qemu
	versions do not support this and such domain cannot be successfully
	started.

2010-12-08  Justin Clift  <jclift@redhat.com>

	virsh: fix a typo in the memtune help description

	docs: updated virsh command reference download links to new version
	The new version lists every virsh command, its description, and
	the version of libvirt where it became available.

	configure: improve misleading libnl missing error message
	This fixes a misleading error message saying the libnl package
	needs to be installed, when it's really the libnl-devel package
	needing to be installed.

2010-12-08  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	* .gnulib: Update to latest, for at least a stdint.h fix
	* src/storage/storage_driver.c (storageVolumeZeroSparseFile)
	(storageWipeExtent): Use better type, although it still triggers
	spurious -Wformat warning on MacOS's gcc.

2010-12-08  Justin Clift  <jclift@redhat.com>

	Moved the nodeinfo command to the 'host' help keyword group

2010-12-08  Eric Blake  <eblake@redhat.com>

	openvz: avoid potential buffer overflow
	* src/openvz/openvz_conf.c (openvzLoadDomains): Replace unsafe
	sscanf with safe direct parsing.
	(openvzGetVEID): Avoid lost integer overflow detection.
	(openvzAssignUUIDs): Likewise, and detect readdir failure.

	openvz: convert popen to virCommand
	popen must be matched with pclose (not fclose), or it will leak
	resources.  Furthermore, it is a lousy interface when it comes to
	signal handling.  We're much better off using our decent command
	wrapper.  Note that virCommand guarantees that VIR_FREE(outbuf) is
	both required and safe to call, whether virCommandRun succeeded or
	failed.

	* src/openvz/openvz_conf.c (openvzLoadDomains, openvzGetVEID):
	Replace popen with virCommand usage.

	command: improve behavior on no output
	Guarantee that outbuf/errbuf are allocated on success, even if to the
	empty string.  Caller always has to free the result, and empty output
	check requires checking if *outbuf=='\0'.  Makes the API easier to use
	safely.  Failure is best effort allocation (some paths, like
	out-of-memory, cannot allocate a buffer, but most do), so caller must
	free buffer on failure.

	* docs/internals/command.html.in: Update documentation.
	* src/util/command.c (virCommandSetOutputBuffer)
	(virCommandSetErrorBuffer, virCommandProcessIO) Guarantee empty
	string on no output.
	* tests/commandtest.c (test17): New test.

	command: enforce fd vs. buffer considerations
	* docs/internals/command.html.in: Better documentation of buffer
	vs. fd considerations.
	* src/util/command.c (virCommandRunAsync): Reject raw execution
	with string io.
	(virCommandRun): Reject execution with user-specified fds not
	visiting a regular file.

2010-12-08  Jiri Denemark  <jdenemar@redhat.com>

	tests: Fix commandtest in VPATH build

2010-12-08  Eric Blake  <eblake@redhat.com>

	tests: fix leaks in commandtest
	Most leaks could only occur on error cleanup paths.

	command: improve allocation failure reporting
	* src/util/command.c (virCommandAddEnvString): Remove duplicate
	code.
	(virCommandToString, virCommandRun, virCommandRunAsync)
	(virCommandWait): Report NULL command as ENOMEM, not invalid
	usage.
	Reported by Jiri Denemark.

2010-12-08  Jiri Denemark  <jdenemar@redhat.com>

	tests: Fix detection of expected error

	tests: Fix code formating in commandtest

2010-12-07  Eric Blake  <eblake@redhat.com>

	uuid: require smbios uuid and domain uuid to match
	* src/conf/domain_conf.c (virDomainDefParseXML): Prefer sysinfo
	uuid over generating one, and if both uuids are present, require
	them to be identical.
	* src/qemu/qemu_conf.c (qemuBuildSmbiosSystemStr): Allow skipping
	the uuid.
	(qemudBuildCommandLine): Adjust caller; <smbios mode=host/> must
	not use host uuid in place of guest uuid.

	smbios: allow () in smbios strings
	* docs/schemas/domain.rng (sysinf-value): Expand pattern.
	* tests/qemuxml2argvdata/qemuxml2argv-smbios.xml: Prefer '' over
	"" for attribute values.  Copy real hardware values.
	* tests/qemuxml2argvdata/qemuxml2argv-smbios.args: Likewise.

	smbios: support system family
	* docs/schemas/domain.rng (sysinfo-system-name): Also allow
	family.
	* src/util/sysinfo.h (struct _virSysinfoDef): Add system_family.
	* src/conf/domain_conf.c (virSysinfoParseXML)
	(virDomainSysinfoDefFormat): Support it.
	* src/util/sysinfo.c (virSysinfoDefFree, virSysinfoRead): Likewise.
	* src/qemu/qemu_conf.c (qemuBuildSmbiosSystemStr): Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-smbios.xml: Adjust test.
	* tests/qemuxml2argvdata/qemuxml2argv-smbios.args: Likewise.

	qemu: avoid adding "" in smbios arguments
	The log lists things like -smbios type=1,vendor="Red Hat", which
	is great for shell parsing, but not so great when you realize that
	execve() then passes those literal "" on as part of the command
	line argument, such that qemu sets SMBIOS with extra literal quotes.

	The eventual addition of virCommand is needed before we have the API
	to shell-quote a string representation of a command line, so that the
	log can still be pasted into a shell, but without inserting extra
	bytes into the execve() arguments.

	* src/qemu/qemu_conf.c (qemuBuildSmbiosBiosStr)
	(qemuBuildSmbiosSystemStr): Qemu doesn't like quotes around uuid
	arguments, and the remaining quotes are passed literally to
	smbios, making <smbios mode='host'/> inaccurate.  Removing the
	quotes makes the log harder to parse, but that can be fixed later
	with virCommand improvements.
	* tests/qemuxml2argvdata/qemuxml2argv-smbios.args: 'Fix' test; it
	will need fixing again once virCommand learns how to shell-quote a
	potential command line.

2010-12-07  Osier Yang  <jyang@redhat.com>

	virsh: Remove redundant commands in group domain
	"echo" is already in group "virsh", "freecell" and "hostname" are
	already in group "host", so remove them from group "domain"

	* tools/virsh.c

2010-12-07  Dan Kenigsberg  <danken@redhat.com>

	Fix funny off-by-one error in clock-variable
	Humans consider January as month #1, while gmtime_r(3) calls it month #0.

	While fixing it, render qemu's rtc parameter with leading zeros, as is more
	commonplace.

	Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=660194

2010-12-07  Laurent Léonard  <laurent@open-minds.org>

	syntax error "Bad fd number" when stopping libvirt-guests
	When libvirt-guests is being stopped, I get the following message:
	$Running guests on default URI: test-vm
	$Suspending guests on default URI...
	$Suspending test-vm: /etc/init.d/libvirt-guests: 340: Syntax error: Bad fd
	number

2010-12-07  Eric Blake  <eblake@redhat.com>

	threads: add virThreadID for debugging use
	* src/util/threads.h (virThreadID): New prototype.
	* src/util/threads-pthread.c (virThreadID): New function.
	* src/util/threads-win32.c (virThreadID): Likewise.
	* src/libvirt_private.syms (threads.h): Export it.
	* daemon/event.c (virEventInterruptLocked): Use it to avoid
	warning on BSD systems.

2010-12-07  Osier Yang  <jyang@redhat.com>

	util: Fix bug which will cause libvirtd crash
	"virCommandRun": if "cmd->outbuf" or "cmd->errbuf" is NULL,
	libvirtd will be crashed when trying to start a qemu domain
	(which invokes "virCommandRun"), it caused by we try to use
	"*cmd->outbuf" and "*cmd->errbuf" regardless of cmd->outbuf
	or cmd->errbuf is NULL.

	* src/util/command.c (virCommandRun)

2010-12-06  Jiri Denemark  <jdenemar@redhat.com>

	tests: Don't ignore return value of getcwd()

	build: Fix internal docs generation in VPATH builds

	qemu: Fix a possible deadlock in p2p migration
	Two more calls to remote libvirtd have to be surrounded by
	qemuDomainObjEnterRemoteWithDriver() and
	qemuDomainObjExitRemoteWithDriver() to prevent possible deadlock between
	two communicating libvirt daemons.

	See commit f0c8e1cb3774d6f09e2681ca1988bf235a343007 for further details.

	Change return value of VIR_DRV_SUPPORTS_FEATURE to bool
	virDrvSupportsFeature API is allowed to return -1 on error while all but
	one uses of VIR_DRV_SUPPORTS_FEATURE only check for (non)zero return
	value. Let's make this macro return zero on error, which is what
	everyone expects anyway.

2010-12-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Don't try to set input FD to -1

2010-12-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	Implement virVMOperationType{To|From}String independent from WITH_MACVTAP
	As this symbols are exported independent from WITH_MACVTAP.

2010-12-03  Eric Blake  <eblake@redhat.com>

	build: avoid shadowing devname() on BSD systems
	* tools/virsh.c (cmdRunConsole, cmdConsole): Rename problematic
	symbol.
	Reported by Justin Clift.

2010-12-03  Osier Yang  <jyang@redhat.com>

	virsh: Remove redundant optional option for cmdHelp
	Remove the optional option "group", as cmdHelp should accepts
	only one option ("virsh help" supports both command and command
	group now, and user rarely uses the options, so it doesn't matter
	much for it being longer, :-)

	* tools/virsh.c

2010-12-03  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	Create file in virFileWriteStr() if it doesn't exist
	This patch adds a mode_t parameter to virFileWriteStr().
	If mode is different from 0, virFileWriteStr() will try
	to create the file if it doesn't exist.

	* src/util/util.h (virFileWriteStr): Alter signature.
	* src/util/util.c (virFileWriteStr): Allow file creation.
	* src/network/bridge_driver.c (networkEnableIpForwarding)
	(networkDisableIPV6): Adjust clients.
	* src/node_device/node_device_driver.c
	(nodeDeviceVportCreateDelete): Likewise.
	* src/util/cgroup.c (virCgroupSetValueStr): Likewise.
	* src/util/pci.c (pciBindDeviceToStub, pciUnBindDeviceFromStub):
	Likewise.

2010-12-03  Justin Clift  <jclift@redhat.com>

	man pages: update the description for the virsh help command
	Now includes information on keyword usage, and provides examples.

2010-12-03  Osier Yang  <jyang@redhat.com>

	virsh: move two commands from domain group to storage pool group
	* tools/virsh.c (find-storage-pool-sources-as and find-storage-pool-sources
	should't be in command group "Domain Management", move them to group
	"Storage Pool".

2010-12-03  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus includes

	uml: convert to virCommand
	* src/uml/uml_conf.c (umlBuildCommandLineChr)
	(umlBuildCommandLine): Rewrite with virCommand.
	* src/uml/uml_conf.h (umlBuildCommandLine): Update signature.
	* src/uml/uml_driver.c (umlStartVMDaemon): Adjust caller.

2010-12-03  Eric Blake  <eblake@redhat.com>

	qemu: convert to virCommand
	* src/qemu/qemu_conf.c (qemudExtractVersionInfo): Check for file
	before executing it here, rather than in callers.
	(qemudBuildCommandLine): Rewrite with virCommand.
	* src/qemu/qemu_conf.h (qemudBuildCommandLine): Update signature.
	* src/qemu/qemu_driver.c (qemuAssignPCIAddresses)
	(qemudStartVMDaemon, qemuDomainXMLToNative): Adjust callers.

2010-12-03  Daniel P. Berrange  <berrange@redhat.com>

	Port hooks and iptables code to new command execution APIs
	This proof of concept shows how two existing uses of virExec
	and virRun can be ported to the new virCommand APIs, and how
	much simpler the code becomes

	virCommand: docs for usage of new command APIs
	* docs/internals/command.html.in: New file.
	* docs/Makefile.am: Build new docs.
	* docs/subsite.xsl: New glue file.
	* docs/internals.html.in, docs/sitemap.html.in: Update glue.

	Introduce new APIs for spawning processes
	This introduces a new set of APIs in src/util/command.h
	to use for invoking commands. This is intended to replace
	all current usage of virRun and virExec variants, with a
	more flexible and less error prone API.

	* src/util/command.c: New file.
	* src/util/command.h: New header.
	* src/Makefile.am (UTIL_SOURCES): Build it.
	* src/libvirt_private.syms: Export symbols internally.
	* tests/commandtest.c: New test.
	* tests/Makefile.am (check_PROGRAMS): Run it.
	* tests/commandhelper.c: Auxiliary program.
	* tests/commanddata/test2.log - test15.log: New expected outputs.
	* cfg.mk (useless_free_options): Add virCommandFree.
	(msg_gen_function): Add virCommandError.
	* po/POTFILES.in: New translation.
	* .x-sc_avoid_write: Add exemption.
	* tests/.gitignore: Ignore new built file.

2010-12-03  Eric Blake  <eblake@redhat.com>

	util: add virVasprintf
	* src/util/util.h (virVasprintf): New declaration.
	* src/util/util.c (virVasprintf): New function.
	(virAsprintf): Use it.
	* src/util/virtaudit.c (virAuditSend): Likewise.
	* src/libvirt_private.syms: Export it.
	* cfg.mk (sc_prohibit_asprintf): Also prohibit vasprintf.
	* .x-sc_prohibit_asprintf: Add exemption.

	util: fix saferead type
	* src/util/util.c (saferead): Fix return type.
	(safewrite): Fix indentation.

2010-12-02  Daniel P. Berrange  <berrange@redhat.com>

	Tweak daemon event debug to include errno
	* daemon/event.c: Include errno in debug info upon poll() failure

	Fix memory leak in logging setup
	The logging setup requires const char * strings, but the
	virLogSetFromEnv() strdup's the env variables, thus causing
	a memory leak

	* src/util/logging.c: Avoid strdup'ing env variables

2010-12-02  Jiri Denemark  <jdenemar@redhat.com>

	tests: Add tests for CPU selection in qemu driver

	tests: Support for faking emulator in qemuxml2argv
	This patch allows for using custom scripts instead of /usr/bin/qemu
	emulator in domain XML. To do so, one would specify relative path to the
	custom script in <emulator/>. The path needs to be relative to
	qemuxml2argvdata directory and it will be transparently made absolute in
	runtime. The expected command line needs to contain the exact relative
	path as was used in domain XML.

	The problem is RelaxNG schema for domain XML only allows for absolute
	path within <emulator/>. To workaround it, an extra '/' must be added at
	the beginning of the path. That is, instead of "./qemu.sh" or
	"../emulator/qemu.sh" one would use "/./qemu.sh" or
	"/../emulator/qemu.sh". The extra slash is removed before further
	processing. I don't like this workaround, it's very ugly but it's the
	best option I was able to come up with. Relaxing domain XML schema is
	not an option IMO.

	schemas: Fix cpu element schema
	Both vendor and topology elements are optional.

2010-12-02  Osier Yang  <jyang@redhat.com>

	virsh: Remove using phy as default disk driver in cmdAttachDisk
	* tools/virsh.c (virsh shouldn't use 'phy' as the disk driver if
	user doesn't specify "--driver", it causes bugs, as not all of
	hypervisor driver supports 'phy', and actually hypervisor should
	known the correct default disk driver and subdriver, so remove it)

2010-12-02  Eric Blake  <eblake@redhat.com>

	maint: update .gitignore
	* .gitignore: Ignore recent built file, sort.

2010-12-02  Guido Günther  <agx@sigxcpu.org>

	OpenVZ: drop fd leackage
	Drop unused (and unclosed) errfd and close outfd on exit. Otherwise
	polling the running domains with virt-manager let's us quickly run out
	of fds.

2010-12-02  Osier Yang  <jyang@redhat.com>

	qemu: Use macro for max and min vnc port instead of number
	* src/qemu/qemu_driver.c (though MACROS QEMU_VNC_PORT_MAX, and
	QEMU_VNC_PORT_MIN are defined at the beginning, numbers (65535, 5900)
	are still used, replace them)

	qemu: Fix typo in qemuTeardownDiskPathDeny
	typo in error message, it should be by copy-a-paste
	from "qemuSetupDiskPathAllow".

	* src/qemu/qemu_driver.c (qemuTeardownDiskPathDeny)

2010-12-02  Eric Blake  <eblake@redhat.com>

	qemu: plug memory leak
	* src/qemu/qemu_driver.c (qemudShutdown): Free all strings and the
	ebtables structure.
	* src/libvirt_private.syms (ebtablesContextFree): Export missing
	symbol.
	* src/util/ebtables.c (ebtablesContextFree): Allow early exit.

	libvirtd: avoid memory leak on shutdown
	* daemon/libvirtd.c (qemudRunLoop): Free any remaining client data.

2010-12-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix flaw in thread creation APIs
	The arguments passed to the thread function must be allocated on
	the heap, rather than the stack, since it is possible for the
	spawning thread to continue before the new thread runs at all.
	In such a case, it is possible that the area of stack where the
	thread args were stored is overwritten.

	* src/util/threads-pthread.c, src/util/threads-win32.c: Allocate
	  thread arguments on the heap

2010-12-02  Osier Yang  <jyang@redhat.com>

	virsh: update help for "virsh help help"
	As virsh help supports both command and command group now,
	update "cmdHelp" to print consite help, (this patch is
	increment of "7829052757953023b0826e0293ffe18ed4ab89e9").

	And also remove redundant empty line in "vshUsage".

	* tools/virsh.c

2010-12-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix undefined symbol errors when macvtap support is disabled
	Use macvtap specific functions depending on WITH_MACVTAP.

	Use #if instead of #ifdef to check for WITH_MACVTAP, because
	WITH_MACVTAP is always defined with value 0 or 1.

	Also export virVMOperationType{To|From}String unconditional,
	because they are used unconditional in the domain config code.

2010-12-01  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	Fix warning when macvtap support is disabled

2010-12-01  Justin Clift  <jclift@redhat.com>

	virsh: remove a badly placed line break in virsh -h output
	The output was previously:

	    -c | --connect <uri>    hypervisor connection URI
	    -r | --readonly         connect readonly
	    -d | --debug <num>      debug level [0-5]
	    -h | --help             this help
	    -q | --quiet            quiet mode
	    -t | --timing           print timing information
	    -l | --log <file>       output logging to file
	    -v | --version[=short]  program version

	    -V | --version=long     version and full options

	(note the blank line between the --version types)

	This patch removes the extra blank line.

2010-12-01  Jiri Denemark  <jdenemar@redhat.com>

	tests: Add unit tests for internal CPU APIs

	cpu: Add support for overriding path to CPU map XML file

2010-12-01  Hu Tao  <hutao@cn.fujitsu.com>

	Fall back to QEMUD_SAVE_FORMAT_RAW if compression method fails.
	When dumping a domain, it's reasonable to save dump-file in raw format
	if dump format is misconfigured or the corresponding compress program
	is not available rather then fail dumping.

2010-12-01  Osier Yang  <jyang@redhat.com>

	virsh: Categorize commands into groups for virsh help
	Change the virsh help out. The new output of "virsh help" and
	"virsh --help" will be like:

	 Secret (help keyword 'secret'):
	    secret-define                  define or modify a secret from an XML file
	    secret-dumpxml                 secret attributes in XML
	    secret-set-value               set a secret value
	    secret-get-value               Output a secret value
	    secret-undefine                undefine a secret
	    secret-list                    list secrets

	 Snapshot (help keyword 'snapshot'):
	    snapshot-create                Create a snapshot
	    snapshot-current               Get the current snapshot
	    snapshot-delete                Delete a domain snapshot
	    snapshot-dumpxml               Dump XML for a domain snapshot
	    snapshot-list                  List snapshots for a domain
	    snapshot-revert                Revert a domain to a snapshot

	Also support output help information of specified command group, e.g.

	% ./tools/virsh help "Network Filter"
	 Network Filter (help keyword 'filter'):
	    nwfilter-define                define or update a network filter from an XML file
	    nwfilter-undefine              undefine a network filter
	    nwfilter-dumpxml               network filter information in XML
	    nwfilter-list                  list network filters
	    nwfilter-edit                  edit XML configuration for a network filter

	Each group has a help keyword, e.g.

	% ./tools/virsh help filter
	 Network Filter (help keyword 'filter'):
	    nwfilter-define                define or update a network filter from an XML file
	    nwfilter-undefine              undefine a network filter
	    nwfilter-dumpxml               network filter information in XML
	    nwfilter-list                  list network filters
	    nwfilter-edit                  edit XML configuration for a network filter

	* tools/virsh.c:
	  - introduce new struct "vshCmdGrp" and macros to define the groups.
	  - split previous array "commands" into small arrays which are orgnized
	    by group
	  - changed some functions, e.g. "vshCmdDefSearch"
	  - Added new functions, e.g. "vshCmdGrpSearch"
	  - commands of each group are in "alphabetical order" now.
	  - command groups are in "alphabetical order" now.
	  - the commands are categorized with reference of
	    http://wiki.libvirt.org/page/VirshHelpV2 (by Justin)
	  - the modifications doesn't affect tests

	* TODO:
	  - doc

2010-12-01  Eric Blake  <eblake@redhat.com>

	maint: allow 'make syntax-check' to run again
	* cfg.mk (VC_LIST_ALWAYS_EXCLUDE_REGEX): Permanently exempt
	docs/news.html.in from all future syntax checks.

2010-12-01  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt 0.8.6
	- configure.ac libvirt.spec.in: bump version, add a missing systemtap
	  build requirement
	- docs/news.html.in: add informations about the release
	- po/*: updated Polish and Dutch localizations, and regenerated
	- tests/qemuxml2argvtest.c: Fix build problem

2010-12-01  Stefan Berger  <stefanb@us.ibm.com>

	802.1Qbg: use pre-associate state at beginning of inc. migr
	This patch introduces the usage of the pre-associate state of the IEEE 802.1Qbg standard on incoming VM migration on the target host. It is in response to bugzilla entry 632750.

	https://bugzilla.redhat.com/show_bug.cgi?id=632750

	For being able to differentiate the exact reason as to why a macvtap device is being created, either due to a VM creation or an incoming VM migration, I needed to pass that reason as a parameter from wherever qemudStartVMDaemon is being called in order to determine whether to send an ASSOCIATE (VM creation) or a PRE-ASSOCIATE (incoming VM migration) towards lldpad.

	I am also fixing a problem with the virsh domainxml-to-native call on the way.

	Gerhard successfully tested the patch with a recent blade network 802.1Qbg-compliant switch.

	The patch should not have any side-effects on the 802.1Qbh support in libvirt, but Roopa (cc'ed) may want to verify this.

2010-12-01  Guido Günther  <agx@sigxcpu.org>

	Ignore files generated by "make tags"

	OpenVZ: Fix some overwritten error codes
	Don't overwrite errors during domain creation/definition to ease
	tracking down problems.

	OpenVZ: take veid from vmdef->name when defining new domains
	We currently use the next free veid although there's one given in the
	domain xml. This currently breaks defining new domains since vmdef->name
	and veid don't match leading to the following error later on:

	    error: Failed to define domain from 110.xml
	    error: internal error Could not set UUID

	Since silently ignoring vmdef->name is not nice respect it instead. We
	avoid veid collisions in the upper levels already.

2010-11-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	Log client errors in libvirtd at debug priority
	This reverts commit

	 Log all errors at level INFO to stop polluting syslog
	 04bd0360f32ec628ecf7943b3fd1468d6eb2dde5.

	and makes virRaiseErrorFull() log errors at debug priority
	when called from inside libvirtd. This stops libvirtd from
	polluting it's own log with client errors at error priority
	that'll be reported and logged on the client side anyway.

2010-11-30  Wen Congyang  <wency@cn.fujitsu.com>

	correct the arguments of migrate_speed
	When we set migrate_speed by json, we receive the following
	error message:
	libvirtError: internal error unable to execute QEMU command
	'migrate_set_speed': Invalid parameter type, expected: number

	The reason is that: the arguments of migrate_set_speed
	by json is json number, not json string.

2010-11-29  Jiri Denemark  <jdenemar@redhat.com>

	tests: Fix detection of expected errors

2010-11-29  Justin Clift  <jclift@redhat.com>

	docs: updated c# bindings with arnauds latest changes

2010-11-29  Daniel P. Berrange  <berrange@redhat.com>

	Fix memory leaks in audit & VirtualBox code
	* src/util/virtaudit.c: Free audit string
	* src/vbox/vbox_XPCOMCGlue.c: Free library name

	Remove bogus check for Xen in example program
	The dominfo.py example script has a bogus check for /proc/xen
	existing. The default connection cannot be assumed to be Xen
	any more

	* examples/python/dominfo.py: Remove check for Xen

2010-11-26  Jiri Denemark  <jdenemar@redhat.com>

	doc: Fix spelling of virBufferVSprintf

2010-11-25  Jiri Denemark  <jdenemar@redhat.com>

	Fix host CPU counting on unusual NUMA topologies
	The nodeinfo structure includes

	    nodes   : the number of NUMA cell, 1 for uniform mem access
	    sockets : number of CPU socket per node
	    cores   : number of core per socket
	    threads : number of threads per core

	which does not work well for NUMA topologies where each node does not
	consist of integral number of CPU sockets.

	We also have VIR_NODEINFO_MAXCPUS macro in public libvirt.h which
	computes maximum number of CPUs as (nodes * sockets * cores * threads).

	As a result, we can't just change sockets to report total number of
	sockets instead of sockets per node. This would probably be the easiest
	since I doubt anyone is using the field directly. But because of the
	macro, some apps might be using sockets indirectly.

	This patch leaves sockets to be the number of CPU sockets per node (and
	fixes qemu driver to comply with this) on machines where sockets can be
	divided by nodes. If we can't divide sockets by nodes, we behave as if
	there was just one NUMA node containing all sockets. Apps interested in
	NUMA should consult capabilities XML, which is what they probably do
	anyway.

	This way, the only case in which apps that care about NUMA may break is
	on machines with funky NUMA topology. And there is a chance libvirt
	wasn't able to start any guests on those machines anyway (although it
	depends on the topology, total number of CPUs and kernel version).
	Nothing changes at all for apps that don't care about NUMA.

2010-11-25  Philipp Hahn  <hahn@univention.de>

	Fix broken XML entity for '>'
	Add missing 'g' to '&gt;' of '<product />' source-element.

2010-11-25  Eric Blake  <eblake@redhat.com>

	security, storage: plug memory leaks for security_context_t
	security_context_t happens to be a typedef for char*, and happens to
	begin with a string usable as a raw context string.  But in reality,
	it is an opaque type that may or may not have additional information
	after the first NUL byte, where that additional information can
	include pointers that can only be freed via freecon().

	Proof is from this valgrind run of daemon/libvirtd:

	==6028== 839,169 (40 direct, 839,129 indirect) bytes in 1 blocks are definitely lost in loss record 274 of 274
	==6028==    at 0x4A0515D: malloc (vg_replace_malloc.c:195)
	==6028==    by 0x3022E0D48C: selabel_open (label.c:165)
	==6028==    by 0x3022E11646: matchpathcon_init_prefix (matchpathcon.c:296)
	==6028==    by 0x3022E1190D: matchpathcon (matchpathcon.c:317)
	==6028==    by 0x4F9D842: SELinuxRestoreSecurityFileLabel (security_selinux.c:382)

	800k is a lot of memory to be leaking.

	* src/storage/storage_backend.c
	(virStorageBackendUpdateVolTargetInfoFD): Avoid leak on error.
	* src/security/security_selinux.c
	(SELinuxReserveSecurityLabel, SELinuxGetSecurityProcessLabel)
	(SELinuxRestoreSecurityFileLabel): Use correct function to free
	security_context_t.

	network: plug memory leak
	* src/conf/network_conf.c (virNetworkDHCPRangeDefParseXML): Free
	xml strings when no longer referenced.

	maint: prohibit most uses of xmlGetProp
	Making this change makes it easier to spot the memory leaks
	that will be fixed in the next patch.

	* cfg.mk (sc_prohibit_xmlGetProp): New rule.
	* .x-sc_prohibit_xmlGetProp: New exception.
	* Makefile.am (EXTRA_DIST): Ship exception file.
	* tools/virsh.c (cmdDetachInterface, cmdDetachDisk): Adjust
	offenders.
	* src/conf/storage_conf.c (virStoragePoolDefParseSource):
	Likewise.
	* src/conf/network_conf.c (virNetworkDHCPRangeDefParseXML)
	(virNetworkIPParseXML): Likewise.

	qemu: plug memory leak
	https://bugzilla.redhat.com/show_bug.cgi?id=656795

	* src/qemu/qemu_monitor.c (qemuMonitorFree): Also free the buffer.

	maint: ensure syntax check exceptions are distributed
	* Makefile.am (EXTRA_DIST): Factor exceptions files...
	(syntax_check_excpetions): into new list.  Include recently added
	exceptions.
	* cfg.mk (sc_x_sc_dist_check): New check, copied from coreutils.

	build: enforce files.h usage
	* cfg.mk (sc_prohibit_close): New syntax-check rule.
	* src/util/pci.c (pciWaitForDeviceCleanup): Fix violation.
	* .x-sc_prohibit_close: New exceptions.
	* Makefile.am (EXTRA_DIST): Distribute new file.

2010-11-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	Always close drivers when a virConnectPtr is released
	virConnectClose calls virUnrefConnect which in turn closes
	all open drivers when the refcount of that connection dropped
	to zero. This works fine when you free all other objects that
	hold a ref to the connection before you close it, because in
	this case virUnrefConnect is the one that removes the last
	ref to the connection.

	But it doesn't work when you close the connection first before
	freeing the other objects. This is because the other virUnref*
	functions call virReleaseConnect when they detect that the
	connection's refcount dropped to zero. In this case another
	virUnref* function (different from virUnrefConnect) removes the
	last ref to the connection. This results in not closing the
	open drivers and leaking things that should have been cleaned
	up in the driver close functions.

	To fix this move the driver close calls to virReleaseConnect.

2010-11-25  Osier Yang  <jyang@redhat.com>

	Implementations of virDomainIsUpdated for drivers except qemu
	Except LXC and UML driver, implementations of all other drivers
	simply return 0, because these drivers doesn't have config both
	in memory and on disk, no need to track if the domain of these
	drivers updated or not.

	Rename "xenUnifiedDomainisPersistent" to "xenUnifiedDomainIsPersistent"

	* esx/esx_driver.c
	* lxc/lxc_driver.c
	* opennebula/one_driver.c
	* openvz/openvz_driver.c
	* phyp/phyp_driver.c
	* test/test_driver.c
	* uml/uml_driver.c
	* vbox/vbox_tmpl.c
	* xen/xen_driver.c
	* xenapi/xenapi_driver.c

2010-11-24  Osier Yang  <jyang@redhat.com>

	implement callback function for qemu driver
	* src/qemu/qemu_driver.c (add function qemuDomainIsUpdated)

	implement the remote protocol
	* daemon/remote.c
	* daemon/remote_dispatch_args.h
	* daemon/remote_dispatch_prototypes.h
	* daemon/remote_dispatch_ret.h
	* daemon/remote_dispatch_table.h
	* src/remote/remote_driver.c
	* src/remote/remote_protocol.c
	* src/remote/remote_protocol.h
	* src/remote/remote_protocol.x
	* src/remote_protocol-structs

	implement public API virDomainIsUpdated
	* src/libvirt.c

	define internal driver API
	* src/driver.h (new typedef, new callback member for "_virDriver")
	* src/esx/esx_driver.c
	* src/lxc/lxc_driver.c
	* src/opennebula/one_driver.c
	* src/openvz/openvz_driver.c
	* src/phyp/phyp_driver.c
	* src/qemu/qemu_driver.c
	* src/remote/remote_driver.c
	* src/test/test_driver.c
	* src/uml/uml_driver.c
	* src/vbox/vbox_tmpl.c
	* src/xen/xen_driver.c
	* src/xenapi/xenapi_driver.c

	virDomainIsUpdated: define the new public API
	introduce new public API "virDomainIsUpdated"

	* src/conf/domain_conf.h (new member "updated" for "virDomainObj")
	* src/libvirt_public.syms
	* include/libvirt/libvirt.h.in

2010-11-24  Eric Blake  <eblake@redhat.com>

	maint: sort exports
	* src/libvirt_private.syms (buf.h): Sort.

2010-11-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote: Fix TLS transport on Windows
	gnulib wraps Windows' SOCKET handle based send() and recv() functions
	into file descriptor based ones that are used in libvirt.

	Even though GnuTLS is using gnulib too, it explicitly doesn't use
	gnulib's replacement functions on Windows. By default GnuTLS uses the
	SOCKET handle based send() and recv(). This makes gnutls_handshake()
	fail internally with a WSAENOTSOCK error because libvirt passes a
	file descriptor; GnuTLS needs the SOCKET handle.

	To avoid this mismatch make sure that GnuTLS uses gnulib's replacment
	functions, by setting custom pull() and push() functions for GnuTLS.

2010-11-24  Cole Robinson  <crobinso@redhat.com>

	tests: Fix dispatching internal error reports
	Without this fix, the test suite doesn't print error messages when a libvirt
	function fails. Additionally, only print error reports if DEBUG or VERBOSE
	requested.

2010-11-23  Eric Blake  <eblake@redhat.com>

	libvirtd: fix bug when shrinking number of clients
	* daemon/libvirtd.c (qemudRunLoop): Pass allocation size, not
	current count, to VIR_SHRINK_N.
	* docs/hacking.html.in: Update doc example.
	* HACKING: Regenerate.

2010-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Rename 'remove' param to 'toremove' to avoid clash with stdio.h
	The stdio.h header has a function called 'remove' declared. This
	clashes with the 'remove' parameter in virShrinkN

	* src/util/memory.c: Rename 'remove' to 'toremove'

	Fix 32-bit int truncation in QED header check
	* src/util/memory.c: Avoid 32-bit truncation extracting a 64bit int

	Fix error handling in virsh when listing storage volumes
	virsh was not checking for a error code when listing storage
	volumes. So when listing volumes in a pool that was shutoff,
	no output was displayed

	* tools/virsh.c: Fix error handling when listing volumes

	Improve SCSI volume name generation
	The SCSI volumes currently get a name like '17:0:0:1' based
	on $host:$bus:$target:$lun. The names are intended to be unique
	per pool and stable across pool restarts. The inclusion of the
	$host component breaks this, because the $host number for iSCSI
	pools is dynamically allocated by the kernel at time of login.
	This changes the name to be 'unit:0:0:1', ie removes the leading
	host component. The 'unit:' prefix is just to ensure the volume
	name doesn't start with a number and make it clearer when seen
	out of context.

	* src/storage/storage_backend_scsi.c: Improve volume name
	  field value stability and uniqueness

	Fix error codes returned when a storage pool is inactive
	Many operations are not valid on inactive storage pools. The
	storage driver is currently returning VIR_ERR_INTERNAL_ERROR
	in these cases, rather than the more suitable error code
	VIR_ERR_OPERATION_INVALID

	* src/storage/storage_driver.c: Fix error code when pool
	  is not active

	Check whether pools are already active upon libvirtd startup
	When libvirt starts up all storage pools default to the inactive
	state, even if the underlying storage is already active on the
	host. This introduces a new API into the internal storage backend
	drivers that checks whether a storage pool is already active. If
	the pool is active at libvirtd startup, the volume list will be
	immediately populated.

	* src/storage/storage_backend.h: New internal API for checking
	  storage pool state
	* src/storage/storage_driver.c: Check whether a pool is active
	  upon driver startup
	* src/storage/storage_backend_fs.c, src/storage/storage_backend_iscsi.c,
	  src/storage/storage_backend_logical.c, src/storage/storage_backend_mpath.c,
	  src/storage/storage_backend_scsi.c: Add checks for pool state

	Remove bogus port handling code in virsh
	The "find-storage-pool-sources-as" command takes two arguments,
	a hostname and a port number. For some reason the code would
	also then look for a port number appended to the hostname
	string by searching for ':'. This totally breaks if the user
	gives an IPv6 address, and is redundant, since you can already
	provide a port as a separate argument

	* tools/virsh.c: Remove bogus port number handling code

	Allow iSCSI IQN to be set with find-storage-pool-sources-as command
	Allow an iSCSI initiator IQN to be set with the XML for the
	find-storage-pool-sources-as virsh command

	* tools/virsh.c: Add iSCSI IQN support

	Switch the virsh XML generation to use virBuffer instead of virAsprintf
	The code generating XML for storage pool source discovery is
	hardcoded to only allow a hostname and optional port number.
	Refactor this code to make it easier to add support for extra
	parameters.

	* tools/virsh.c: Refactor XML generator

	Add support for iSCSI target auto-discovery
	Since the previous patch added support for parsing the output of
	the 'sendtargets' command, it is now trivial to support the
	storage pool discovery API.

	Given a hostname and optional portnumber and initiator IQN,
	the code can return a full list of storage pool source docs,
	each one representing a iSCSI target.

	* src/storage/storage_backend_iscsi.c: Wire up target
	  auto-discovery

	Stop iSCSI targets automatically logging back in after logout
	The Linux iSCSI initiator toolchain has the dubious feature that
	if you ever run the 'sendtargets' command to merely query what
	targets are available from a server, the results will be recorded
	in /var/lib/iscsi. Any time the '/etc/init.d/iscsi' script runs
	in the future, it will then automatically login to all those
	targets. /etc/init.d/iscsi is automatically run whenever a NIC
	comes online.

	So from the moment you ask a server what targets are available,
	your client will forever more automatically try to login to all
	targets without ever asking if you actually want it todo this.

	To stop this stupid behaviour, we need to run

	  iscsiadm --portal $PORTAL --target $TARGET
	   --op update --name node.startup --value manual

	For every target on the server.

	* src/storage/storage_backend_iscsi.c: Disable automatic login
	  for targets found as a result of a 'sendtargets' command

	Refactor iSCSI driver code to facilitate future changes
	The following series of patches are adding significant
	extra functionality to the iSCSI driver. THe current
	internal helper methods are not sufficiently flexible
	to cope with these changes. This patch refactors the
	code to avoid needing to have a virStoragePoolObjPtr
	instance as a parameter, instead passing individual
	target, portal and initiatoriqn parameters.

	It also removes hardcoding of port 3260 in the portal
	address, instead using the XML value if any.

	* src/storage/storage_backend_iscsi.c: Refactor internal
	  helper methods

	Fix parsing of port attribute in storage XML configuration
	The XML docs describe a 'port' attribute for the
	storage source <host> element, but the parser never
	handled it.

	* docs/schemas/storagepool.rng: Define port attribute
	* src/conf/storage_conf.c: Add missing parsing/formatting
	  of host port number
	* src/conf/storage_conf.h: Remove bogus/unused 'protocol' field

	Don't catch SIGCHLD in libvirtd
	libvirtd no longer deals with SIGCHLD in its signal handler
	since the QEMU driver switched to always daemonize processes.
	Thus remove the sigaction for it, to avoid warning log
	messages

	* daemon/libvirtd.c: Don't catch SIGCHLD

	Ensure logfile isn't truncated by shutdown message.
	When running non-root, the QEMU log file is usually opened with
	truncation, since there is no logrotate for non-root usage.
	This means that when libvirt logs the shutdown timestamp, the
	log is accidentally truncated

	* src/qemu/qemu_driver.c: Never truncate log file with shutdown
	  message

	Remove trailing ':' from timestamp
	The QEMU logger appends a ':' to the timestamp when it deems
	it neccessary, so the virTimestamp API should not duplicate
	this

	* src/util/util.c: Remove trailing ':' from timestamp

	Log all errors at level INFO to stop polluting syslog
	Everytime a public API returns an error, libvirtd pollutes
	syslog with that error message. Reduce the error logging
	level to INFO so these don't appear by default.

	* src/util/virterror.c: Log all errors at INFO

	Ensure virExec preserves logging environment
	The virFork call resets all logging handlers that may have been
	set. Re-enable them after fork in virExec, so that env variables
	fir LIBVIRT_LOG_OUTPUTS and LIBVIRT_LOG_FILTERS take effect
	until the execve()

	* src/util/util.c: Preserve logging in child in virExec

	Include a thread identifier in log messages
	To allow messages from different threads to be untangled,
	include an integer thread identifier in log messages.

	* src/util/logging.c: Include thread ID
	* src/util/threads.h, src/util/threads.h, src/util/threads-pthread.c:
	  Add new virThreadSelfID() function
	* configure.ac: Check for sys/syscall.h

2010-11-23  Cole Robinson  <crobinso@redhat.com>

	qemu: setvcpus: Save config changes to disk
	Currently changes to the persistent config aren't flushed to disk, meaning
	they are lost if the domain is redefined or libvirtd is restarted.

	qemu: setvcpus: Simplify altering the persistent config
	Do this by adding a helper function to get the persistent domain config. This
	should be useful for other functions that may eventually want to alter
	the persistent domain config (attach/detach device). Also make similar changes
	to the test drivers setvcpus command.

	A caveat is that the function will return the running config for a transient
	domain, rather than error. This simplifies callers, as long as they use
	other methods to ensure the guest is persistent.

	qemu: setvcpus: Fix maxvcpus check
	Doing 'virsh setvcpus $vm --config 10' doesn't check the value against the
	domains maxvcpus value. A larger value for example will prevent the guest
	from starting.

	Also make a similar change to the test driver.

	conf: domain: Improve vcpus validation reporting

	Make state driver device hotplug/update actually transient
	The current semantics of non-persistent hotplug/update are confusing: the
	changes will persist as long as the in memory domain definition isn't
	overwritten. This means hotplug changes stay around until the domain is
	redefined or libvirtd is restarted.

	Call virDomainObjSetDefTransient at VM startup, so that we properly discard
	hotplug changes when the VM is shutdown.

	domain_conf: Add virDomainObjSetDefTransient
	This function sets the running domain definition as transient, by reparsing
	the persistent config and assigning it to newDef. This ensures that any
	changes made to the running definition and not the persistent config are
	discarded when the VM is shutdown.

	xend: Escape reserved sexpr characters
	If we don't escape ' or \ xend can't parse the generated sexpr. This
	might over apply the EscapeSexpr routine, but it shouldn't hurt.

	buf: Simplify virBufferEscapeString
	We are about to copy this function, so clean it up before we do.

	xend: urlencode: Properly escape '&'
	Since we send the sexpr to xend via HTTP, we need to properly escape
	'&'

	conf: Fix parsing python style triple quotes
	An incorrect check broke matching the closing set of quotes. Update
	tests to cover this case for XM config files.

	conf: Convert ParseString to use STRPREFIX

	schemas: domain: Add more valid file path chars
	Also, standardize path usage on 'filePath' and 'absFilePath'

2010-11-23  Adam Litke  <agl@us.ibm.com>

	qed: Minor updates to QED support patches
	This patch makes two corrections to the newly-added QED support patch series:

	 - Correct the QED header field offsets
	 - Remove XML parsing for VIR_STORAGE_FILE_AUTO_SAFE

2010-11-22  Justin Clift  <jclift@redhat.com>

	docs: removed outdated reference to virt-mem
	The virt-mem program is no longer shipped, but was still being
	referenced at the bottom of the virsh and libvirtd man pages.

	This patch removes it from those man pages, addressing
	BZ# 639603:

	  https://bugzilla.redhat.com/show_bug.cgi?id=639603

2010-11-20  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: re-order lock grabbed by IP addr. learn thread
	The IP address learning thread was causing a deadlock when it instantiated a filter while a filter update/change was ongoing. The reason for this was the ordering of locks due to the following calls

	virNWFilterUnlockFilterUpdates()
	virNWFilterPoolObjFindByName()

	The below patch now puts the order of the locks in the above shown order when instantiating the filter from the IP address learning thread.

2010-11-20  Adam Litke  <agl@us.ibm.com>

	Support for probing qed image metadata
	Implement getBackingStore() for QED images.  The header format is defined in
	the QED spec: http://wiki.qemu.org/Features/QED .

	Cc: Stefan Hajnoczi <stefan.hajnoczi@uk.ibm.com>
	Cc: Anthony Liguori <aliguori@linux.vnet.ibm.com>

	storage_file: Add a new flag to mark backing files that are safe to probe

	QED: Basic support for QED images
	Add an entry in fileTypeInfo for QED image files.

	Cc: Stefan Hajnoczi <stefan.hajnoczi@uk.ibm.com>
	Cc: Anthony Liguori <aliguori@linux.vnet.ibm.com>

	Allow probing of image formats without version information
	Disk image formats that wish to opt-out of version validation are supposed to
	set versionOffset to -1 in their fileTypeInfo entry.

	By unconditionally returning False for these formats,
	virStorageFileMatchesVersion() incorrectly reports a version mismatch when the
	test was actually skipped.  The correct behavior is to return True so these
	formats can be successfully probed using the magic bytes alone.

2010-11-19  Eric Blake  <eblake@redhat.com>

	maint: tighten strncmp syntax check
	Using 'int ret = strcmp(a, b)' in a qsort function is a valid use of
	str[n]cmp that should _not_ be turned to STREQ, but it was falling
	foul of our specific syntax-check.  Meanwhile, gnulib's maint.mk
	already has a tighter bound for strcmp, so we can copy that regex and
	just check for strncmp, which results in fewer false positives that
	require exceptions.

	* cfg.mk (sc_prohibit_strcmp_and_strncmp): Rename...
	(sc_prohibit_strncmp): ...to this, and tighten, to mirror
	maint.mk's sc_prohibit_strcmp's better regex.
	* Makefile.am (syntax_check_exceptions): Update exception rule.
	* .x-sc_prohibit_strcmp_and_strncmp: Rename...
	* .x-sc_prohibit_strncmp: ...and trim.

2010-11-19  Daniel P. Berrange  <berrange@redhat.com>

	virExec: fix bug in setting up child stderr/out with /dev/null

2010-11-19  Eric Blake  <eblake@redhat.com>

	capabilities, cpu: use new array API
	* src/conf/capabilities.h (_virCaps, _virCapsHost, _virCapsGuest)
	(_virCapsGuestArch): Add additional fields.
	* src/conf/cpu_conf.h (_virCPUDef): Likewise.
	* src/conf/capabilities.c (virCapabilitiesFormatXML): Reflect
	updated type.
	(virCapabilitiesAddGuest, virCapabilitiesAddHostFeature)
	(virCapabilitiesAddHostMigrateTransport)
	(virCapabilitiesAddHostNUMACell, virCapabilitiesAddGuestFeature)
	(virCapabilitiesAddGuestDomain): Use new array APIs.
	* src/conf/cpu_conf.c (virCPUDefAddFeature, virCPUDefCopy)
	(virCPUDefParseXML): Likewise.
	* tests/testutilsqemu.c (testQemuCapsInit): Adjust test.

	daemon: use safer memory growth macros
	* daemon/libvirtd.h (qemud_server): Change types of members
	tracking array sizes, and add allocation trackers.
	* daemon/event.c (virEventLoop): Likewise.
	(virEventAddHandleImpl, virEventAddTimeoutImpl)
	(virEventCleanupTimeouts, virEventCleanupHandles): Use
	VIR_RESIZE_N instead of VIR_REALLOC_N.  Tweak debug messages to
	match type changes.
	* daemon/libvirtd.c (qemudDispatchServer, qemudRunLoop): Likewise.

	memory: make it easier to avoid quadratic scaling of arrays
	* src/util/memory.h (VIR_RESIZE_N): New macro.
	* src/util/memory.c (virResizeN): New function.
	* src/libvirt_private.syms: Export new helper.
	* docs/hacking.html.in: Document it.
	* HACKING: Regenerate.

	memory: make it safer to expand arrays
	* src/util/memory.h (VIR_REALLOC_N): Update docs.
	(VIR_EXPAND_N, VIR_SHRINK_N): New macros.
	(virAlloc, virAllocN, virReallocN, virAllocVar, virFree): Add some
	gcc attributes.
	* src/util/memory.c (virExpandN, virShrinkN): New functions.
	(virReallocN): Update docs.
	* src/libvirt_private.syms: Export new helpers.
	* docs/hacking.html.in: Prefer newer interfaces over
	VIR_REALLOC_N, since uninitialized memory can bite us.
	* HACKING: Regenerate.

2010-11-19  Osier Yang  <jyang@redhat.com>

	doc: Add doc for missed options of migrate
	* tools/virsh.pod (add doc for options like "--p2p", "--direct",
	"--copy-storage-all", "dname", etc.)

	doc: add doc for missed parameters of attach-disk
	* tools/virsh.pod (add docs for --persistent and --sourcetype
	of attach-disk, break the long lines in the meantime)

2010-11-19  Daniel Veillard  <veillard@redhat.com>

	Fix a failure to restore SELinux label for character devices
	The code in SELinuxRestoreSecurityChardevLabel() was trying to
	use SELinuxSetFilecon directly for devices or file types while
	it should really use SELinuxRestoreSecurityFileLabel encapsulating
	routine, which avoid various problems like resolving symlinks,
	making sure he file exists and work around NFS problems

2010-11-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	virt-aa-helper: Fix several compile errors
	Include locale.h for setlocale().

	Revert the usage string back to it's original form.

	Use puts() instead of fputs(), as fputs() expects a FILE*.

	Add closing parenthesis to some vah_error() calls.

	Use argv[0] instead of an undefined argv0.

2010-11-18  Eric Blake  <eblake@redhat.com>

	build: fix autobuild failures on gcov upgrade
	Last time I ran ./autobuild.sh was on F13; and upgrading to F14
	exposed these leftovers due to a newer gcov than what was in the stale
	files, in the form of spurious messages that break 'make check':

	+profiling:/home/remote/eblake/libvirt-tmp/tools/virsh-console.gcda:Version mismatch - expected 405R got 404R

	and concluding with a bug in the autobuild.sh script itself:

	./autobuild.sh: line 44: test: =: unary operator expected

	* autobuild.sh: avoid syntax error on failed test
	* tools/Makefile.am (CLEANFILES): Clean coverage files.

2010-11-18  Osier Yang  <jyang@redhat.com>

	doc: update virsh manual
	* tools/virsh.pod (change things like "edit domain.xml" into
	  "vi domain.xml", so that it's more clear for user)

2010-11-18  Eric Blake  <eblake@redhat.com>

	maint: avoid remaining sprintf uses
	* cfg.mk (sc_prohibit_sprintf): New rule.
	(sc_prohibit_asprintf): Avoid false positives.
	* docs/hacking.html.in (Printf-style functions): Document the
	policy.
	* HACKING: Regenerate.
	* .x-sc_prohibit_sprintf: New exemptions.
	* Makefile.am (syntax_check_exceptions): Ship new file.
	* src/vbox/vbox_tmpl.c (vboxStartMachine, vboxAttachUSB): Use
	virAsprintf instead.
	* src/uml/uml_driver.c (umlOpenMonitor): Use snprintf instead.
	* tools/virsh.c (cmdDetachInterface): Likewise.
	* src/security/security_selinux.c (SELinuxGenSecurityLabel):
	Likewise.
	* src/openvz/openvz_driver.c (openvzDomainDefineCmd): Likewise,
	and ensure large enough buffer.

	virt-aa-helper: translate error messages
	These messages are visible to the user, so they should be
	consistently translated.

	* cfg.mk (msg_gen_function): Add vah_error, vah_warning.
	* src/security/virt-aa-helper.c: Translate messages.
	(catchXMLError): Fix capitalization.

	maint: update to latest gnulib
	Allows bootstrap to work on FreeBSD, where gzip doesn't have a '.'
	in its version; and silences false positives in the new
	'make syntax-check' rule.

	* .gnulib: Update to latest.
	* bootstrap: Synchronize to upstream.
	* .x-sc_bindtextdomain: New exemptions.
	* Makefile.am (syntax_check_exceptions): Ship new file.
	* .gitignore: Regenerate per latest bootstrap, anchor entries that
	are only in the root directory, and consolidate entries from other
	generated .gitignore files.
	* build-aux/.gitignore, m4/.gitignore, po/.gitignore: Remove from
	version control, since bootstrap generates them.

	maint: improve i18n on non-Linux
	Per the gettext developer:
	http://lists.gnu.org/archive/html/bug-gnu-utils/2010-10/msg00019.html
	http://lists.gnu.org/archive/html/bug-gnu-utils/2010-10/msg00021.html

	gettext() doesn't work correctly on all platforms unless you have
	called setlocale().  Furthermore, gnulib's gettext.h has provisions
	for setting up a default locale, which is the preferred method for
	libraries to use gettext without having to call textdomain() and
	override the main program's default domain (virInitialize already
	calls bindtextdomain(), but this is insufficient without the
	setlocale() added in this patch; and a redundant bindtextdomain()
	in this patch doesn't hurt, but serves as a good example for other
	packages that need to bind a second translation domain).

	This patch is needed to silence a new gnulib 'make syntax-check'
	rule in the next patch.

	* daemon/libvirtd.c (main): Setup locale and gettext.
	* src/lxc/lxc_controller.c (main): Likewise.
	* src/security/virt-aa-helper.c (main): Likewise.
	* src/storage/parthelper.c (main): Likewise.
	* tools/virsh.c (main): Fix exit status.
	* src/internal.h (DEFAULT_TEXT_DOMAIN): Define, for gettext.h.
	(_): Simplify definition accordingly.
	* po/POTFILES.in: Add src/storage/parthelper.c.

2010-11-17  Eric Blake  <eblake@redhat.com>

	maint: use gnulib configmake rather than open-coding things
	* bootstrap.conf (gnulib_modules): Add configmake.
	* daemon/Makefile.am (libvirtd_CFLAGS): Drop defines provided by
	gnulib.
	* src/Makefile.am (INCLUDES): Likewise.
	* tests/Makefile.am (INCLUDES): Likewise.
	* tools/Makefile.am (virsh_CFLAGS): Likewise.
	* daemon/libvirtd.c (qemudInitPaths, usage, main): Update
	clients.
	* src/cpu/cpu_map.c (CPUMAPFILE): Likewise.
	* src/driver.c (DEFAULT_DRIVER_DIR): Likewise.
	* src/internal.h (_): Likewise.
	* src/libvirt.c (virInitialize): Likewise.
	* src/lxc/lxc_conf.h (LXC_CONFIG_DIR, LXC_STATE_DIR, LXC_LOG_DIR):
	Likewise.
	* src/lxc/lxc_conf.c (lxcCapsInit, lxcLoadDriverConfig):
	Likewise.
	* src/network/bridge_driver.c (NETWORK_PID_DIR)
	(NETWORK_STATE_DIR, DNSMASQ_STATE_DIR, networkStartup): Likewise.
	* src/nwfilter/nwfilter_driver.c (nwfilterDriverStartup):
	Likewise.
	* src/qemu/qemu_conf.c (qemudLoadDriverConfig): Likewise.
	* src/qemu/qemu_driver.c (qemudStartup): Likewise.
	* src/remote/remote_driver.h (LIBVIRTD_PRIV_UNIX_SOCKET)
	(LIBVIRTD_PRIV_UNIX_SOCKET_RO, LIBVIRTD_CONFIGURATION_FILE)
	(LIBVIRT_PKI_DIR): Likewise.
	* src/secret/secret_driver.c (secretDriverStartup): Likewise.
	* src/security/security_apparmor.c (VIRT_AA_HELPER): Likewise.
	* src/security/virt-aa-helper.c (main): Likewise.
	* src/storage/storage_backend_disk.c (PARTHELPER): Likewise.
	* src/storage/storage_driver.c (storageDriverStartup): Likewise.
	* src/uml/uml_driver.c (TEMPDIR, umlStartup): Likewise.
	* src/util/hooks.c (LIBVIRT_HOOK_DIR): Likewise.
	* tools/virsh.c (main): Likewise.
	* docs/hooks.html.in: Likewise.

2010-11-17  Stefan Berger  <stefanb@us.ibm.com>

	replace last instances of close()
	I am replacing the last instances of close() I found with VIR_CLOSE() / VIR_FORCE_CLOSE respectively.

	The first part patches virsh, which I missed out on previously.

	The 2nd patch I had left out intentionally to look at it more carefully:
	The 'closed' variable could be easily removed since it wasn't used anywhere else. The possible race condition that could result from the filedescriptor being closed and not set to -1 (and possibly let us write into 'something' totally different if the fd was allocated by another thread) seems to be prevented by the qemuMonitorLock() already placed around the code that reads from or writes to the fd. So the change of this code as shown in the patch should not have any side-effects.

	nwfilter: also purge ip(6)tables rules before detecting IP address
	Rather than only cleaning any remaining ebtables rules, also clean those applied to iptables and ip6tables when detecting the IP address of an interface. Previous applied iptables rules may hinder DHCP packets.

	deprecate fclose() and introduce VIR_{FORCE_}FCLOSE()
	Similarly to deprecating close(), I am now deprecating fclose() and
	introduce VIR_FORCE_FCLOSE() and VIR_FCLOSE(). Also, fdopen() is replaced with
	VIR_FDOPEN().

	Most of the files are opened in read-only mode, so usage of
	VIR_FORCE_CLOSE() seemed appropriate. Others that are opened in write
	mode already had the fclose()<  0 check and I converted those to
	VIR_FCLOSE()<  0.

	I did not find occurrences of possible double-closed files on the way.

2010-11-17  Osier Yang  <jyang@redhat.com>

	daemon: fix indention problem in daemon/libvirt.c
	* daemon/libvirtd.c

	qemu: fix typos in qemu_monitor_text.c
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextChangeMedia)

	qemu: record timestamp in qemu domain log
	Currently only support domain start and shutdown, for domain start,
	record timestamp before the qemu command line, and for domain shutdown,
	just say it's shutting down with timestamp.

	* src/qemu/qemu_driver.c (qemudStartVMDaemon, qemudShutdownVMDaemon
	  introduced two macros - START_POSTFIX, SHUTDOWN_POSTFIX)

	virsh: add net-info command
	To list basic information about the network.

	* tools/virsh.c
	* tools/virsh.pod

2010-11-16  Eric Blake  <eblake@redhat.com>

	nwfilter: use /bin/sh rather than requiring bash
	* src/nwfilter/nwfilter_ebiptables_driver.c (CMD_EXEC): Fix syntax
	error in previous patch.
	Reported by Stefan Berger.

	nwfilter: use /bin/sh rather than requiring bash
	* src/nwfilter/nwfilter_ebiptables_driver.c
	(ebiptablesWriteToTempFile): Use /bin/sh.
	(bash_cmd_path): Delete.
	(ebiptablesDriverInit, ebiptablesDriverShutdown): No need to
	search for bash.
	(CMD_EXEC): Prefer $() over ``, since we can assume POSIX.
	(iptablesSetupVirtInPost): Use portable 'test' syntax.
	(iptablesLinkIPTablesBaseChain): Use POSIX $(()) syntax.

2010-11-16  Laine Stump  <laine@laine.org>

	interface.rng: Make miimon and arpmon optional for bond interfaces
	This has been optional in netcf for awhile, but the change hadn't been
	propogated to the libvirt copy of the RNG.

2010-11-16  Stefan Berger  <stefanb@us.ibm.com>

	macvtap: convert send / recv function to use libnl
	In a second step I am converting the netlink send/receive functions to
	use libnl.

	I tested this with 802.1Qbg profiles and my test server and did not see
	a regression.

	Caveat: The online documentation of libnl talks about nl_socket_alloc()
	but the header file provides nl_handle_alloc() -- this could be a hint
	to a possible problem between libnl versions...

	http://www.infradead.org/~tgr/libnl/doc/group__socket.html

	versus

	http://libnl.sourcearchive.com/documentation/1.1/group__socket_gf903c9ea089735b1ba8e40dae801c47d.html

2010-11-16  Laine Stump  <laine@laine.org>

	Fix ipv4-addr definition in interface.rng
	Eric Blake pointed out a deficiency in this regex when it was
	copy-pasted into network.rng. This is just propogating the fix back to
	its origin.

2010-11-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	Use python discovered through env instead of hardcoding a path
	This is more flexible regarding the location of the python binary
	but doesn't allow to pass the -u flag. The -i flag can be passed
	from inside the script using the PYTHONINSPECT env variable.

	This fixes a problem with the esx_vi_generator.py on FreeBSD.

	esx: Avoid warnings about breaking strict-aliasing rules on FreeBSD

	Make sure struct sockaddr_in is defined on FreeBSD

	configure: Disable FS storage driver if mntent.h is not available
	This is the case on FreeBSD.

	daemon: Include stdlib.h in dispatch.c
	Otherwise GCC complains about malloc being unknown on FreeBSD.

2010-11-13  Justin Clift  <jclift@redhat.com>

	docs: updated virsh command reference with libvirt.org links

2010-11-13  Matthias Bolte  <matthias.bolte@googlemail.com>

	configure: Remove bashism and replace 'test ==' with 'test ='
	This also fixes configure problems on FreeBSD, as test doesn't
	understand '==' there.

	virsh: Fix compile error in VPATH build
	tools/console.c depends on daemon/event.h.

	Generate HACKING from docs/hacking.html.in

	docs: Prepare hacking.html.in to generate HACKING from it
	Tweak pre tags to achieve proper indentation of their
	plaintext representation. Also use more b/i/code tags.

2010-11-13  Justin Clift  <jclift@redhat.com>

	docs: updated csharp pages with latest info

	docs: trivial typo fix

	docs: added virsh command reference page.
	Using temporary location links for the moment, until we get a
	proper place to store the files on the libvirt.org server.

2010-11-12  Cole Robinson  <crobinso@redhat.com>

	rpm: Fix summary wording

2010-11-12  John Morrissey  <jwm@horde.net>

	qemu: Remove unnecessary quoting from the process name argument

2010-11-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	phyp: Don't do a flags check in the storage driver
	This makes the storage driver fail when the connection is
	opened with the VIR_CONNECT_RO flag, resulting in a read-only
	connection with no storage driver.

	qemu: Add qemu-system-s390x to the emulators list

2010-11-12  Stefan Berger  <stefanb@us.ibm.com>

	macvtap: convert nl msg construction to use libnl
	In a first step I am converting the netlink message construction in
	macvtap code to use libnl. It's pretty much a 1:1 conversion except that
	now the message needs to be allocated and deallocated.

2010-11-12  Laine Stump  <laine@laine.org>

	Do a better job of validating IP and MAC addresses in network.rng
	IP addresses and MAC addresses had been defined in the RNG simply as
	<text/> meaning that, according to the RNG, any string could go in
	there. Of course the C parsing code does a much better job of
	validating, but we may as well have this describing the contents
	accurately (even though it's currently only used during "make check").

	re-indent network.rng following structural change
	This commit is whitespace changes only, do avoid obscuring actual code
	changes.

	Put network.rng contents inside <grammar> for uniformity with other RNGs
	All the other RNG files in libvirt are enclosed within <grammar>. This
	commit makes the syntactical changes necessary to make network.rng fit
	that pattern. (This is the first step in adding some data type
	definitions to network.rng for more exact validation of IP and MAC
	addresses).

	Formatting changes (indentation) will be done in a subsequent commit,
	so that actual changes to the code won't be obscured by whitespace.

2010-11-12  Jamie Strandboge  <jamie@canonical.com>

	virt-aa-helper should require <uuid> in XML
	When <uuid> is not in the XML, a virUUIDGenerate() ends up being called which
	is unnecessary and can lead to crashes if /dev/urandom isn't available
	because virRandomInitialize() is not called within virt-aa-helper. This patch
	adds verify_xpath_context() and updates caps_mockup() to use it.

	Bug-Ubuntu: https://launchpad.net/bugs/672943

2010-11-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Support SMBIOS host mode

2010-11-12  Laine Stump  <laine@laine.org>

	remote_driver.c: fix non-literal format strings w/o args

	ignore SELinuxSetFilecon error in SELinuxSetSecurityFileLabel if on nfs
	If virDomainAttachDevice() was called with an image that was located
	on a root-squashed NFS server, and in a directory that was unreadable
	by root on the machine running libvirtd, the attach would fail due to
	an attempt to change the selinux label of the image with EACCES (which
	isn't covered as an ignore case in SELinuxSetFilecon())

	NFS doesn't support SELinux labelling anyway, so we mimic the failure
	handling of commit 93a18bbafaf11729d3ca1241e11bee133d77fa77, which
	just ignores the errors if the target is on an NFS filesystem (in
	SELinuxSetSecurityAllLabel() only, though.)

	This can be seen as a follow-on to commit
	347d266c51705f4987fa5ce2a0ecb314ed8745ce, which ignores file open
	failures of files on NFS that occur directly in
	virDomainDiskDefForeachPath() (also necessary), but does not ignore
	failures in functions that are called from there (eg
	SELinuxSetSecurityFileLabel()).

2010-11-12  Daniel P. Berrange  <berrange@redhat.com>

	Fix reference counting bug in virsh console
	The event watches need to be removed before the event loop
	terminates, otherwise they cause a dangling reference to
	be held on the virStreamPtr, which in turns holds a reference
	on virConnectPtr, which in turn causes errors like

	  "Failed to disconnect from the hypervisor"

	* tools/console.c: Remove watches before event loop quits
	* tools/virsh.c: Print out dangling reference count

	Wire up virDomainOpenConsole for LXC, Xen and UML
	Introduce implementations of the virDomainOpenConsole() API
	for LXC, Xen and UML drivers.

	* src/lxc/lxc_driver.c, src/lxc/lxc_driver.c,
	  src/xen/xen_driver.c: Wire up virDomainOpenConsole

	Fix busy-wait loop on closed file descriptor
	When closing open streams after a client quits, the event
	callback was not removed. This mean that poll() was using
	a closed FD and returning POLLNVAL in a busy-wait loop.

	* daemon/stream.c: Disconnect stream callbacks

	Re-write virsh console to use streams
	This re-writes the 'virsh console' command so that it uses
	the new streams API. This lets it run remotely and/or as a
	non-root user. This requires that virsh be linked against
	the simple event loop from libvirtd in daemon/event.c
	As an added bonus, it can now connect to any console device,
	not just the first one.

	* tools/Makefile.am: Link to event.c
	* tools/console.c, tools/console.h: Rewrite to use the
	  virDomainOpenConsole() APIs with streams
	* tools/virsh.c: Support choosing the console name
	  via --devname $NAME

	Convert daemon/events.c to use virMutex and virThread
	The code currently uses pthreads APIs directly. This is not
	portable to Win32 threads. Switch it over to use the portability
	APIs. Also add a wrapper for pipe() which is subtely different
	on Win32

	* daemon/event.c: Switch to use virMutex & virThread.

	Introduce portability APIs for creating threads
	The util/threads.c/h code already has APIs for mutexes,
	condition variables and thread locals. This commit adds
	in code for actually creating threads.

	* src/libvirt_private.syms: Export new symbols
	* src/util/threads.h: Define APIs virThreadCreate, virThreadSelf,
	  virThreadIsSelf and virThreadJoin
	* src/util/threads-win32.c, src/util/threads-win32.h: Win32
	  impl of threads
	* src/util/threads-pthread.c, src/util/threads-pthread.h: POSIX
	  impl of threads

	Support virDomainOpenConsole with QEMU
	This provides an implementation of the virDomainOpenConsole
	API with the QEMU driver. For the streams code, this reuses
	most of the code previously added for the tunnelled migration
	streams since it is generic.

	* src/qemu/qemu_driver.c: Support virDomainOpenConsole

	Add a generic internal API for handling any FD based stream
	To avoid the need for duplicating implementations of virStream
	drivers, provide a generic implementation that can handle any
	FD based stream. This code is copied from the existing impl
	in the QEMU driver, with the locking moved into the stream
	impl, and addition of a read callback

	The FD stream code will refuse to operate on regular files or
	block devices, since those can't report EAGAIN properly when
	they would block on I/O

	* include/libvirt/virterror.h, include/libvirt/virterror.h: Add
	  VIR_FROM_STREAM error domain
	* src/qemu/qemu_driver.c: Remove code obsoleted by the new
	  generic streams driver.
	* src/fdstream.h, src/fdstream.c, src/fdstream.c,
	  src/libvirt_private.syms: Generic reusable FD based streams

	Lower logging level in remote driver streams
	Now that bi-directional, non-blocking streams are supported
	in the remote driver, some of the VIR_WARN statements need
	to be reduced to VIR_DEBUG.

	* src/remote/remote_driver.c: Lower logging level

	Remote driver client and server for virDomainOpenConsole
	This provides an implementation of the virDomainOpenConsole
	API for the remote driver client and server.

	* daemon/remote.c: Server side impl
	* src/remote/remote_driver.c: Client impl
	* src/remote/remote_protocol.x: Wire definition

	Introduce a virDomainOpenConsole API
	To enable virsh console (or equivalent) to be used remotely
	it is necessary to provide remote access to the /dev/pts/XXX
	pseudo-TTY associated with the console/serial/parallel device
	in the guest. The virStream API provide a bi-directional I/O
	stream capability that can be used for this purpose. This
	patch thus introduces a virDomainOpenConsole API that uses
	the stream APIs.

	* src/libvirt.c, src/libvirt_public.syms,
	  include/libvirt/libvirt.h.in, src/driver.h: Define the
	  new virDomainOpenConsole API
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c,
	  src/opennebula/one_driver.c, src/openvz/openvz_driver.c,
	  src/phyp/phyp_driver.c, src/qemu/qemu_driver.c,
	  src/remote/remote_driver.c, src/test/test_driver.c,
	  src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/xen/xen_driver.c, src/xenapi/xenapi_driver.c: Stub
	  API entry point

	Support callbacks on virStream APIs in remote driver client
	The current remote driver code for streams only supports
	blocking I/O mode. This is fine for the usage with migration
	but is a problem for more general use cases, in particular
	bi-directional streams.

	This adds supported for the stream callbacks and non-blocking
	I/O. with the minor caveat is that it doesn't actually do
	non-blocking I/O for sending stream data, only receiving it.
	A future patch will try to do non-blocking sends, but this is
	quite tricky to get right.

	* src/remote/remote_driver.c: Allow non-blocking I/O for
	  streams and support callbacks

2010-11-11  Daniel P. Berrange  <dan@berrange.com>

	Fix LXC container console device setup
	The /dev/console device inside the container must NOT map
	to the real /dev/console device node, since this allows the
	container control over the current host console. A fun side
	effect of this is that starting a container containing a
	real Fedora OS will kill off your X server.

	Remove the /dev/console node, and replace it with a symlink
	to the primary console TTY

	* src/lxc/lxc_container.c: Replace /dev/console with a
	  symlink to /dev/pty/0
	* src/lxc/lxc_controller.c: Remove /dev/console from cgroups
	  ACL

2010-11-11  Eric Blake  <eblake@redhat.com>

	virsh: supply long option for -V
	* tools/virsh.c (vshParseArgv): Use NULL instead of 0 for pointer,
	and symbolic names for has_arg.  Give --version an optional arg.
	(vshUsage): Document this.
	* tools/virsh.pod: Likewise.

2010-11-11  Cole Robinson  <crobinso@redhat.com>

	qemu: Add flag to force a CDROM eject
	QEMU allows forcing a CDROM eject even if the guest has locked the device.
	Expose this via a new UpdateDevice flag, VIR_DOMAIN_DEVICE_MODIFY_FORCE.

	This has been requested for RHEV:

	https://bugzilla.redhat.com/show_bug.cgi?id=626305

	v2: Change flag name, bool cleanups

2010-11-11  Eric Blake  <eblake@redhat.com>

	rpm: fix /var/lib/libvirt permissions
	https://bugzilla.redhat.com/show_bug.cgi?id=649511

	Regression of forcing 0700 permissions (which breaks guest startup
	because the qemu user can't see /var/lib/libvirt/*.monitor) was
	introduced in commit 66823690e, as part of libvirt 0.8.2.

	* libvirt.spec.in (%files): Drop %{_localstatedir}/lib/libvirt,
	since libvirt depends on libvirt-client.
	(%files client): Guarantee 755 permissions on
	%(_localstatedir}/lib/libvirt, since the qemu user must be able to
	do pathname resolution to a subdirectory.

2010-11-10  Daniel Veillard  <veillard@redhat.com>

	Augment bug reporting documentation
	With some instruction on how to attach useful gdb backtraces

2010-11-10  Adam Litke  <agl@us.ibm.com>

	Allow non-file disk backingStores
	I am trying to use a qcow image with libvirt where the backing 'file' is a
	qemu-nbd server.  Unfortunately virDomainDiskDefForeachPath() assumes that
	backingStore is always a real file so something like 'nbd:0:3333' is rejected
	because a file with that name cannot be accessed.  Note that I am not worried
	about directly using nbd images.  That would require a new disk type with XML
	markup, etc.  I only want it to be permitted as a backingStore

	The following patch implements danpb's suggestion:
	> I think I'm inclined to push the logic for skipping NBD one stage higher.
	> I'd rather expect virStorageFileGetMetadata() to return all backing
	> stores, even if not files. The virDomainDiskDefForeachPath() method
	> should definitely ignore non-file backing stores though.
	>
	> So what I'm thinking is to extend the virStorageFileMetadata struct and
	> just add a 'bool isFile' field to it. Default this field to true, unless
	> you see the prefix of nbd: in which case set it to false. The
	> virDomainDiskDefForeachPath() method can then skip over any backing
	> store with isFile == false

	Cc: Daniel P. Berrange <berrange@redhat.com>

2010-11-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	xencapstest: Don't fail when Xen is installed
	xencapstest calls xenHypervisorMakeCapabilitiesInternal with conn == NULL
	which calls xenDaemonNodeGetTopology with conn == NULL when a recent
	enough Xen was detected (sys_interface_version >= SYS_IFACE_MIN_VERS_NUMA).
	But xenDaemonNodeGetTopology insists in having conn != NULL and fails,
	because it expects to be able to talk to an actual xend.

	We cannot do that in a 'make check' test. Therefore, only call the xend
	subdriver function when conn isn't NULL.

	Reported by Andy Howell and Jim Fehlig.

2010-11-10  Laine Stump  <laine@laine.org>

	virsh: fix non-literal string format
	These are in the newly added -V output.

2010-11-10  Stefan Berger  <stefanb@us.ibm.com>

	bye to close(), welcome to VIR_(FORCE_)CLOSE()
	Using automated replacement with sed and editing I have now replaced all
	occurrences of close() with VIR_(FORCE_)CLOSE() except for one, of
	course. Some replacements were straight forward, others I needed to pay
	attention. I hope I payed attention in all the right places... Please
	have a look. This should have at least solved one more double-close
	error.

2010-11-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix syntax-check error in domain.rng
	Replace tab with spaces.

	esx: Add support for memtune/min_guarantee
	Also add a test case for the VMX handling of it.

2010-11-09  Jiri Denemark  <jdenemar@redhat.com>

	schema: Move timer element inside clock
	Both conf/domain_conf.c and domain XML documentation have <timer>
	elements inside /domain/clock. Change domain.rng schema to be consistent
	with them.

2010-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Misc test case fixes for SPICE
	* docs/schemas/domain.rng: Fix merge error which left SPICE channel
	  elements under VNC schema.
	* tests/qemuhelptest.c: Add SPICE flag to kvm-83 test
	* tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml: Add
	  <memballoon> element

2010-11-09  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Add .xml suffix to tmp files used in *edit commands
	This helps editors with detecting the temporary files as XML since the
	temporary files do not contain <?xml ...?> declaration.

	Requested by https://bugzilla.redhat.com/show_bug.cgi?id=602277

2010-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Support SPICE channel security options
	This extends the SPICE XML to allow channel security options

	    <graphics type='spice' port='-1' tlsPort='-1' autoport='yes'>
	      <channel name='main' mode='secure'/>
	      <channel name='record' mode='insecure'/>
	    </graphics>

	Any non-specified channel uses the default, which allows both
	secure & insecure usage

	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/libvirt_private.syms: Add XML syntax for specifying per
	  channel security options for spice.
	* src/qemu/qemu_conf.c: Configure channel security with spice

	Support multiple QXL video cards
	QEMU crashes & burns if you try multiple Cirrus video cards, but
	QXL copes fine. Adapt QEMU config code to allow multiple QXL
	video cards

	* src/qemu/qemu_conf.c: Support multiple QXL video cards

	Define XML syntax for password expiry
	This extends the XML syntax for <graphics> to allow a password
	expiry time to be set

	eg

	  <graphics type='vnc' port='5900' autoport='yes' keymap='en-us' passwd='12345' passwdValidTo='2010-04-09T15:51:00'/>

	The timestamp is in UTC.

	* src/conf/domain_conf.h: Pull passwd out into separate struct
	  virDomainGraphicsAuthDef to allow sharing between VNC & SPICE
	* src/conf/domain_conf.c: Add parsing/formatting of new passwdValidTo
	  argument
	* src/opennebula/one_conf.c, src/qemu/qemu_conf.c, src/qemu/qemu_driver.c,
	  src/xen/xend_internal.c, src/xen/xm_internal.c: Update for changed
	  struct containing VNC password

	Add SPICE support for QEMU driver configuration file
	In common with VNC, the QEMU driver configuration file is used
	specify the host level TLS certificate location and a default
	password / listen address

	* src/qemu/qemu.conf: Add spice_listen, spice_tls,
	  spice_tls_x509_cert_dir & spice_password config params
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Parsing of
	  spice config parameters and updating -spice arg generation
	  to use them
	* tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-rhel6.args,
	  tests/qemuxml2argvtest.c: Expand test case to cover driver
	  level configuration

	Support automatic port number allocation for SPICE
	* src/qemu/qemu_driver.c: Allocate the TCP ports for SPICE
	  before starting guest

	Implement QEMU/KVM support for SPICE graphics
	This supports the -spice argument posted for review against
	the latest upstream QEMU/KVM. This supports the bare minimum
	config with port, TLS port & listen address. The x509 bits are
	added in a later patch.

	* src/qemu_conf.c, src/qemu_conf.h: Add SPICE flag. Check for
	  -spice availability. Format -spice arg for command line
	* qemuhelptest.c: Add SPICE flag
	* qemuxml2argvdata/qemuxml2argv-graphics-spice.args: Add <graphics>
	  for spice
	* qemuxml2argvdata/qemuxml2argv-graphics-spice.xml: Add -spice arg
	* qemuxml2argvtest.c: Add SPICE flag

	Implement QEMU/KVM QXL video card support in QEMU driver
	This supports the '-vga qxl' parameter in upstream QEMU/KVM
	which has SPICE support added. This isn't particularly useful
	until you get the next patch for -spice support. Also note that
	while the libvirt XML supports multiple video devices, this
	patch only supports a single one. A later patch can add support
	for 2nd, 3rd, etc PCI devices for QXL

	* src/qemu/qemu_conf.h: Flag for QXL support
	* src/qemu/qemu_conf.c: Probe for '-vga qxl' support and implement it
	* tests/qemuxml2argvtest.c, tests/qemuxml2xmltest.c,
	  tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.args,
	  tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml: Test
	  case for generating spice args with RHEL6 kvm

	Add a <graphics> type for SPICE protocol
	This adds an element

	 <graphics type='spice' port='5903' tlsPort='5904' autoport='yes' listen='127.0.0.1'/>

	This is the bare minimum that should be exposed in the guest
	config for SPICE. Other parameters are better handled as per
	host level configuration tunables

	* docs/schemas/domain.rng: Define the SPICE <graphics> schema
	* src/domain_conf.h, src/domain_conf.c: Add parsing and formatting
	  for SPICE graphics config
	* src/qemu_conf.c: Complain about unsupported graphics types

	Add a QXL graphics card type to domain XML schema
	* src/qemu_conf.c: Add dummy entry in enumeration
	* docs/schemas/domain.rng: Add 'qxl' as a type for the <video> tag
	* src/domain_conf.c, src/domain_conf.h: Add QXL to video type
	  enumerations

2010-11-09  Daniel Veillard  <veillard@redhat.com>

	Show compiled in options in virsh -V
	  To ease debugging this trivial patch allows to find what was compiled
	in in the local version of libvirt, this doesn't work for remote access
	but that's probably sufficient. With the patch I get on my machine:

	paphio:~/libvirt/tools -> ./virsh -V
	Virsh command line tool of libvirt 0.8.4
	See web site at http://libvirt.org/

	Compiled with support for:
	 Hypervisors: Xen QEmu/KVM UML OpenVZ LXC ESX PHYP Test
	 Networking: Remote Daemon Network Bridging Netcf Nwfilter
	 Storage: Dir Disk Filesystem SCSI Multipath iSCSI LVM
	 Miscellaneous: SELinux Secrets Debug Readline
	paphio:~/libvirt/tools ->

	* tools/virsh.c: add -V option
	* tools/virsh.pod: document the extension

2010-11-09  Jiri Denemark  <jdenemar@redhat.com>

	maint: Commit .gitignore sorting done by bootstrap

	qemu: Fix non-literal format string

2010-11-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	xen-proxy: Remove it entirely and use libvirtd instead
	Suggested by danpb, as it's not up-to-date anymore and
	lacks many functions that were added to libvirtd.

	lxc: Exit on first error in lxcDomainGetMemoryParameters
	There is no point in trying to fill params beyond the first error,
	because when lxcDomainGetMemoryParameters returns -1 then the caller
	cannot detect which values in params are valid.

	Allow virDomainGetMemoryParameters on read-only connections
	Also fix a typo in the documentation of the function.

2010-11-08  Justin Clift  <jclift@redhat.com>

	virsh: fix incorrect help text mentioning non-existent network 'id'

2010-11-08  Daniel Veillard  <veillard@redhat.com>

	Add a new test for sysinfo and smbios handling

	Add sysinfo/smbios support to the QEmu driver
	The patch is based on the possiblity in the QEmu command line to
	add -smbios options allowing to override the default values picked
	by QEmu. We need to detect this first from QEmu help output.
	If the domain is defined with smbios to be inherited from host
	then we pass the values coming from the Host own SMBIOS, but
	if the domain is defined with smbios to come from sysinfo, we
	use the ones coming from the domain definition.

	* src/qemu/qemu_conf.h: add the QEMUD_CMD_FLAG_SMBIOS_TYPE enum
	  value
	* src/qemu/qemu_conf.c: scan the help output for the smbios support,
	  and if available add support based on the domain definitions,
	  and host data
	* tests/qemuhelptest.c: add the new enum in the outputs

	Read the host sysinfo for the QEmu driver
	Read and store the data when initializing the driver.

	Add a sysinfo util module and read host info API
	Move existing routines about virSysinfoDef to an util module,
	add a new entry point virSysinfoRead() to read the host values
	with dmidecode

	* src/conf/domain_conf.c src/conf/domain_conf.h src/util/sysinfo.c
	  src/util/sysinfo.h: move to a new module, add virSysinfoRead()
	* src/Makefile.am: handle the new module build
	* src/libvirt_private.syms: new internal symbols
	* include/libvirt/virterror.h src/util/virterror.c: defined a new
	  error code for that module
	* po/POTFILES.in: add new file for translations

	Add smbios element to schema and configuration to HVM os
	the element has a mode attribute allowing only 3 values:
	  - emulate: use the smbios emulation from the hypervisor
	  - host: try to use the smbios values from the node
	  - sysinfo: grab the values from the <sysinfo> fields

	* docs/schemas/domain.rng: extend the schemas
	* src/conf/domain_conf.h: add the flag to the domain config
	* src/conf/domain_conf.h: parse and serialize the smbios if present

	Sysinfo parsing and saving to/from configuration files
	* src/conf/domain_conf.h: defines a new internal type added to the
	  domain structure
	* src/conf/domain_conf.c: parsing and serialization of that new type

	Sysinfo extension to relax-ng schemas
	Currently includes a subset of the SMBIOS strings set

2010-11-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Remove redundant slash in save directory path

2010-11-06  Chris Lalancette  <clalance@redhat.com>

	Implement virsh qemu-monitor-command.
	Now that the virsh parsing has been revamped, we can
	implement qemu-monitor-command.  This is basically the same
	as it was in previous iterations, but has now been tested to
	work both with the plain text monitor and the QMP monitor.

2010-11-05  Daniel P. Berrange  <dan@berrange.com>

	Fix off-by-1 in todo page generator
	The todo.pl script had an off-by-1 which meant any category
	with only a single bug would not appear

	* docs/todo.pl: Fix off-by-1

2010-11-03  Stefan Berger  <stefanb@us.ibm.com>

	macvtap: libvirtd forgot macvtap dev name when restarted
	During a shutdown/restart cycle libvirtd forgot the macvtap device name that it had created on behalf of a VM so that a stale macvtap device remained on the host when the VM terminated. Libvirtd has to actively tear down a macvtap device and it uses its name for identifying which device to tear down.

	The solution is to not blank out the <target dev='...'/> completely, but only blank it out on VMs that are not active. So, if a VM is active, the device name makes it into the XML and is also being parsed. If a VM is not active, the device name is discarded.

2010-11-03  Osier Yang  <jyang@redhat.com>

	tests: fix daemon-conf testing failure
	libvirtd.conf uses "libvirt" as the value of "unix_sock_group",
	however, group "libvirt" may not exist on the system, in this case
	the case will always fail.

	As a solution, replace "libvirt" with "$USER" in "tmp.conf".

2010-11-03  Daniel Veillard  <veillard@redhat.com>

	Fix virPipeReadUntilEOF on more than 1024 bytes of data
	virPipeReadUntilEOF is used to read the stdout of exec'ed
	and this could fail to capture the full output and read only
	1024 bytes.
	  The problem is that this is based on a poll loop, and in the
	loop we read at most 1024 bytes per file descriptor, but we also
	note in the loop if poll indicates that the process won't output
	more than that on that fd by setting finished[i] = 1.
	  The simplest way is that if we read a full buffer make sure
	finished[i] is still 0 because we will need another pass in the
	loop.

2010-11-03  Eric Blake  <eblake@redhat.com>

	virterror: supply missing spaces
	* src/util/virterror.c (virErrorDomainName): Always supply
	trailing space if category was present.

	xen: work with xen 4.0.1 headers
	* src/xen/xen_driver.h (includes): Include main xen headers
	here...
	* src/xen/xs_internal.c (includes): ...rather than in just one of
	the sub-drivers.

2010-11-03  Jim Fehlig  <jfehlig@novell.com>

	Fix build with polkit 0
	Commit e8066d53 broke the build with polkit0:

	remote.c: In function 'remoteDispatchAuthPolkit':
	remote.c:4177: error: 'rv' undeclared (first use in this function)

	Add missing identifier.

2010-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Change calling conventions in remote driver client internals
	The remoteIO() method has wierd calling conventions, where
	it is passed a pre-allocated 'struct remote_call *' but
	then free()s it itself, instead of letting the caller free().
	This fixes those weird semantics

	* src/remote/remote_driver.c: Sanitize semantics of remoteIO
	  method wrt to memory release

	Fix comment for <video> tag in domain RNG schema
	The comment for the <video> tag was a cut+paste error duplicating
	info about the <graphics> tag

	* docs/schemas/domain.rng: Fix comment for <video> tag

	Misc error handling fixes in text mode monitor commands
	A couple of places in the text monitor were overwriting the
	'ret' variable with a >= 0 value before success was actually
	determined. So later error paths would not correctly return
	the -1 value. The drive_add code was not checking for errors
	like missing command

	* src/qemu/qemu_monitor_text.c: Misc error handling fixes

	Ignore open failures when relabelling disk images
	NFS in root squash mode may prevent opening disk images to
	determine backing store. Ignore errors in this scenario.

	* src/security/security_selinux.c: Ignore open failures on disk
	  images

	Treat failure to relabel stdin_path as non-fatal on NFS
	NFS does not support file labelling, so ignore this error
	for stdin_path when on NFS.

	* src/security/security_selinux.c: Ignore failures on labelling
	  stdin_path on NFS
	* src/util/storage_file.c, src/util/storage_file.h: Refine
	  virStorageFileIsSharedFS() to allow it to check for a
	  specific FS type.

	Revert commit 06f81c63ebc19cb0e51f9b397991f6d6ae56d090
	Commit 06f81c63ebc19cb0e51f9b397991f6d6ae56d090 attempted to make
	QEMU driver ignore the failure to relabel 'stdin_path' if it was
	on NFS. The actual result was that it ignores *all* failures to
	label any aspect of the VM, unless stdin_path is non-NULL and
	is not on NFS.

	* src/qemu/qemu_driver.c: Treat all relabel failures as terminal

2010-11-02  Jiri Denemark  <jdenemar@redhat.com>

	Fix several warnings about a non-literal format string
	They only popped up during --disable-nls build. Without this configure
	option, gcc wasn't able to detect them.

2010-11-02  Osier Yang  <jyang@redhat.com>

	util: Add helper function to build timestamp string
	* src/util/util.h
	* src/util/util.c
	* src/libvirt_private.syms

2010-11-02  Eric Blake  <eblake@redhat.com>

	docs: fix typo
	* docs/drvqemu.html.in (qemu): Fix typo.

	build: avoid compiler warning in xen code
	* src/xen/xend_internal.c (xenDaemonFormatSxpr): Hoist verify
	outside of function to avoid a -Wnested-externs warning.
	* src/xen/xm_internal.c (xenXMDomainConfigFormat): Likewise.
	Reported by Daniel P. Berrange.

2010-11-02  Diego Elio Pettenò  <flameeyes@gmail.com>

	misc: encode the Emacs suggstions from HACKING into a .dir-locals.el file
	With this file in place, opening any source file in libvirt will set up
	Emacs for proper indentation.

	qemu: add the USB devices to the cgroup whitelist
	Make sure that the QEmu process within the cgroup can access the device
	file for the USB device that has to be connected to the virtual domain.

2010-11-01  Eric Blake  <eblake@redhat.com>

	xen: work with ia64 MAX_VIRT_CPUS of 64
	* src/xen/xen_hypervisor.c (MAX_VIRT_CPUS): Move...
	* src/xen/xen_driver.h (MAX_VIRT_CPUS): ...so all xen code can see
	same value.
	* src/xen/xend_internal.c (sexpr_to_xend_domain_info)
	(xenDaemonDomainGetVcpusFlags, xenDaemonParseSxpr)
	(xenDaemonFormatSxpr): Work if MAX_VIRT_CPUS is 64 on a platform
	where long is 64-bits.
	* src/xen/xm_internal.c (xenXMDomainConfigParse)
	(xenXMDomainConfigFormat): Likewise.

2010-10-30  Diego Elio Pettenò  <flameeyes@gmail.com>

	build: cleanup declaration of xen tests.
	Only build statstest and reconnect if they should be used, so add them
	behind the ENABLE_XEN_TESTS conditional.

2010-10-30  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	qemu: check compression program availability of virsh save and dump

	add compression support for "virsh dump"
	Add dump_image_format[] to qemu.conf and support compressed dump
	at virsh dump. coredump compression is important for saving disk space
	in an environment where multiple guests run.

	In general, "disk space for dump" is specially allocated and will be
	a dead space in the system. It's used only at emergency. So, it's better
	to have both of save_image_format and dump_image_format. "save" is done
	in scheduled manner with enough calculated disk space for it.

	This code reuses some of save_image_format[] and supports the same format.

	Changelog:
	 - modified libvirtd_qemu.aug
	 - modified test_libvirtd_qemu.aug
	 - fixed error handling of qemudSaveCompressionTypeFromString()

2010-10-29  Lai Jiangshan  <laijs@cn.fujitsu.com>

	qemu_driver: add virCgroupMounted
	When we mount any cgroup without "-o devices", we will fail to start vms:

	error: Failed to start domain vm1
	error: Unable to deny all devices for vm1: No such file or directory

	When we mount any cgroup without "-o cpu", we will fail to get schedinfo:
	Scheduler      : posix
	error: unable to get cpu shares tunable: No such file or directory

	We should only use the cgroup controllers which are mounted on host.
	So I add virCgroupMounted() for qemuCgroupControllerActive()

2010-10-29  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.8.5
	* configure.ac libvirt.spec.in: new version
	* docs/news.html.in: update news page and improve format
	* po/*.po*: Update po again

	Updating localization and regenerating before release

2010-10-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Don't warn when the linker search path doesn't contain VBoxXPCOMC.so
	This is actually a workaround, to unbreak make check on systems
	without VirtualBox.

	vbox: Stop hardcoding a single path for VBoxXPCOMC.so
	This partly reverts df90ca7661b0a789bd790ccf8258a4527c13eb8d.

	Don't disable the VirtualBox driver when configure can't find
	VBoxXPCOMC.so, rely on detection at runtime again instead.

	Keep --with-vbox=/path/to/virtualbox intact, added to for:
	https://bugzilla.redhat.com/show_bug.cgi?id=609185

	Detection order for VBoxXPCOMC.so:

	1. VBOX_APP_HOME environment variable
	2. configure provided location
	3. hardcoded list of known locations
	4. dynamic linker search path

	Also cleanup the glue code and improve error reporting.

2010-10-29  Justin Clift  <jclift@redhat.com>

	virsh: improve the help description for managedsave and start
	Updated the descriptions for managedsave and start in virsh and
	the virsh man page, and also for managedsave-remove in the virsh
	man page.

2010-10-29  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	audit: printf warning fix
	fix warning
	  CC     libvirt_util_la-virtaudit.lo
	cc1: warnings being treated as errors
	util/virtaudit.c: In function 'virAuditEncode':
	util/virtaudit.c:146: error: implicit declaration of function 'virAsprintf' [-Wimplicit-function-declaration]
	util/virtaudit.c:146: error: nested extern declaration of 'virAsprintf' [-Wnested-externs]

2010-10-28  Stefan Berger  <stefanb@us.ibm.com>

	eliminate possibility of a double-closed file descriptor
	The 2nd and 3rd hunk show the only double-closed file descriptor code part that I found while trying to clean up close(). The first hunk seems a harmless cleanup in that same file.

2010-10-28  Eric Blake  <eblake@redhat.com>

	qemu: check for vm after starting a job
	https://bugzilla.redhat.com/show_bug.cgi?id=638285 - when migrating
	a guest, it was very easy to provoke a race where an application
	could query block information on a VM that had just been migrated
	away.  Any time qemu code obtains a job lock, it must also check
	that the VM was not taken down in the time where it was waiting
	for the lock.

	* src/qemu/qemu_driver.c (qemudDomainSetMemory)
	(qemudDomainGetInfo, qemuDomainGetBlockInfo): Check that vm still
	exists after obtaining job lock, before starting monitor action.

2010-10-28  Laine Stump  <laine@laine.org>

	Only attempt removal of the rule allowing tftp if it was added
	During virtual network startup, the iptables rule that allows tftp
	traffic is only added if network->def->tftproot is non-empty, but when
	the virtual network is destroyed, we had been unconditionally trying
	to delete the rule. This was harmless, except that it created a bogus
	error message.

	This patch conditionalizes the delete command in the same manner that
	the insert command is already conditionalized.

2010-10-28  Justin Clift  <jclift@redhat.com>

	docs: updated the C# bindings page with arnauds latest changes

	docs: update ruby bindings maintainer to chris lalancette

2010-10-28  Eric Blake  <eblake@redhat.com>

	build: use shorter file names for 'make dist'
	* docs/api_extension/{0013,0014}*.patch: Rename to shorter files.
	* docs/api_extension.html.in: Reflect rename.

2010-10-28  Justin Clift  <jclift@redhat.com>

	docs: reworded and reordered the bindings page, plus minor tweaks
	Reordered the bindings into alphabetical order, added a link to
	the php-libvirt source on Github, plus gave the direct package
	names needed for Python usage on RHEL/Fedora, and Ubuntu.

2010-10-28  Matthias Bolte  <matthias.bolte@googlemail.com>

	mingw: Add body for virFork and remove double virDriverLoadModule export
	Commit 9bd3cce0d2d54e6ab893bb8137218b83d9294714 added virFork and
	virDriverLoadModule to libvirt_private.syms, but virFork didn't have
	a body on Win32 and virDriverLoadModule was already correctly
	exported conditional via libvirt_driver_modules.syms.

2010-10-28  Daniel P. Berrange  <berrange@redhat.com>

	Add disk/net resource auditing to QEMU driver
	Add auditing of all initial disk/net assignments to QEMU guests
	at startup. Add auditing for all hotplug & unplug events and
	disk media changes.

	* src/qemu/qemu_driver.c: Add disk/net resource auditing

	Add auditing of security label in QEMU driver
	Add auditing of the allocated security label in the QEMU driver
	VM startup code

	* src/qemu/qemu_driver.c: Audit security label

	Add auditing of start/stop events to the QEMU driver
	Add audit hooks to report all start and stop events on QEMU
	guest domains.

	* src/qemu/qemu_driver.c: Audit start/stop events

	Add printf format attribute annotation to virAuditSend method
	* src/util/virtaudit.h: Add printf format attribute annotation

	Add audit helper for escaping log message strings
	Add a helper API for ecscaping the value in audit log
	messages

	* src/util/virtaudit.h, src/util/virtaudit.c,
	  src/libvirt_private.syms: Add virAuditEncode

	Remove audit hooks from the selinux security driver code
	This reverts commit b8e2de8899594edcd78b3a7cb1b39b89bbed2891
	The hooks will be re-added in the QEMU driver itself.

	* src/security/security_selinux.c: Remove audit hooks

	Remove all auditing hooks from libvirtd dispatch code
	Revert most of commit a8b5f9bd27d65c2ced064b9267ca31dee7ad9c86.
	The audit hooks will be re-added directly in the QEMU driver code
	in a future commit

	* daemon/remote.c: Remove all audit logging hooks
	* src/qemu/qemu_driver.c: Remove all audit logging hooks

2010-10-27  Philipp Hahn  <hahn@univention.de>

	Fix xen API documentation
	*src/xen/xend_internal.c: fix a couple of comments in function descriptions

2010-10-27  Justin Clift  <jclift@redhat.com>

	docs: added a table of contents to the first 11 docs files
	There are a 58 docs files, so adding an autogenerated Table Of
	Contents to them all will take some time.  This is the first
	piece of the work done.

	docs: reformated the bindings page html markup to match other pages

2010-10-27  Eric Blake  <eblake@redhat.com>

	virsh: use - not _ in memtune option names
	* tools/virsh.c (opts_memtune): All other options in virsh use -
	for separating words.

	build: fix shell detection bug
	A missing shell was noisy, and the use of command to decipher a
	shell's absolute path requires "" rather than ''.

	* configure.ac (lv_cv_wrapper_shell): Fix logic errors if candidate
	shell is not available.
	* .gitignore: Ignore file created when /bin/sh is old dash.
	Reported by Matthias Bolte.

	maint: fix syntax-check failure of previous patch
	* cfg.mk (sc_prohibit_trailing_blank_lines): Delete; this is
	adequately covered by maint.mk's sc_prohibit_empty_lines_at_EOF.
	* .x-sc_prohibit_empty_lines_at_EOF: New file, to exempt raw
	patches.
	* Makefile.am (EXTRA_DIST): Include new exemption.

	docs: revamp api_extension example, using vcpu patch series
	* docs/api_extension/*: Replace example files.
	* docs/api_extension.html.in: Rewrite to match new example files.

2010-10-27  Diego Elio Pettenò  <flameeyes@gmail.com>

	qemu: don't use %.3d format for bus/addr of USB devices
	When using 0-prefixed numbers, QEmu will interpret them as octal numbers
	(as C convention says); this means that if you attach a device that has
	addr > 10 (decimal) you're going to attach a different device.

2010-10-26  Eric Blake  <eblake@redhat.com>

	virsh: fix range of memtune command
	* tools/virsh.c (cmdMemtune): Use long long for memory
	sizes. Simplify allocation, and plug memory leak.

	virsh: improve help text where integers are expected
	* tools/virsh.c (opts_freecell, opts_memtune, opts_vcpupin)
	(opts_setvcpus, opts_setmaxmem, opts_setmem)
	(opts_migrate_setmaxdowntime): Use VSH_OT_INT when only an integer
	is expected.
	(vshCmddefHelp, vshCmddefGetData): Allow mandatory VSH_OT_INT
	arguments.

	qemu: work around dash 0.5.5 bug in managed save
	Older dash mistakenly truncates regular files when using <> redirection;
	this kills our use of double dd to reduce storage overhead when
	saving qemu images.  But qemu insists on running a command through
	/bin/sh, so we work around it by having qemu run $sh -c 'real command'
	when we have a replacement $sh in mind.

	* configure.ac (VIR_WRAPPER_SHELL): Define to a replacement shell,
	if /bin/sh is broken on <> redirection.
	* src/qemu/qemu_monitor.h (VIR_WRAPPER_SHELL_PREFIX)
	(VIR_WRAPPER_SHELL_SUFFIX): New macros.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextMigrateToFile): Use
	them.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONMigrateToFile):
	Likewise.

2010-10-26  Justin Clift  <jclift@redhat.com>

	docs: make the location of the xml catalog file a configure option
	The default location for the XML catalog file, /etc/xml/catalog,
	used when validating the generated html docs, isn't correct for
	MacOS X.

	This commit adds an option to the configure script, allowing the
	default to be overridden:

	  --with-xml-catalog-file=/path/to/xml/catalog/file

2010-10-26  Daniel P. Berrange  <berrange@redhat.com>

	Avoid squashing errors during network startup cleanup path
	When failing to start a virtual network, we have to cleanup,
	tearing down any iptables rules. If the iptables rules were
	not present yet though, this raises an error, which squashes
	the original error we were handling.

	* src/network/bridge_driver.c: When failing to start a virtual
	  network, don't squash the original error in cleanup

2010-10-26  Justin Clift  <jclift@redhat.com>

	docs: install the generated html files when make install is run
	Previously, only the API docs were installed, rather than the
	complete documentation set.  This commit ensures the complete
	documentation set is installed.

2010-10-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix build for SystemTap 1.0
	With SystemTap 1.0 a part of the generated macros in probes.h
	expands to:

	volatile __typeof__(((name))) arg2 = (name);

	GCC reports an 'invalid initialize' error when name has type
	char[]. Therfore, add casts to char* to avoid this.

2010-10-26  Jiri Denemark  <jdenemar@redhat.com>

	xen: Fix domain dump
	Remove redundant 'live' parameter which caused an error from xend:

	    "xend.err 'Too many values for live'"

2010-10-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix formatting of network address in iptables helpers
	The network address was being set to 192.168.122.0 instead
	of 192.168.122.0/24. Fix this by removing the unneccessary
	'network' field from virNetworkDef and just pass the
	network address and netmask into the iptables APIs directly.

	* src/conf/network_conf.h, src/conf/network_conf.c: Remove
	  the 'network' field from virNEtworkDef.
	* src/network/bridge_driver.c: Update for iptables API changes
	* src/util/iptables.c, src/util/iptables.h: Require the
	  network address + netmask pair to be passed in

2010-10-26  Osier Yang  <jyang@redhat.com>

	virsh: Add option 'model' for attach-interface
	* tools/virsh.c: add missing option from the CLI to allows setting
	  up the NIC model type when attaching an interface
	* tools/virsh.pod: extend documentation
	* AUTHORS: add Osier Yang to the list

2010-10-26  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix detection of drive readonly option
	So far, readonly=on option is used when qemu supports -device. However,
	there are qemu versions which support readonly option with -drive
	although they don't have support for -device.

2010-10-26  Philipp Hahn  <hahn@univention.de>

	Fix documentation for virEventAddTimeout()
	* src/util/event.h: Fix copy&paste error from virEventAddHandle()

2010-10-26  Eric Blake  <eblake@redhat.com>

	maint: ignore new test executable
	* tests/.gitignore: Sort, and add sockettest.

2010-10-23  Justin Clift  <jclift@redhat.com>

	daemon: updates previous 1 line patch for correctness
	The previous commit, 880da47a05b9fb8381e79b03ead5dd2d8a6a937a,
	worked on my system, but wasn't actually correct.  This follow
	up patch corrects it properly.

	daemon: exclude requirement for probes.h on systems without systemtap
	This 1-liner was actually written by Eric Blake, over IRC. It
	addresses a compilation failure in make dist and make rpm for
	systems without the dtrace/systemtap development libraries
	installed.

2010-10-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add documentation about certificates and connection problems

2010-10-23  Jiri Denemark  <jdenemar@redhat.com>

	tests: Silence qemuxml2argv test

2010-10-23  Eric Blake  <eblake@redhat.com>

	dnsmasq: avoid potential crash
	* src/util/dnsmasq.c (hostsfileAdd): Don't free uninitialized
	memory on allocation failure.

2010-10-22  Justin Clift  <jclift@redhat.com>

	docs: added a table of contents to the new c sharp bindings page

	docs: removed old changelog file, as it is no longer relevant
	We instead point to the live git log URL for the few links still
	needing to point to something.

2010-10-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Fix compile errors due to the virSocketAddr series

2010-10-22  Daniel P. Berrange  <berrange@redhat.com>

	Don't try to parse a NULL ip address for boot server
	The boot server IP address is optional, so it needs to be
	checked before attempting to parse it.

	* src/conf/network_conf.c: Don't parse NULL ip address for
	  boot server

	Convert virNetwork to use virSocketAddr everywhere
	Instead of storing the IP address string in virNetwork related
	structs, store the parsed virSocketAddr. This will make it
	easier to add IPv6 support in the future, by letting driver
	code directly check what address family is present

	* src/conf/network_conf.c, src/conf/network_conf.h,
	  src/network/bridge_driver.c: Convert to use virSocketAddr
	  in virNetwork, instead of char *.
	* src/util/bridge.c, src/util/bridge.h,
	  src/util/dnsmasq.c, src/util/dnsmasq.h,
	  src/util/iptables.c, src/util/iptables.h: Convert to
	  take a virSocketAddr instead of char * for any IP
	  address parameters
	* src/util/network.h: Add macros to determine if an address
	  is set, and what address family is set.

	Include socket address in client probe data
	It is useful to know where the client is connecting from,
	so include the socket address in probe data.

	* daemon/libvirtd.h: Use virSocketAddr for storing client
	  address and keep printable address handy for logging
	* daemon/libvirtd.c: Include socket address in client
	  connect/disconnect probes
	* daemon/probes.d: Add socket address to probes
	* examples/systemtap/client.stp: Print socket address
	* src/util/network.h: Add sockaddr_un to virSocketAddr union

	Add dtrace static probes in libvirtd
	Adds initial support for dtrace static probes in libvirtd
	daemon, assuming use of systemtap dtrace compat shim on
	Linux. The probes are inserted for network client connect,
	disconnect, TLS handshake states and authentication protocol
	states.

	This can be tested by running the xample program and then
	attempting to connect with any libvirt client (virsh,
	virt-manager, etc).

	 # stap examples/systemtap/client.stp
	  Client fd=44 connected readonly=0
	  Client fd=44 auth polkit deny pid:24997,uid:500
	  Client fd=44 disconnected
	  Client fd=46 connected readonly=1
	  Client fd=46 auth sasl allow test
	  Client fd=46 disconnected

	The libvirtd.stp file should also really not be required,
	since it is duplicated info that is already available in
	the main probes.d definition file. A script to autogenerate
	the .stp file is needed, either in libvirtd tree, or better
	as part of systemtap itself.

	* Makefile.am: Add examples/systemtap subdir
	* autobuild.sh: Disable dtrace for mingw32
	* configure.ac: Add check for dtrace
	* daemon/.gitignore: Ignore generated dtrace probe file
	* daemon/Makefile.am: Build dtrace probe header & object
	  files
	* daemon/libvirtd.stp: SystemTAP convenience probeset
	* daemon/libvirtd.c: Add connect/disconnect & TLS probes
	* daemon/remote.c: Add SASL and PolicyKit auth probes
	* daemon/probes.d: Master probe definition
	* daemon/libvirtd.h: Add convenience macro for probes
	  so that compilation is a no-op when dtrace is not available
	* examples/systemtap/Makefile.am, examples/systemtap/client.stp
	  Example systemtap script using dtrace probe markers
	* libvirt.spec.in: Enable dtrace on F13/RHEL6
	* mingw32-libvirt.spec.in: Force disable dtrace

	Add test suite for virSocket APIs
	Add a test suite for check parsing, formatting, range calculation
	and netmask checking APIs in virSocketAddr.

	* tests/sockettest.c, tests/Makefile.am: Add new test case

	Ban use of all inet_* functions
	All the inet_* functions can be replaced with calls to the
	virSocket APIs. Since many of the inet_* funtions are unsafe,
	and the remainder are obsolete, forbid all future use of them
	in libvirt.

	* Makefile.nonreentrant: Ban use of inet_*

	Remove all use of inet_pton and inet_ntop
	The  inet_pton and inet_ntop functions are obsolete, replaced
	by getaddrinfo+getnameinfo with the AI_NUMERICHOST flag set.
	These can be accessed via the virSocket APIs.

	The bridge.c code had methods for fetching the IP address of
	a bridge which used inet_ntop. Aside from the use of inet_ntop
	these methods are broken, because a NIC can have multiple
	addresses and this only returns one address. Since the methods
	are never used, just remove them.

	* src/conf/network_conf.c, src/nwfilter/nwfilter_learnipaddr.c:
	  Replace inet_pton and inet_ntop with virSocket APIs
	* src/util/bridge.c, src/util/bridge.h: Remove unused methods
	  which called inet_ntop.

	Remove both addrToString methods
	The addrToString functionality is now available via the
	virSocketFormatAddrFull method.

	* daemon/remote.c, src/remote/remote_driver.c: Remove
	  addrToString methods

	Fix error reporting for virSocketParse
	The virSocketParse method was not doing any error reporting
	which meant the true cause of the problem was lost. Remove
	all error reporting from callers, and push it into virSocketParse

	* src/util/network.c: Add error reporting to virSocketParse
	* src/conf/domain_conf.c, src/conf/network_conf.c,
	  src/network/bridge_driver.c: Remove error reporting in
	  callers of virSocketParse

	Expand virSocketFormat to be more flexible
	The getnameinfo() function is more flexible than inet_ntop()
	avoiding the need to if/else the code based on socket family.
	Also make it support UNIX socket addrs and allow inclusion
	of a port (service) address. Finally do proper error reporting
	via normal APIs.

	* src/conf/domain_conf.c, src/nwfilter/nwfilter_ebiptables_driver.c,
	  src/qemu/qemu_conf.c: Fix error handling with virSocketFormat
	* src/util/network.c: Rewrite virSocketFormat to use getnameinfo
	  and cope with UNIX socket addrs.

	Remove pointless nwIPAddress struct & void *casts
	The nwIPAddress was simply a wrapper about virSocketAddr.
	Just use the latter directly, removing all the extra field
	de-references from code & helper APIs for parsing/formatting.

	Also remove all the redundant casts from strong types to
	void * and then immediately back to strong types.

	* src/conf/nwfilter_conf.h: Remove nwIPAddress
	* src/conf/nwfilter_conf.c, src/nwfilter/nwfilter_ebiptables_driver.c:
	  Update to use virSocketAddr and remove void * casts.

	Fix netmask checks for IPv6 in virSocketCheckNetmask
	There was a typo in the IPv6 path of virSocketCheckNetmask which
	caused it to never execute.

	* src/util/network.c: s/AF_INET/AF_INET6/ in virSocketCheckNetmask

	Fix passing of address family to virSocketParseAddr
	The virSocketParseAddr function was accepting any AF_* constant
	and using that to set the ai_flags field in struct addrinfo.
	This is invalid, since address families must go in the ai_family
	field of the struct.

	* src/util/network.c: Fix handling of address family
	* src/conf/network_conf.c, src/network/bridge_driver.c: Pass
	  AF_UNSPEC instead of relying on it being 0.

	Include length with virSocketAddr data
	Some operations on socket addresses need to know the length of
	the sockaddr struct for the particular address family. This
	info was being discarded when passing around virSocketAddr
	instances. Turn it from a union into a struct containing
	union+socklen_t fields, so length is always kept around.

	* src/util/network.h: Add socklen_t field to virSocketAddr
	* src/util/network.c, src/network/bridge_driver.c,
	  src/conf/domain_conf.c: Update to take account of new
	  struct definition.

	Remove useless code in error path of getnameinfo()
	If getnameinfo() with NI_NUMERICHOST set fails, there are no
	grounds to expect inet_ntop to succeed, since these calls
	are functionally equivalent. Remove useless inet_ntop code
	in the getnameinfo() error path.

	* daemon/remote.c, src/remote/remote_driver.c: Remove
	  calls to inet_ntop

2010-10-21  Eric Blake  <eblake@redhat.com>

	maint: sort private sym lists
	* src/libvirt_private.syms: Sort by header name, then within
	header, and drop duplicate virNetworkDefParseNode,
	virFileLinkPointsTo and virXPathBoolean.

2010-10-21  Daniel P. Berrange  <berrange@redhat.com>

	Enable JSON and netdev features in QEMU >= 0.13
	The QEMU 0.13 release is finally out and from testing in RHEL-6
	we know that its JSON and netdev features are now good enough
	for us to use by default.

	* src/qemu/qemu_conf.c: Enable JSON + netdev for QEMU >= 0.13

2010-10-21  Eric Blake  <eblake@redhat.com>

	audit: simplify declaration
	* src/util/virtaudit.c (virAuditSend): one less ifdef, since gcc
	does not care if an ATTRIBUTE_UNUSED var gets used in some paths.

2010-10-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Exit on first error in qemuDomainGetMemoryParameters
	There is no point in trying to fill params beyond the first error,
	because when qemuDomainGetMemoryParameters returns -1 then the caller
	cannot detect which values in params are valid.

	virsh: Don't read nparams when virDomainGetMemoryParameters fails
	Also exit early when nparams is 0.

	Rename VIR_DOMAIN_SWAP_HARD_LIMIT to VIR_DOMAIN_MEMORY_SWAP_HARD_LIMIT
	To get them under the common VIR_DOMAIN_MEMORY_* prefix.

	Fix formatting of the memtune XML element
	Also output the min_guarantee element when set.

2010-10-20  Jiri Denemark  <jdenemar@redhat.com>

	Fix make check on RHEL-5
	The test for <vcpu> element is unrelated to vnc so the easiest fix is to
	remove related configuration.

2010-10-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	Don't let daemon-conf test fail when auditing is disabled

2010-10-20  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	Update comments for the memory tunables macros
	* include/libvirt/libvirt.h.in: Update comment with actual description

2010-10-20  Daniel Veillard  <veillard@redhat.com>

	Add John Morrissey to AUTHORS

2010-10-20  John Morrissey  <jwm@horde.net>

	Add process= support for 'qemu-kvm -name'
	This sets the process name to the same value as the Windows title,
	but since the name is limited to 16 chars only this is kept as a
	configuration option and turned off by default
	* src/qemu/qemu.conf src/qemu/qemu_conf.[ch]: hceck for support in the
	  QEmu help output, add the option in qemu conf file and augment
	  qemudBuildCommandLine to add it if switched on
	* src/qemu/libvirtd_qemu.aug src/qemu/test_libvirtd_qemu.aug: augment
	  the augeas lenses accordingly
	* tests/qemuhelptest.c: cope with the extra flag being detected now

2010-10-20  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: avoid dir. enforcement for certain types of rules
	 Avoid the enforcement of direction if
	- icmp rules specify the type/code information
	- the 'skipMatch' variable is set to 'true'

2010-10-20  Justin Clift  <jclift@redhat.com>

	docs: added initial page for c# binding, with links to it
	Adds a new page for the C# language bindings being developed by Arnaud
	Champion.

2010-10-20  Guido Günther  <agx@sigxcpu.org>

	Don't fail lxc domain start when memory controller support is missing
	Debian stock kernel has CONFIG_CGROUP_MEM_RES_CTLR disabled due to the
	overhead [1]. Allow to start containers if the corresponding files in
	the cgroup filesystem are missing. This fixes Debian bug #566180 [2].

	[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534964
	[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566180

2010-10-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix compile errors in remote.c and newly added audit code

2010-10-20  Daniel P. Berrange  <berrange@redhat.com>

	Fix symbol exports & remove duplicated libvirt_util.la linkage
	The libvirt_util.la library was mistakenly linked into libvirtd
	directly. Since libvirt_util.la is already linked to libvirt.so,
	this resulted in libvirtd getting two copies of the code and
	more critically 2 copies of static global variables.

	Testing in turn exposed a issue with loadable modules. The
	gnulib replacement functions are not exported to loadable
	modules. Rather than trying to figure out the name sof all
	gnulib functions & export them, just linkage all loadable
	modules against libgnu.la statically.

	* daemon/Makefile.am: Remove linkage of libvirt_util.la
	  and libvirt_driver.la
	* src/Makefile.am: Link driver modules against libgnu.la
	* src/libvirt.c: Don't try to load modules which were
	  compiled out
	* src/libvirt_private.syms: Export all other internal
	  symbols that are required  by drivers

2010-10-20  Miloslav Trmač  <mitr@redhat.com>

	Audit SELinux label assignment.
	A more natural auditing point would perhaps be
	SELinuxSetSecurityProcessLabel, but this happens in the child after root
	permissions are dropped, so the kernel would refuse the audit record.

	Audit VM start/stop/suspend/resume
	Most operations are audited at the libvirtd level; auditing in
	src/libvirt.c would result in two audit entries per operation (one in
	the client, one in libvirtd).

	The only exception is a domain stopping of its own will (e.g. because
	the user clicks on "shutdown" inside the interface).  There can often be
	no client connected at the time the domain stops, so libvirtd does not
	have any virConnectPtr object on which to attach an event watch.  This
	patch therefore adds auditing directly inside the qemu driver (other
	drivers are not supported).

2010-10-20  Daniel P. Berrange  <berrange@redhat.com>

	Basic framework for auditing integration
	Integrate with libaudit.so for auditing of important operations.
	libvirtd gains a couple of config entries for auditing. By
	default it will enable auditing, if its enabled on the host.
	It can be configured to force exit if auditing is disabled
	on the host. It will can also send audit messages via libvirt
	internal logging API

	Places requiring audit reporting can use the VIR_AUDIT
	macro to report data. This is a no-op unless auditing is
	enabled

	* autobuild.sh, mingw32-libvirt.spec.in: Disable audit
	  on mingw
	* configure.ac: Add check for libaudit
	* daemon/libvirtd.aug, daemon/libvirtd.conf,
	  daemon/test_libvirtd.aug, daemon/libvirtd.c: Add config
	  options to enable auditing
	* include/libvirt/virterror.h, src/util/virterror.c: Add
	  VIR_FROM_AUDIT source
	* libvirt.spec.in: Enable audit
	* src/util/virtaudit.h, src/util/virtaudit.c: Simple internal
	  API for auditing messages

	Fix statstest when driver modules are enabled
	The statstest is xen specific. Instead of filling the code with
	a huge number of #ifdef WITH_XEN, just make its entire compilation
	conditional in the Makefile.am. Also ensure it links to the Xen
	driver so that it builds when driver modules are enabled

	* tests/Makefile.am: Make statstest xen conditional. Link to
	  xen driver
	* tests/Makefile.am: Remove all conditionals

2010-10-20  Eric Blake  <eblake@redhat.com>

	virsh: consolidate memtune docs
	* tools/virsh.pod (memtune): Drop second copy, fill to 80 columns,
	enhance wording.

	vcpu: remove dead xen code
	* src/xen/xen_driver.h (xenUnifiedDriver): Remove now-unused
	domainGetMaxVcpus, domainSetVcpus.
	* src/xen/proxy_internal.c (xenProxyDriver): Likewise.
	* src/xen/xen_hypervisor.c (xenHypervisorDriver): Likewise.
	* src/xen/xen_inotify.c (xenInotifyDriver): Likewise.
	* src/xen/xend_internal.c (xenDaemonDriver)
	(xenDaemonDomainSetVcpus): Likewise.
	* src/xen/xm_internal.c (xenXMDriver, xenXMDomainSetVcpus):
	Likewise.
	* src/xen/xs_internal.c (xenStoreDriver): Likewise.

	vcpu: improve support for setting xen vcpu counts
	Tested with RHEL 5.6 (xendConfigVersion 2, where xend_internal
	controls live domains and xm_internal controls inactive domains).
	Hopefully this works with xendConfigVersion 3 (where xend_internal
	controls everything).

	* src/xen/xen_driver.c (xenUnifiedDomainSetVcpusFlags): Support
	more flags.
	(xenUnifiedGetMaxVcpus): Export.
	* src/xen/xm_internal.h (xenXMDomainSetVcpusFlags): New prototype.
	* src/xen/xend_internal.h (xenDaemonDomainSetVcpusFlags): Likewise.
	* src/xen/xen_driver.h (xenUnifiedGetMaxVcpus): Likewise.
	* src/xen/xm_internal.c (xenXMDomainSetVcpusFlags): New function.
	* src/xen/xend_internal.c (xenDaemonDomainSetVcpusFlags): Likewise.

	vcpu: improve support for getting xen vcpu counts
	* src/xen/xen_driver.c (xenUnifiedDomainGetVcpusFlags): Support
	more flags.
	* src/xen/xend_internal.h (xenDaemonDomainGetVcpusFlags): New
	prototype.
	* src/xen/xm_internal.h (xenXMDomainGetVcpusFlags): Likewise.
	* src/xen/xend_internal.c (virDomainGetVcpusFlags): New function.
	* src/xen/xm_internal.c (xenXMDomainGetVcpusFlags): Likewise.

	vcpu: improve vcpu support in xen command line
	This patch series focuses on xendConfigVersion 2 (xm_internal) and 3
	(xend_internal), but leaves out changes for xenapi drivers.

	See this link for more details about vcpu_avail for xm usage.
	http://lists.xensource.com/archives/html/xen-devel/2009-11/msg01061.html

	This relies on the fact that def->maxvcpus can be at most 32 with xen.

	* src/xen/xend_internal.c (xenDaemonParseSxpr)
	(sexpr_to_xend_domain_info, xenDaemonFormatSxpr): Use vcpu_avail
	when current vcpus is less than maximum.
	* src/xen/xm_internal.c (xenXMDomainConfigParse)
	(xenXMDomainConfigFormat): Likewise.
	* tests/xml2sexprdata/xml2sexpr-pv-vcpus.sexpr: New file.
	* tests/sexpr2xmldata/sexpr2xml-pv-vcpus.sexpr: Likewise.
	* tests/sexpr2xmldata/sexpr2xml-pv-vcpus.xml: Likewise.
	* tests/xmconfigdata/test-paravirt-vcpu.cfg: Likewise.
	* tests/xmconfigdata/test-paravirt-vcpu.xml: Likewise.
	* tests/xml2sexprtest.c (mymain): New test.
	* tests/sexpr2xmltest.c (mymain): Likewise.
	* tests/xmconfigtest.c (mymain): Likewise.

	vcpu: complete vcpu support in qemu driver
	* src/qemu/qemu_driver.c (qemudDomainSetVcpusFlags)
	(qemudDomainGetVcpusFlags): Support all feasible flag
	combinations.

	vcpu: improve vcpu support in qemu command line
	* src/qemu/qemu_conf.c (qemuParseCommandLineSmp): Distinguish
	between vcpus and maxvcpus, for new enough qemu.
	* tests/qemuargv2xmltest.c (mymain): Add new test.
	* tests/qemuxml2argvtest.c (mymain): Likewise.
	* tests/qemuxml2xmltest.c (mymain): Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-smp.args: New file.

	vcpu: support all flags in test driver
	* src/test/test_driver.c (testDomainGetVcpusFlags)
	(testDomainSetVcpusFlags): Support all flags.
	(testDomainUpdateVCPUs): Update cpu count here.

	vcpu: add virsh support
	* tools/virsh.c (cmdSetvcpus): Add new flags.  Let invalid
	commands through to driver, to ease testing of hypervisor argument
	validation.
	(cmdMaxvcpus, cmdVcpucount): New commands.
	(commands): Add new commands.
	* tools/virsh.pod (setvcpus, vcpucount, maxvcpus): Document new
	behavior.

	vcpu: support maxvcpu in domain_conf
	Although this patch adds a distinction between maximum vcpus and
	current vcpus in the XML, the values should be identical for all
	drivers at this point.  Only in subsequent per-driver patches will
	a distinction be made.

	In general, virDomainGetInfo should prefer the current vcpus.

	* src/conf/domain_conf.h (_virDomainDef): Adjust vcpus to unsigned
	short, to match virDomainGetInfo limit.  Add maxvcpus member.
	* src/conf/domain_conf.c (virDomainDefParseXML)
	(virDomainDefFormat): parse and print out vcpu details.
	* src/xen/xend_internal.c (xenDaemonParseSxpr)
	(xenDaemonFormatSxpr): Manage both vcpu numbers, and require them
	to be equal for now.
	* src/xen/xm_internal.c (xenXMDomainConfigParse)
	(xenXMDomainConfigFormat): Likewise.
	* src/phyp/phyp_driver.c (phypDomainDumpXML): Likewise.
	* src/openvz/openvz_conf.c (openvzLoadDomains): Likewise.
	* src/openvz/openvz_driver.c (openvzDomainDefineXML)
	(openvzDomainCreateXML, openvzDomainSetVcpusInternal): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainDumpXML, vboxDomainDefineXML):
	Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainDumpXML): Likewise.
	* src/xenapi/xenapi_utils.c (createVMRecordFromXml): Likewise.
	* src/esx/esx_vmx.c (esxVMX_ParseConfig, esxVMX_FormatConfig):
	Likewise.
	* src/qemu/qemu_conf.c (qemuBuildSmpArgStr)
	(qemuParseCommandLineSmp, qemuParseCommandLine): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainHotplugVcpus): Likewise.
	* src/opennebula/one_conf.c (xmlOneTemplate): Likewise.

	vcpu: make old API trivially wrap to new API
	Note - this wrapping is completely mechanical; the old API will
	function identically, since the new API validates that the exact
	same flags are provided by the old API.  On a per-driver basis,
	it may make sense to have the old API pass a different set of flags,
	but that should be done in the per-driver patch that implements
	the full range of flag support in the new API.

	* src/esx/esx_driver.c (esxDomainSetVcpus, escDomainGetMaxVpcus):
	Move guts...
	(esxDomainSetVcpusFlags, esxDomainGetVcpusFlags): ...to new
	functions.
	(esxDriver): Trivially support the new API.
	* src/openvz/openvz_driver.c (openvzDomainSetVcpus)
	(openvzDomainSetVcpusFlags, openvzDomainGetMaxVcpus)
	(openvzDomainGetVcpusFlags, openvzDriver): Likewise.
	* src/phyp/phyp_driver.c (phypDomainSetCPU)
	(phypDomainSetVcpusFlags, phypGetLparCPUMAX)
	(phypDomainGetVcpusFlags, phypDriver): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainSetVcpus)
	(qemudDomainSetVcpusFlags, qemudDomainGetMaxVcpus)
	(qemudDomainGetVcpusFlags, qemuDriver): Likewise.
	* src/test/test_driver.c (testSetVcpus, testDomainSetVcpusFlags)
	(testDomainGetMaxVcpus, testDomainGetVcpusFlags, testDriver):
	Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainSetVcpus)
	(vboxDomainSetVcpusFlags, virDomainGetMaxVcpus)
	(virDomainGetVcpusFlags, virDriver): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainSetVcpus)
	(xenUnifiedDomainSetVcpusFlags, xenUnifiedDomainGetMaxVcpus)
	(xenUnifiedDomainGetVcpusFlags, xenUnifiedDriver): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainSetVcpus)
	(xenapiDomainSetVcpusFlags, xenapiDomainGetMaxVcpus)
	(xenapiDomainGetVcpusFlags, xenapiDriver): Likewise.
	(xenapiError): New helper macro.

	vcpu: implement the remote protocol
	Done by editing the first three files, then running
	'make -C src rpcgen', then editing src/remote_protocol-structs
	to match.

	* daemon/remote.c (remoteDispatchDomainSetVcpusFlags)
	(remoteDispatchDomainGetVcpusFlags): New functions.
	* src/remote/remote_driver.c (remoteDomainSetVcpusFlags)
	(remoteDomainGetVcpusFlags, remote_driver): Client side
	serialization.
	* src/remote/remote_protocol.x
	(remote_domain_set_vcpus_flags_args)
	(remote_domain_get_vcpus_flags_args)
	(remote_domain_get_vcpus_flags_ret)
	(REMOTE_PROC_DOMAIN_SET_VCPUS_FLAGS)
	(REMOTE_PROC_DOMAIN_GET_VCPUS_FLAGS): Define wire format.
	* daemon/remote_dispatch_args.h: Regenerate.
	* daemon/remote_dispatch_prototypes.h: Likewise.
	* daemon/remote_dispatch_table.h: Likewise.
	* src/remote/remote_protocol.c: Likewise.
	* src/remote/remote_protocol.h: Likewise.
	* src/remote_protocol-structs: Likewise.

	vcpu: implement the public APIs
	Factors common checks (such as nonzero vcpu count) up front, but
	drivers will still need to do additional flag checks.

	* src/libvirt.c (virDomainSetVcpusFlags, virDomainGetVcpusFlags):
	New functions.
	(virDomainSetVcpus, virDomainGetMaxVcpus): Refer to new API.

	vcpu: define internal driver API
	* src/driver.h (virDrvDomainSetVcpusFlags)
	(virDrvDomainGetVcpusFlags): New typedefs.
	(_virDriver): New callback members.
	* src/esx/esx_driver.c (esxDriver): Add stub for driver.
	* src/lxc/lxc_driver.c (lxcDriver): Likewise.
	* src/opennebula/one_driver.c (oneDriver): Likewise.
	* src/openvz/openvz_driver.c (openvzDriver): Likewise.
	* src/phyp/phyp_driver.c (phypDriver): Likewise.
	* src/qemu/qemu_driver.c (qemuDriver): Likewise.
	* src/remote/remote_driver.c (remote_driver): Likewise.
	* src/test/test_driver.c (testDriver): Likewise.
	* src/uml/uml_driver.c (umlDriver): Likewise.
	* src/vbox/vbox_tmpl.c (Driver): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDriver): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDriver): Likewise.

	vcpu: add new public API
	API agreed on in
	https://www.redhat.com/archives/libvir-list/2010-September/msg00456.html,
	but modified for enum names to be consistent with virDomainDeviceModifyFlags.

	* include/libvirt/libvirt.h.in (virDomainVcpuFlags)
	(virDomainSetVcpusFlags, virDomainGetVcpusFlags): New
	declarations.
	* src/libvirt_public.syms: Export new symbols.

2010-10-19  Eric Blake  <eblake@redhat.com>

	vcpu: add current attribute to <vcpu> element
	Syntax agreed on in
	https://www.redhat.com/archives/libvir-list/2010-September/msg00476.html

	<domain ...>
	  <vcpu current='x'>y</vcpu>
	...

	can now be used to specify 1 <= x <= y current vcpus, in relation
	to the boot-time max of y vcpus.  If current is omitted, then
	current and max are assumed to be the same value.

	* docs/schemas/domain.rng: Add new attribute.
	* docs/formatdomain.html.in: Document it.
	* tests/qemuxml2argvdata/qemuxml2argv-smp.xml: Add to
	domainschematest.
	* tests/xml2sexprdata/xml2sexpr-pv-vcpus.xml: Likewise.

2010-10-19  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: changes to rules in VM->host table
	In the table built for traffic coming from the VM going to the host make the following changes:

	- don't ACCEPT the packets but do a 'RETURN' and let the host-specific firewall rules in subsequent rules evaluate whether the traffic is allowed to enter

	- use the '-m state' in the rules as everywhere else

2010-10-19  Eric Blake  <eblake@redhat.com>

	build: avoid false positive syntax-check failure
	* .x-sc_po_check: Exclude docs directory.

2010-10-19  Matthias Bolte  <matthias.bolte@googlemail.com>

	proxy: Fix undefined reference to virClose
	Add src/util/files.c to libvirt_proxy_SOURCES.

	esx: Handle non-UTF-8 encoded VMX files
	ESX(i) uses UTF-8, but a Windows based GSX server writes
	Windows-1252 encoded VMX files.

	Add a test case to ensure that libxml2 provides Windows-1252
	to UTF-8 conversion.

2010-10-19  Stefan Berger  <stefanb@us.ibm.com>

	Introduce VIR_CLOSE to be used rather than close()
	Since bugs due to double-closed file descriptors are difficult to track down in a multi-threaded system, I am introducing the VIR_CLOSE(fd) macro to help avoid mistakes here.

	There are lots of places where close() is being used. In this patch I am only cleaning up usage of close() in src/conf where the problems were.

	I also dare to declare close() as being deprecated in libvirt code base (HACKING).

2010-10-19  Dan Kenigsberg  <danken@redhat.com>

	root_squash: virFileOperation may fail with EPERM too
	Over root-squashing nfs, when virFileOperation() is called as uid==0,
	it may fail with EACCES, but also with EPERM, due to
	virFileOperationNoFork()'s failed attemp to chown a writable file.

	qemudDomainSaveFlag() should expect this case, too.

	Run initgroups() in qemudOpenAsUID()
	qemudOpenAsUID is intended to open a file with the credentials of a
	specified uid. Current implementation fails if the file is accessible to
	one of uid's groups but not owned by uid.

	This patch replaces the supplementary group list that the child process
	inherited from libvirtd with the default group list of uid.

2010-10-19  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	memtune: Add min_guarantee to the virsh memtune command
	* tools/virsh.c: Add new memory tunable "min_guarantee", currently only
	  ESX can use this
	* tools/virsh.pod: Update the manpage

	Update docs for memory parameters and memtune command
	* docs/formatdomain.html.in: Add memtune element details, added min_guarantee
	* src/libvirt.c: Update virDomainGetMemoryParameters api description, make
	  it more clear that the user first needs to call the api to get the number
	  of parameters supported and then call again to get the values.
	* tools/virsh.pod: Add usage of new command memtune in virsh manpage

2010-10-19  Dan Kenigsberg  <danken@redhat.com>

	qemu: let qemu group look below /var/lib/libvirt/qemu/
	Vdsm needs to communicate with its guest agent via unix domain socket,
	which qemu creates due to the following domain xml device:

	    <channel type='unix'>
	      <target type='virtio' name='com.redhat.rhevm.vdsm'/>
	      <source mode='bind' path='/var/lib/libvirt/qemu/channels/fcp-xp-1.com.redhat.rhevm.vdsm'/>
	    </channel>

	The location of the socket below /var/lib/libvirt/qemu/channels makes
	sense, to humans and selinux policy alike. However, that socket should
	be accessible to vdsm, too.

	Due to other (storage) reasons, vdsm is to join the "qemu" group. With
	this patch, vdsm can look below /var/lib/libvirt/qemu and connect to the
	socket.

	The socket itself should be chmod'ed to allow qemu group read/write, but
	that's for another project.

	BZ#643407

2010-10-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix check in esxDomainGetInfo's perf metric handling

2010-10-16  Eric Blake  <eblake@redhat.com>

	build: use latest gnulib, for ignore-value fix
	* .gnulib: Update to latest.

	virsh: add tests for recent cli improvements
	* tests/virshtest.c (mymain): Add tests of command parsing and
	echo command.

	virsh: new echo command
	* tools/virsh.c (cmdEcho): New command.
	(commands): Add it.
	* tools/virsh.pod (echo): Document it.

	virsh: add support for accepting arbitrary argv
	* tools/virsh.c (vshCmdOptType): Add VSH_OT_ARGV.  Delete
	unused VSH_OT_NONE.
	(vshCmddefGetData): Special case new opt flag.
	(vshCmddefHelp): Display help for argv.
	(vshCommandOptArgv): New function.

	docs: document how to disable memballoon
	https://bugzilla.redhat.com/show_bug.cgi?id=623903 documents a qemu
	bug that causes libvirt to hang if virt-manager happens to be
	querying balloon info when a guest is paused.  Until the qemu bug
	is fixed, people need to know how to avoid the issue.

	* docs/formatdomain.html.in (Memory balloon device): Mention
	model='none'.

2010-10-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Explictly declare VMX file content as UTF-8

2010-10-15  Laine Stump  <laine@laine.org>

	Fix warning about a non-literal format string in qemu_driver.c

2010-10-15  Eric Blake  <eblake@redhat.com>

	build: skip xenapi driver when building for RHEL
	https://bugzilla.redhat.com/show_bug.cgi?id=643118

	* libvirt.spec.in: Provide xenapi conditionals.

2010-10-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Handle name escaping properly
	VMware uses a mix of percent-, pipe- and base64-encoding in
	different combinations in different places.

	Add a testcase for this.

2010-10-14  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: prevent filters with different name but same UUID
	Patch to prevent multiple nwfilters with different name but same UUID.

2010-10-14  Eric Blake  <eblake@redhat.com>

	maint: add recent author
	* AUTHORS: List Harsh Prateek Bora, for 'make syntax-check'.

	build: fix accidental submodule reversion
	* .gnulib: Undo change in previous commit.

2010-10-14  Harsh Prateek Bora  <harsh@linux.vnet.ibm.com>

	new attribute accessmode to filesystem element
	This introduces new attribute to filesystem element
	to support customizable access mode for mount type.
	Valid accessmode are: passthrough, mapped and squash.

	Usage:
	        <filesystem type='mount' accessmode='passthrough'>
	          <source dir='/export/to/guest'/>
	          <target dir='mount_tag'/>
	        </filesystem>

	passthrough is the default model if not specified, that's
	also the current behaviour.

2010-10-14  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: cut off connections after changing filters
	The following filter transition from a filter allowing incoming TCP connections

	  <rule action='accept' direction='in' priority='401'>
	    <tcp/>
	  </rule>
	  <rule action='accept' direction='out' priority='500'>
	    <tcp/>
	  </rule>

	to one that does not allow them

	  <rule action='drop' direction='in' priority='401'>
	    <tcp/>
	  </rule>
	  <rule action='accept' direction='out' priority='500'>
	    <tcp/>
	  </rule>

	did previously not cut off existing (ssh) connections but only prevented newly initiated ones. The attached patch allows to cut off existing connections as well, thus enforcing what the filter is showing.

	I had only tested with a configuration where the physical interface is connected to the bridge where the filters are applied. This patch now also solves a filtering problem where the physical interface is not connected to the bridge, but the bridge is given an IP address and the host routes between bridge and physical interface. Here the filters drop non-allowed traffic on the outgoing side on the host.

2010-10-14  Eric Blake  <eblake@redhat.com>

	build: provide URL in 'configure --help'
	* configure.ac (AC_INIT): Provide email and URL.

	build: fix mingw build
	* .gnulib: Update to latest, for termios fix.
	* configure.ac (AC_CHECK_HEADERS): Drop redundent check.
	* bootstrap: Synchronize from upstream.
	Reported by Daniel P. Berrange.

2010-10-14  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Prohibit migration of guests with host devices
	Explicitly raising a nice error in the case user tries to migrate a
	guest with assigned host devices is much better than waiting for a
	mysterious error with no clue for the reason.

	tests: Honor LIBVIRT_{DEBUG,LOG_*} variables

	tests: Do not override LIBVIRT_DEBUG variable

	cpu: Use vendor in baseline CPU only if all hosts use it
	When only some host CPUs given to cpuBaseline contain <vendor> element,
	baseline CPU should not contain it. Otherwise the result would not be
	compatible with the host CPUs without vendor. CPU vendors are still
	taken into account when computing baseline CPU, it's just removed from
	the result.

	cpu: Fix vendor for recent CPU models
	Recent CPU models were specified using invalid vendor element
	<vendor>NAME</vendor>, which was silently ignored due to a bug in the
	code which was parsing it.

2010-10-14  Stefan Berger  <stefanb@us.ibm.com>

	test: silence nwfilter test
	 This patch silences the nwfilter test case.

2010-10-14  Eric Blake  <eblake@redhat.com>

	tests: fix spurious test failure
	Failure introduced in commit 3a092f389.

	* tests/xml2sexprdata/xml2sexpr-boot-grub.sexpr: Fix typo.

	memory: fix remote protocol compilation
	'make -C src rpcgen' is supposed to be idempotent.  But commit
	f928f43b7b mistakently manually edited a generated file rather
	than fixing the upstream file.

	* src/remote/remote_protocol.x (remote_memory_param_value): Use
	correct spelling of enum values.
	* src/remote/remote_protocol.c: Regenerate.

2010-10-13  Daniel P. Berrange  <berrange@redhat.com>

	Enable support for nested SVM
	This enables support for nested SVM using the regular CPU
	model/features block. If the CPU model or features include
	'svm', then the '-enable-nesting' flag will be added to the
	QEMU command line. Latest out of tree patches for nested
	'vmx', no longer require the '-enable-nesting' flag. They
	instead just look at the cpu features. Several of the models
	already include svm support, but QEMU was just masking out
	the svm bit silently. So this will enable SVM on such
	models

	* src/qemu/qemu_conf.h: flag for -enable-nesting
	* src/qemu/qemu_conf.c: Use -enable-nesting if VMX or SVM are in
	  the CPUID
	* src/cpu/cpu.h, src/cpu/cpu.c: API to check for a named feature
	* src/cpu/cpu_x86.c: x86 impl of feature check
	* src/libvirt_private.syms: Add cpuHasFeature
	* src/qemuhelptest.c: Add nesting flag where required

	Improve error reporting in test suites
	Before running each test case clear the thread local error
	indicator. After running each test case, dispatch any error
	that was reported

	* tests/testutils.c: Fix error reporting in test suites

	Update todo list file to point at bugzilla/website
	The TODO list changes frequently so cannot be well maintained
	under GIT. Update the TODO file to point people at bugzilla
	and the libvirt website

	* TODO: Point at bugzilla/website

	Fix Xen SEXPR generation to properly quote strings containing ()
	* src/xen/sexpr.c: Ensure () are escaped in sexpr2string
	* tests/sexpr2xmldata/sexpr2xml-boot-grub.sexpr,
	  tests/sexpr2xmldata/sexpr2xml-boot-grub.xml,
	  tests/xml2sexprdata/xml2sexpr-boot-grub.sexpr,
	  tests/xml2sexprdata/xml2sexpr-boot-grub.xml: Data files to
	  check escaping
	* tests/sexpr2xmltest.c, tests/xml2sexprtest.c: Add boot-grub
	  escaping test case

2010-10-13  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: resolve deadlock between VM ops and filter update
	 This is from a bug report and conversation on IRC where Soren reported that while a filter update is occurring on one or more VMs (due to a rule having been edited for example), a deadlock can occur when a VM referencing a filter is started.

	The problem is caused by the two locking sequences of

	qemu driver, qemu domain, filter             # for the VM start operation
	filter, qemu_driver, qemu_domain            # for the filter update operation

	that obviously don't lock in the same order. The problem is the 2nd lock sequence. Here the qemu_driver lock is being grabbed in qemu_driver:qemudVMFilterRebuild()

	The following solution is based on the idea of trying to re-arrange the 2nd sequence of locks as follows:

	qemu_driver, filter, qemu_driver, qemu_domain

	and making the qemu driver recursively lockable so that a second lock can occur, this would then lead to the following net-locking sequence

	qemu_driver, filter, qemu_domain

	where the 2nd qemu_driver lock has been ( logically ) eliminated.

	The 2nd part of the idea is that the sequence of locks (filter, qemu_domain) and (qemu_domain, filter) becomes interchangeable if all code paths where filter AND qemu_domain are locked have a preceding qemu_domain lock that basically blocks their concurrent execution

	So, the following code paths exist towards qemu_driver:qemudVMFilterRebuild where we now want to put a qemu_driver lock in front of the filter lock.

	-> nwfilterUndefine()   [ locks the filter ]
	    -> virNWFilterTestUnassignDef()
	        -> virNWFilterTriggerVMFilterRebuild()
	            -> qemudVMFilterRebuild()

	-> nwfilterDefine()
	    -> virNWFilterPoolAssignDef() [ locks the filter ]
	        -> virNWFilterTriggerVMFilterRebuild()
	            -> qemudVMFilterRebuild()

	-> nwfilterDriverReload()
	    -> virNWFilterPoolLoadAllConfigs()
	        ->virNWFilterPoolObjLoad()
	            -> virNWFilterPoolAssignDef() [ locks the filter ]
	                -> virNWFilterTriggerVMFilterRebuild()
	                    -> qemudVMFilterRebuild()

	-> nwfilterDriverStartup()
	    -> virNWFilterPoolLoadAllConfigs()
	        ->virNWFilterPoolObjLoad()
	            -> virNWFilterPoolAssignDef() [ locks the filter ]
	                -> virNWFilterTriggerVMFilterRebuild()
	                    -> qemudVMFilterRebuild()

	Qemu is not the only driver using the nwfilter driver, but also the UML driver calls into it. Therefore qemuVMFilterRebuild() can be exchanged with umlVMFilterRebuild() along with the driver lock of qemu_driver that can now be a uml_driver. Further, since UML and Qemu domains can be running on the same machine, the triggering of a rebuild of the filter can touch both types of drivers and their domains.

	In the patch below I am now extending each nwfilter callback driver with functions for locking and unlocking the (VM) driver (UML, QEMU) and introduce new functions for locking all registered callback drivers and unlocking them. Then I am distributing the lock-all-cbdrivers/unlock-all-cbdrivers call into the above call paths. The last shown callpath starting with nwfilterDriverStart() is problematic since it is initialize before the Qemu and UML drives are and thus a lock in the path would result in a NULL pointer attempted to be locked -- the call to virNWFilterTriggerVMFilterRebuild() is never called, so we never lock either the qemu_driver or the uml_driver in that path. Therefore, only the first 3 paths now receive calls to lock and unlock all callback drivers. Now that the locks are distributed where it matters I can remove the qemu_driver and uml_driver lock from qemudVMFilterRebuild() and umlVMFilterRebuild() and not requiring the recursive locks.

	For now I want to put this out as an RFC patch. I have tested it by 'stretching' the critical section after the define/undefine functions each lock the filter so I can (easily) concurrently execute another VM operation (suspend,start). That code is in this patch and if you want you can de-activate it. It seems to work ok and operations are being blocked while the update is being done.
	I still also want to verify the other assumption above that locking filter and qemu_domain always has a preceding qemu_driver lock.

2010-10-13  Eric Blake  <eblake@redhat.com>

	virsh: update comment about parsing
	* tools/virsh.c: Update comments to match patch series.

	virsh: move code into topological order
	* tools/virsh.c (vshCommandParse): Float up, to avoid the need for
	a forward declaration.

	virsh: simplify top-level option parsing
	This makes 'virsh --conn test:///default help help' work right;
	previously, the abbreviation confused our hand-rolled option parsing.

	* tools/virsh.c (vshParseArgv): Use getopt_long feature, rather
	than (incorrectly) reparsing options ourselves.

2010-10-13  Lai Jiangshan  <laijs@cn.fujitsu.com>

	virsh: add -- support
	"--" means no option at the following arguments.

	virsh: support single quote
	Some users may type command like this at the virsh shell:
	virsh # somecmd 'some arg'

	because they often use single quote in linux shell.

	virsh: add escaper \ for command string parsing
	add escaper \ for command string parsing, example:

	virsh # cd /path/which/have/a/double\"quote

2010-10-13  Eric Blake  <eblake@redhat.com>

	virsh: document options in man page
	* tools/virsh.pod: Document top-level options.

2010-10-13  Lai Jiangshan  <laijs@cn.fujitsu.com>

	virsh: rework command parsing
	Old virsh command parsing mashes all the args back into a string and
	miss the quotes, this patches fix it. It is also needed for introducing
	qemu-monitor-command which is very useful.

	This patches uses the new vshCommandParser abstraction and adds
	vshCommandArgvParse() for arguments vector, so we don't need
	to mash arguments vector into a command sting.

	And the usage was changed:
	old:
	virsh [options] [commands]

	new:
	virsh [options]... [<command_string>]
	virsh [options]... <command> [args...]

	So we still support commands like:
	"define D.xml; dumpxml D" was parsed as a commands-string.

	and support commands like:
	we will not mash them into a string, we use new argv parser for it.

	But we don't support the command like:
	"define D.xml; dumpxml" was parsed as a command-name, but we have no such command-name.

	virsh: add vshCommandParser abstraction
	add vshCommandParser and make vshCommandParse() accept different
	parsers.

	the current code for parse command string is integrated as
	vshCommandStringParse().

	virsh: better handling the boolean option
	in old code the following commands are equivalent:
	     virsh # dumpxml --update-cpu=vm1
	     virsh # dumpxml --update-cpu vm1
	because the old code split the option argument into 2 parts:
	--update-cpu=vm1 is split into update-cpu and vm1,
	and update-cpu is a boolean option, so the parser takes vm1 as another
	argument, very strange.

	after this patch applied, the first one will become illegal.

	To achieve this, we don't parse/check options when parsing command sting,
	but check options when parsing a command argument. And the argument is
	not split when parsing command sting.

	virsh: allow zero length arguments
	the following command is allowed at shell, we also make it allowed at virsh shell.

2010-10-13  Eric Blake  <eblake@redhat.com>

	virsh: poison raw allocation routines
	* tools/virsh.c (malloc, calloc, realloc, strdup): Enforce that
	within this file, we use the safe vsh wrappers instead.
	(cmdNodeListDevices, cmdSnapshotCreate, main): Fix violations of
	this policy.

2010-10-13  Lai Jiangshan  <laijs@cn.fujitsu.com>

	virsh: better support double quote
	In origin code, double quote is only allowed at the begin or end
	"complicated argument"
	--some_opt="complicated string"  (we split this argument into 2 parts,
	option and data, the data is "complicated string").

	This patch makes it allow double quote at any position of
	an argument:
	complicated" argument"
	complicated" "argument
	--"some opt=complicated string"

	This patch is also needed for the following patches,
	the following patches will not split option argument into 2 parts,
	so we have to allow double quote at any position of an argument.

2010-10-13  Guido Günther  <agx@sigxcpu.org>

	Don't fail on missing D-Bus
	We don't fail when we can't contact HAL so we shouldn't fail if we can't
	contact D-Bus either.

2010-10-13  Daniel Veillard  <veillard@redhat.com>

	Fixes for documentation extraction
	* include/libvirt/libvirt.h.in: some of the function type description
	  were broken so they could not be automatically documented
	* src/util/event.c docs/apibuild.py: event.c exports one public API
	  so it needs to be scanned too, avoid a few warnings

2010-10-13  Daniel P. Berrange  <berrange@redhat.com>

	Implement support for virtio plan9fs filesystem passthrough in QEMU
	Make use of the existing <filesystem> element to support plan9fs
	filesystem passthrough in the QEMU driver

	    <filesystem type='mount'>
	      <source dir='/export/to/guest'/>
	      <target dir='/import/from/host'/>
	    </filesystem>

	NB, the target is not actually a directory, it is merely a arbitrary
	string tag that is exported to the guest as a hint for where to mount
	it.

	Add todo.pl and config example to EXTRA_DIST
	* docs/Makefile.am: Add todo.pl and todo.cfg-example to EXTRA_DIST

2010-10-13  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix several minor problems introduced by the memtune series
	Add proper documentation to the new VIR_DOMAIN_MEMORY_* macros in
	libvirt.h.in to placate apibuild.py.

	Mark args as unused in for libvirt_virDomain{Get,Set}MemoryParameters
	in the Python bindings and add both to the libvirtMethods array.

	Update remote_protocol-structs to placate make syntax-check.

	Undo unintended modifications in vboxDomainGetInfo.

	Update the function table of the VirtualBox and XenAPI drivers.

2010-10-13  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	Remote protocol implementation of virDomainSet/GetMemoryParameters

	Adding memtune command to virsh tool
	The command helps to control the memory/swap parameters for the system, for
	eg. hard_limit (max memory the vm can use), soft_limit (limit during memory
	contention), swap_hard_limit(max swap the vm can use)

2010-10-13  Daniel Veillard  <veillard@redhat.com>

	Avoid checking against strncpy in virsh.c
	since the replacement function virStrcpy is not available

2010-10-13  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	Implement domainGetMemoryParamters for LXC
	Driver interface for getting memory parameters, eg. hard_limit,
	soft_limit and swap_hard_limit.

	Implement domainSetMemoryParamters for LXC
	Add support in the lxc driver for various memory controllable parameters

	Adding memtunables to libvirt-lxc command
	libvirt-lxc now configures the hardlimit, softlimit and swaplimit, if
	specified in the domain xml file or picks up the defaults.

	Adding memtunables to qemuSetupCgroup
	QEmu startup will pick up the memory tunables specified in the domain
	configuration file

	Implement domainGetMemoryParamters for QEmu
	Driver interface for getting memory parameters, eg. hard_limit,
	soft_limit and swap_hard_limit based on cgroup support

	Implement domainSetMemoryParamters for QEmu
	Driver interface for setting memory hard_limit, soft_limit and swap
	hard_limit based on cgroup support

	Implement cgroup memory controller tunables
	Provides interfaces for setting/getting memory tunables like hard_limit,
	soft_limit and swap_hard_limit

	XML parsing for memory tunables
	Adding parsing code for memory tunables in the domain xml file
	also change the internal define structures used for domain memory
	informations
	Adds a new specific test

2010-10-13  Daniel Veillard  <veillard@redhat.com>

	Cleanup some tabs issues

2010-10-13  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	Adds xml entries for memory tunables in domain schema
	The patch adds xml entries to the domain.rng file.

	v2:
	+ Fix typo min_guarantee

	Adding virDomainSetMemoryParameters and virDomainGetMemoryParameters API
	Public api to set/get memory tunables supported by the hypervisors.

	dv:
	* some cleanups in libvirt.c
	* adding extra checks in libvirt.c new entry points

	v4:
	* Move exporting public API to this patch
	* Add unsigned int flags to the public api for future extensions

	v3:
	* Add domainGetMemoryParamters and NULL in all the driver interface

	v2:
	* Initialize domainSetMemoryParameters to NULL in all the driver
	  interface structure.

	Adding structure and defines for virDomainSet/GetMemoryParameters
	This patch adds a structure virMemoryParameter, it contains the name of
	the
	parameter and the type of the parameter along with a union.

	dv:
	+ rename enums to VIR_DOMAIN_MEMORY_PARAM_*
	+ remove some extraneous tabs

	v4:
	+ Add unsigned int flags to the public api for future extensions

	v3:
	+ Protoype for virDomainGetMemoryParameters and dummy python binding.

	v2:
	+ Includes dummy python bindings for the library to build cleanly.
	+ Define string constants like "hard_limit", etc.
	+ re-order this patch.

2010-10-12  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Remove redundant features
	Some features provided by the recently added CPU models were mentioned
	twice for each model. This was a result of automatic generation of the
	XML from qemu's CPU configuration file without noticing this redundancy.

2010-10-12  Eric Blake  <eblake@redhat.com>

	util: add missing export
	Commit 1fe2927a3 forgot to export a symbol.

	* src/libvirt_private.syms (virHexToBin): Add.
	* src/.gitignore: Ignore temporary file.

2010-10-12  Daniel P. Berrange  <berrange@redhat.com>

	Set sensible defaults for cpu match and feature policy
	To enable the CPU XML from the capabilities to be pasted directly
	into the guest XML with no editing, pick a sensible default for
	match and feature policy. The CPU match will be exact and the
	feature policy will be require. This should ensure safety for
	migration and give DWIM semantics for users

	* src/conf/cpu_conf.c: Default to exact match and require policy
	* docs/formatdomain.html.in: Document new defaults

	Add automatic generation of a todo item page
	This adds a script to generate the todo item page from
	bugzilla. This requires a valid username+password for
	bugzilla, so it is intended that this only be run on
	the libvirt.org website via cron. Normal usage will just
	generate an empty stub page.

	* docs/todo.pl: Script to extract todo items from bugzilla
	* docs/todo.cfg-example: Example config file
	* docs/sitemap.html.in: Add todo page
	* docs/Makefile.am: Generation rules for todo items

2010-10-12  Jiri Denemark  <jdenemar@redhat.com>

	xen: Fix virDomain{At,De}tachDevice
	According to API documentation virDomain{At,De}tachDevice calls are
	supposed to only work on active guests for device hotplug. For anything
	beyond that, their *Flags variants have to be used.

	Despite the variant which was acked on libvirt mailing list
	(https://www.redhat.com/archives/libvir-list/2010-January/msg00385.html)
	commit ed9c14a7ef86d7a45a6d57cbfee5410fca428633 (by Jim Fehlig)
	introduced automagic behavior of these API calls for xen driver. Since
	January, these calls always change persistent configuration of a guest
	and if the guest is currently active, they also hot(un)plug the device.

	That change didn't follow API documentation and also broke device
	hot(un)plug for older xend implementations which do not support changing
	persistent configuration of a guest and hot(un)plugging in one step.

	This patch should not break anything for active guests. On the other
	hand, changing inactive guests is not supported any more.

	xen: xenXMDomain*DeviceFlags should obey all flags
	xenXMDomain*DeviceFlags() silently ignores requests to modify live
	configuration of an active guest while still touching its persistent
	configuration.

	xen: Fix logic bug in xenDaemon*DeviceFlags

	xen: Make xenDaemon*DeviceFlags errors less confusing
	When a user calls to virDomain{Attach,Detach,Update}DeviceFlags() with
	flags == VIR_DOMAIN_DEVICE_MODIFY_LIVE on an inactive guest running on
	an old Xen hypervisor (such as RHEL-5) xend_internal driver reports:

	    Xend version does not support modifying persistent config

	which is pretty confusing since no-one requested to modify persistent
	config.

2010-10-12  Guido Günther  <agx@sigxcpu.org>

	Return a suitable error message if we can't find a matching emulator

2010-10-09  Guido Günther  <agx@sigxcpu.org>

	Pass -n to ip(6)tables
	to avoid long timeouts waiting for DNS servers

2010-10-07  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Add 2nd example to the html docs
	This patch adds another example to the nwfilter html page and provides 2 solutions for how to write a filter meeting the given requirements using newly added features.

	nwfilter: Extend docs with info about the state attribute
	I am adding a row with information about the newly supported state
	attribute to each of the tables describing supported attributes of protocols.

	nwfilter: Extend schema to accept state attribute
	Extend the nwfilter.rng schema to accept state attribute.

	nwfilter: Add test case for testing the state attribute
	This patch adds a test case for testing the XML parser's and instantiator's
	support of the state attribute. The other test case tests existing
	capabilities. Both test cases will be used in TCK again.

	nwfilter: Instantiate state match in ip(6)tables rules
	In this patch I am extending the rule instantiator to create the state
	match according to the state attribute in the XML. Only one iptables
	rule in the incoming or outgoing direction will be created for a rule
	in direction 'in' or 'out' respectively. A rule in direction 'inout' does
	get iptables rules in both directions.

	nwfilter: Extend XML parser and gen. to support state attr.
	The patch below extends the XML parser and generator so that every l3 protocol
	now can have a state attribute.

2010-10-06  Eric Blake  <eblake@redhat.com>

	build: require pkg-config for bootstrap
	* .gnulib: Update to latest, for bootstrap fixes.
	* bootstrap: Synchronize with upstream.
	* bootstrap.conf: Add pkg-config pre-requisite.
	* autogen.sh: Tweak wording message.
	Reported by Justin Clift, and with feedback from Bruno Haible.

2010-10-06  Jiri Denemark  <jdenemar@redhat.com>

	xen: Fix bogus error when attaching a device
	The xm internal xen driver only supports disk and network devices to be
	added to a guest. On an attempt to attach any other device the xm driver
	used VIR_ERR_XML_ERROR which resulted in a completely bogus error
	message:

	error: Failed to attach device from pci.xml
	error: XML description for unknown device is not well formed or invalid

2010-10-05  Justin Clift  <jclift@redhat.com>

	configure: disable network and storage-fs drivers on mac os x
	Disabling these two drivers on MacOS X, where they are known to
	not work, allows libvirt (including the daemon) to compile without
	any further changes.

2010-10-04  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: fix memory leaks
	Fixing memory leak shown by valgrind and freeing buffer in two more places.

2010-10-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add support for virtual serial device network backing
	Since version 4.1 ESX(i) can expose virtual serial devices over TCP.

	Add support in the VMX handling code for this, add test cases to cover
	it and add links to some documentation.

	ESX supports two additional protocols: TELNETS and TLS. Add them to
	the list of serial-over-TCP protocols.

2010-10-02  Eric Blake  <eblake@redhat.com>

	vcpu: improve cpuset attribute
	The <vcpu cpuset=...> attribute has been available since commit
	e193b5dd, but without documentation or RNG validation.

	* docs/schemas/domain.rng (vcpu): Further validate cpuset.
	* docs/formatdomain.html.in: Document it.
	* src/conf/domain_conf.c: Fix typos.

2010-10-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	phyp: Verify that domain XML contains at least one disk element
	phypBuildLpar expects that at least one disk element is provided.

2010-10-01  Jamie Strandboge  <jamie@canonical.com>

	virt-aa-helper-test cleanups
	Don't cat | sed, just sed.  Suggested by Eric Blake.

	implement usb and pci hot attach in AppArmor driver
	Description: Implement AppArmorSetSecurityHostdevLabel() and
	AppArmorRestoreSecurityHostdevLabel() for hostdev and pcidev attach.

	virt-aa-helper also has to be adjusted because *FileIterate() is used for pci
	and usb devices and the corresponding XML for hot attached hostdev and pcidev
	is not in the XML passed to virt-aa-helper. The new '-F filename' option is
	added to append a rule to the profile as opposed to the existing '-f
	filename', which rewrites the libvirt-<uuid>.files file anew. This new '-F'
	option will append a rule to an existing libvirt-<uuid>.files if it exists,
	otherwise it acts the same as '-f'.

	load_profile() and reload_profile() have been adjusted to add an 'append'
	argument, which when true will use '-F' instead of '-f' when executing
	virt-aa-helper.

	All existing calls to load_profile() and reload_profile() have been adjusted
	to use the old behavior (ie append==false) except AppArmorSetSavedStateLabel()
	where it made sense to use the new behavior.

	This patch also adds tests for '-F'.

	Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/640993

2010-10-01  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Add a test case for testing the comment attribute
	This patch adds a test case for testing the XML parser's and instantiator's
	support of the comment attribute.

	nwfilter: Extend docs with information about comment attr.
	I am adding a row with information about the newly supported comment
	attribute to each of the tables describing supported attributes of protocols.

	nwfilter: Extend nwfilter schema to accept comment attrib.
	Extend the nwfilter.rng schema to accept comment attributes for all protocol
	types.

	nwfilter: Instantiate comments in ip(6)tables rules
	In this patch I am extending the rule instantiator to create the comment
	node where supported, which is the case for iptables and ip6tables.

	Since commands are written in the format

	cmd='iptables ...-m comment --comment \"\" '

	certain characters ('`) in the comment need to be escaped to
	prevent comments from becoming commands themselves or cause other
	forms of (bash) substitutions. I have tested this with various input and in
	my tests the input made it straight into the comment. A test case for TCK
	will be provided separately that tests this.

	nwfilter: Extend XML parser and generator w/ comment attribute
	The patch below extends the XML parser and generator so that every protocol
	now can have a comment node. Comments are limited to 256 characters.

2010-10-01  Eric Blake  <eblake@redhat.com>

	build: fix example build on MacOS X
	Partial reversion of commit 76d87a59, now that bootstrap is smarter.

	* .gnulib: Update to latest, for poll and bootstrap fixes.
	* bootstrap: Resync from gnulib.
	* autogen.sh: Drop redundant tool checks; bootstrap does them
	better, by honoring environment variables.
	* examples/domain-events/events-c/Makefile.am (INCLUDES)
	(event_test_LDADD): Use gnulib library during build.
	* bootstrap.conf (gnulib_tool_option_extras): Revert --libtool
	addition, now that updated bootstrap does it for us.
	Reported by Justin Clift.

2010-09-29  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: Checking for NULL values when building new guest
	When creating a new gust, the function phypBuildLpar() was not
	checking for NULL values

	src/phyp/phyp_driver.c: check the definition arguments to avoid a segmentation
	  fault in phypBuildLpar()

2010-09-29  Justin Clift  <jclift@redhat.com>

	configure: tweak logic flow of virtport check
	This fixes a small logic bug, where passing --without-macvtap
	on the configure line, or otherwise indicating a lack of
	support for macvtap, causes configure to bail.

	mpath: disable devmapper-multipath checking on non-linux
	The configure script was breaking on MacOS X unless passed:

	  --without-storage-mpath

	This patch leverages Stefan Bergers earlier work for nwfilter,
	so non-linux systems don't even attempt to build multipath.

2010-09-29  Stefan Berger  <stefanb@us.ibm.com>

	Rework configure logic for virtualport support
	In this patch I am reworking the logic around detecting virtual port support and requiring the libnl dependency.

	- It requires --with-macvtap and displays an error in case of --without-macvtap --with-virtualport.
	- It tests for availability of certain data in include files and displays an error in case the include file is not at the correct level and --with-virtualport was chosen
	- displays 'checking' messages for macvtap and virtualport support and results
	- libnl support is required when macvtap is found or requested; if libnl is not there, please supply without-macvtap

2010-09-29  Justin Clift  <jclift@redhat.com>

	mac os x: use awk selected by build system rather than first in path
	Prior to this patch, the ChangeLog generation was hard coded to use
	"awk", when it should have been using the AWK variable set by our
	build system.

	This breaks compilation on a newly installed OS X system, where the
	default path has the Mac (non GNU) awk in the default search PATH
	before any installed GNU awk (gawk).

2010-09-28  Justin Clift  <jclift@redhat.com>

	nwfilter: remove recently added workaround define for macos x
	This reverses commit 04c3704, which added a define to nwfilter to
	allow libvirtd compilation on Mac OS X.  Stefan Bergers commit, 2e7294d,
	is the proper solution, removing the requirement for nwfilter on non-Linux.

	virtualbox: fix a typo in the expected location on mac os x
	Mac OS X provides an "/Applications" folder, not an "/Application" folder,
	so installed VirtualBox wasn't being detected by default.

	This 1 character patch fixes this.

2010-09-28  Dan Kenigsberg  <danken@redhat.com>

	python: drop unnecessary conn assignment
	Since 554d82a200289938d5639a782a9f12e3e2e968f0, conn is unused. Let's
	drop it - but keep the signature of the constructor for backward
	compatibility.

2010-09-28  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Don't compile nwfilter driver on other systems than Linux
	Don't compile the nwfilter driver (instantiating the rules) on other systems than Linux.

2010-09-27  Justin Clift  <jclift@redhat.com>

	nwfilter: add a missing define, so libvirtd builds on macos x
	The nwfilter code uses ETH_ALEN, which isn't defined on MacOS X.
	This is a simple workaround, to add it when missing.

2010-09-25  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: report if ip(6)tables rules would not be active
	The patch below reports a warning in the log if the generated ip(6)tables rules would not be effective due to the proc filesystem entries

	    /proc/sys/net/bridge/bridge-nf-call-iptables
	    /proc/sys/net/bridge/bridge-nf-call-ip6tables

	containing a '0'. The warning tells the user what to do. I am rate-limiting the warning message to appear only every 10 seconds.

2010-09-24  Jamie Strandboge  <jamie@canonical.com>

	app-armor: add 'rw' for appropriate devices
	Description: Check for VIR_DOMAIN_CHR_TYPE in serial ports and add 'rw' for
	defined serial ports, parallel ports and channels

	Bug-Ubuntu: LP: #578527, LP: #609055

	add extra tests to virt-aa-helper-test for new '-p' option

2010-09-24  Eric Blake  <eblake@redhat.com>

	docs: grammar cleanups on logging examples
	* docs/logging.html.in: Fix spelling and grammar.

2010-09-23  Philipp Hahn  <hahn@univention.de>

	Fix spelling of Xen in comments

2010-09-23  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	* .gnulib: Update to latest.
	* bootstrap.conf (gnulib_modules): Add new termios module.
	(gnulib_tool_option_extras): Make libtool usage explicit.
	* src/util/util.c (includes): Gnulib now guarantees termios.h.
	* bootstrap: Resync from gnulib.

2010-09-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Allow '-' in VMX entry names
	Add a test for this.

	Reported by Frank Dirks.

2010-09-23  Chris Wright  <chrisw@redhat.com>

	pciFindStubDriver should return NULL on error
	pciFindStubDriver currently returns 0 in one of the error cases.
	While it's correct...NULL is more readable.

2010-09-23  Jiri Denemark  <jdenemar@redhat.com>

	libvirt-guests: start late and stop early
	libvirt-guests init script should be started as late as possible during
	host startup and stopped as early as possible during host shutdown to
	make sure required services are already/still up and running at the time
	libvirt-guests runs.

2010-09-23  Daniel P. Berrange  <berrange@redhat.com>

	Make SASL work over UNIX domain sockets
	The addrToString methods were not coping with UNIX domain sockets
	which have no normal host+port address. Hardcode special handling
	for these so that SASL routines can work over UNIX sockets. Also
	fix up SSF logic in remote client so that it presumes that a UNIX
	socket is secure

	* daemon/remote.c: Fix addrToString for UNIX sockets.
	* src/remote/remote_driver.c: Fix addrToString for UNIX sockets
	  and fix SSF logic to work for TLS + UNIX sockets in the same
	  manner

	Refactor some daemon code to facilitate introduction of static probes
	Refactor some daemon code to facilitate the introductioin of static
	probes, sanitizing function exit paths in many places

	* daemon/libvirtd.c: Pass the dname string into remoteCheckDN
	  to let caller deal with failure paths. Add separate exit paths
	  to remoteCheckCertificate for auth failure vs denial. Merge
	  all exit paths in qemudDispatchServer to one cleanup block
	* daemon/remote.c: Add separate exit paths to SASL & PolicyKit
	  functions for auth failure vs denial

2010-09-22  Eric Blake  <eblake@redhat.com>

	nodeinfo: work when hot-plugging is disabled
	Fixes https://bugzilla.redhat.com/show_bug.cgi?id=635857.

	* src/nodeinfo.c (cpu_online): Allow missing directory for all
	CPUs, not just cpu0.

2010-09-22  Stefan Berger  <stefanb@us.ibm.com>

	This patch fixes a bug appearing on big endian machines where the returned XML is not the one that is expected (see test/nwfilterxml2xmltest). The problem is due to for example the casting of pointers to unsigned integers to void * and then back to 16 bit integers.

2010-09-17  Eric Blake  <eblake@redhat.com>

	tests: silence qemuargv2xmltest noise
	Before this patch, the testsuite was noisy:

	TEST: qemuargv2xmltest
	      ........................................ 40
	      ................20:41:28.046: warning : qemuParseCommandLine:6565 : unknown QEMU argument '-unknown', adding to the qemu namespace
	20:41:28.046: warning : qemuParseCommandLine:6565 : unknown QEMU argument 'parameter', adding to the qemu namespace
	.                        57  OK
	PASS: qemuargv2xmltest

	It's not a real failure (which is why the test was completing
	successfully), so much as an intentional warning to the user that use
	of the qemu namespace has the potential for undefined effects that
	leaked through the default logging behavior.  After this patch series,
	all tests can access any logged data, and this particular test can
	explicitly check for the presence or absence of the warning, such that
	the test output becomes:

	TEST: qemuargv2xmltest
	      ........................................ 40
	      .................                        57  OK
	PASS: qemuargv2xmltest

	* tests/testutils.h (virtTestLogContentAndReset): New prototype.
	* tests/testutils.c (struct virtTestLogData): New struct.
	(virtTestLogOutput, virtTestLogClose, virtTestLogContentAndReset):
	New functions.
	(virtTestMain): Always capture log data emitted during tests.
	* tests/qemuargv2xmltest.c (testCompareXMLToArgvHelper, mymain):
	Use flag to mark which tests expect noisy stderr.
	(testCompareXMLToArgvFiles): Add parameter to test whether stderr
	was appropriately silent.

	tests: clean up qemuargv2xmltest
	Since commit 107a7bd06bc, the extraFlags argument was unused.

	* tests/qemuargv2xmltest.c (DO_TEST): Drop extraFlags argument.
	Adjust all callers.

2010-09-16  Justin Clift  <jclift@redhat.com>

	docs: reworked the policykit patch submitted by Patrick Dignan
	Tweaked the PolicyKit documentation improvement patch submitted
	by Patrick Dignan.

	Additionally, removed the reference to PolicyKit.conf, which is
	no longer used by PolicyKit, plus added a link to the expanded
	PolicyKit example page on the wiki.

	docs: fix the xml validity errors regarding name and id
	Got sick of seeing the "validity error : ID Objects already defined"
	errors, which this patch addresses.

2010-09-16  Eric Blake  <eblake@redhat.com>

	build: avoid non-portable IPv6 struct member, for MacOS X
	* src/util/network.c (getIPv6Addr): Manually join s6_addr bytes,
	instead of assuming s6_addr16 shorts.
	Reported by Justin Clifton; solution suggested by Bruno Haible.

2010-09-16  Justin Clift  <jclift@redhat.com>

	virsh: change wexitstatus order to allow compilation on mac osx
	This is the simple fix Daniel Veillard suggested last year:

	  http://www.redhat.com/archives/libvir-list/2009-May/msg00459.html

	libvirtd: improve the error message displayed on tls client auth failure
	This address BZ # 556599:

	  https://bugzilla.redhat.com/show_bug.cgi?id=556599

2010-09-14  Eric Blake  <eblake@redhat.com>

	maint: silence warning from libtool
	I got tired of seeing this.

	config.status: executing libtool commands
	/bin/rm: cannot remove `libtoolT': No such file or directory
	config.status: executing po-directories commands

	While I was at it, there were a couple other unused variables.

	* configure.ac (RM, MV, TAR): Drop; nothing in libvirt directly uses
	this, and assigning RM interferes with libtool.

2010-09-14  Soren Hansen  <soren@linux2go.dk>

	Rebuild network filter for UML guests on updates
	When nwfilter support was added to UML, I didn't realise the UML driver
	needed instrumentation to make updating nwfilters on the fly work. This
	patch adds this bit of glue.

2010-09-14  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Use virBuffer for generating XML
	cmdAttachInterface and cmdAttachDisk still used vshRealloc and sprintf
	for generating XML, which is hardly maintainable. Let's get rid of this
	old code.

2010-09-14  Eric Blake  <eblake@redhat.com>

	build: use portable sed expressions
	* src/Makefile.am (libvirt.def, libvirt_qemu.def): '\}' and '\t'
	are not required by POSIX.  Use '}' and literal tab instead.
	(install-data-local): Avoid sed -i.
	* tests/read-bufsiz: Likewise.
	Reported by Mitchell Hashimoto.

2010-09-14  Justin Clift  <jclift@redhat.com>

	docs: improve wording for the dev guide
	Wording tweak suggested by David Jorm, author of the libvirt App Dev Guide.

2010-09-13  Jiri Denemark  <jdenemar@redhat.com>

	tests: Fix preprocessor indentation

2010-09-10  Justin Clift  <jclift@redhat.com>

	docs: add the app dev guide
	Added a workable initial page for the libvirt Application
	Development Guide, giving the online viewable options +
	the available download ones (pdf, epub, srpm).

	Added a link to the PDF to the main Downloads page, plus
	neatened the html tags throughout the page as they
	were a bit of a mess.

	Added --enable-compile-warnings=error to the autogen line,
	as suggested by Eric Blake.

2010-09-10  Daniel Veillard  <veillard@redhat.com>

	Libvirt release 0.8.4
	update news, spec and french localizaton

2010-09-10  Cole Robinson  <crobinso@redhat.com>

	buf: Fix possible infinite loop in EscapeString, VSnprintf
	The current code will go into an infinite loop if the printf generated
	string is >= 1000, AND exactly 1 character smaller than the amount of free
	space in the buffer. When this happens, we are dropped into the loop body,
	but nothing will actually change, because count == (buf->size - buf->use - 1),
	and virBufferGrow returns unchanged if count < (buf->size - buf->use)

	Fix this by removing the '- 1' bit from 'size'. The *nprintf functions handle
	the NULL byte for us anyways, so we shouldn't need to manually accommodate
	for it.

	Here's a bug where we are actually hitting this issue:
	https://bugzilla.redhat.com/show_bug.cgi?id=602772

	v2: Eric's improvements: while -> if (), remove extra va_list variable,
	    make sure we report buffer error if snprintf fails

	v3: Add tests/virbuftest which reproduces the infinite loop before this
	    patch, works correctly after

2010-09-10  Guido Günther  <agx@sigxcpu.org>

	Fix block statistics with newer versions of Xen
	Apparently the xen block device statistics moved from
	"/sys/devices/xen-backend/vbd-%d-%d/statistics/%s"
	to
	"/sys/bus/xen-backend/devices/vbd-%d-%d/statistics/%s"

	* src/xen/block_stats.c: try the extra path in case of failure to
	  find the statistics in /sys

2010-09-10  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Option for overriding disk type in attach-disk
	Unless --driver tap|file option was given to attach-disk, virsh would
	generate <disk type='block'> XML which might be fine for Xen but not for
	other hypervisors. This patch introduces a new option --sourcetype which
	can be used to explicitly set the type of disk source. The option
	accepts either "file" or "block" types.

2010-09-10  Daniel P. Berrange  <berrange@redhat.com>

	Fix dependancies for remote generated files
	Very occasionally during a parallel make, dispatch.c would
	be compiled before the generated remote headers had been
	fully written. This would cause it to compile an empty
	union, and result in really wierd runtime bugs that are
	near impossible to diagnose.

	* daemon/Makefile.am: Fix remote build deps

	Ensure remote daemon unions are always non-zero length
	If the remote daemon args/ret unions ever become zero length
	(due to a build / Makefile bug) then bad stuff happens at
	runtime. Add a compile time assertion to check for this kind
	of problem

	* daemon/remote.h: Ensure non-zero length unions

	Fix off-by-1 in QEMU boot arg array handling
	A QEMU guest can have upto VIR_DOMAIN_BOOT_LAST boot entries
	defined. When building the QEMU arg, each entry takes a
	single byte. This means the array must be declared to be
	VIR_DOMAIN_BOOT_LAST+1 bytes in length to allow for the
	trailing null

	* src/qemu/qemu_conf.c: Fix off-by-1 boot arg array size

2010-09-10  Jiri Denemark  <jdenemar@redhat.com>

	bridge: Fix static-only DHCP configuration
	For static-only DHCP, i.e. with no <range> but at least one <host>
	element within <dhcp> element, we have to add "--dhcp-range IP,static"
	option to dnsmasq to actually enable the service. Without this option,
	dnsmasq will not respond to DHCP requests.

2010-09-10  Luiz Capitulino  <lcapitulino@redhat.com>

	qemu: qemuMonitorJSONEjectMedia(): Fix arguments' type
	QMP in QEMU 0.13 has been fixed to enforce type correctness,
	this means that boolean types must be true or false, not
	integers.

	qemu: qemuMonitorJSONMigrate(): Fix arguments' type
	QMP in QEMU 0.13 has been fixed to enforce type correctness,
	this means that boolean types must be true or false, not
	integers.

2010-09-10  Soren Hansen  <soren@linux2go.dk>

	Add nwfilter support to UML driver
	Extend user-mode-linux driver to support nwfilter.

2010-09-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	test: Don't overwrite storage volume target path and key
	Only generate target path and key when they are not defined
	in the XML config.

2010-09-09  Daniel Veillard  <veillard@redhat.com>

	Remove hack to get static binaries in DV environment

2010-09-08  Justin Clift  <jclift@redhat.com>

	Moved my name up to the primary list, as I have commit rights now.
	As recommended by Eric. :)

2010-09-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Use SessionIsActive when available
	Before this commit SessionIsActive was not used because ESX(i)
	doesn't implement it. vCenter supports SessionIsActive, so use
	it here, but keep the fall back mechanism for ESX(i) and GSX.

	esx: Fall back to path as key when QueryVirtualDiskUuid isn't available
	QueryVirtualDiskUuid is only available on an ESX(i) server. vCenter
	returns an NotImplemented fault and a GSX server is missing the
	VirtualDiskManager completely. Therefore only use QueryVirtualDiskUuid
	with an ESX(i) server and fall back to path as storage volume key for
	vCenter and GSX server.

2010-09-08  Eric Blake  <eblake@redhat.com>

	mingw: match recent changes in spec file
	* libvirt.spec.in (%file): List new installed files.
	* configure.ac (with_init_script): Assume default of none when
	cross-compiling.

2010-09-07  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix permissions of sysconfig files

2010-09-05  Daniel Veillard  <veillard@redhat.com>

	Update of localization files
	- Updated dutch, spanish and russian, regenerated the po/pot files

2010-09-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Use the VirtualDisk UUID as storage volume key
	VirtualDisks are .vmdk file based. Other files in a datastore
	like .iso or .flp files don't have a UUID attached, fall back
	to the path as key for them.

	esx: Add .vmdk storage volume creation

2010-09-04  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	OpenVZ: add ethernet interface type support
	This patch adds support for ethernet interface type to OpenVZ domains
	as stated in this previous message: http://www.redhat.com/archives/libvir-
	list/2010-July/msg00658.html

2010-09-03  Eric Blake  <eblake@redhat.com>

	build: avoid uninitialized variable warning
	* src/vbox/vbox_tmpl.c (vboxAttachDrives): Capture return value.

2010-09-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Rework datastore path parsing and handling
	Instead of splitting the path part of a datastore path into
	directory and file name, keep this in one piece. An example:

	  "[datastore] directory/file"

	was split into this before:

	  datastoreName = "datastore"
	  directoryName = "directory"
	  fileName = "file"

	Now it's split into this:

	  datastoreName = "datastore"
	  directoryName = "directory"
	  directoryAndFileName = "directory/file"

	This simplifies code using esxUtil_ParseDatastorePath, because
	directoryAndFileName is used more often than fileName. Also the
	old approach expected the datastore path to reference an actual
	file, but this isn't always correct, especially when listing
	volumes. In that case esxUtil_ParseDatastorePath is used to parse
	a path that references a directory. This fails for a vpx://
	connection because the vCenter returns directory paths with a
	trailing '/'. The new approach is robust against this and the
	actual decision if the datastore path should reference a file or
	a directory is up to the caller of esxUtil_ParseDatastorePath.

	Update the tests accordingly.

2010-09-03  Eric Blake  <eblake@redhat.com>

	vbox: factor a large function
	* src/vbox/vbox_tmpl.c (vboxDomainDefineXML): Split...
	(vboxSetBootDeviceOrder, vboxAttachDrives, vboxAttachSound)
	(vboxAttachNetwork, vboxAttachSerial, vboxAttachParallel)
	(vboxAttachVideo, vboxAttachDisplay, vboxAttachUSB): ...into new
	helper functions.

	lxc: avoid large stacks with veth creation
	* src/lxc/veth.h (vethCreate): Change prototype.
	* src/lxc/veth.c (vethCreate): Always malloc veth2, and allocate
	veth1 if needed.
	(getFreeVethName): Adjust signature, and use virAsprintf.
	* src/lxc/lxc_driver.c (lxcSetupInterfaces): Adjust caller.

2010-09-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix generator for string return values
	Distinguish between strings as parameters (const char *)
	and strings as return values (char **).

2010-09-02  Eric Blake  <eblake@redhat.com>

	openvz: use virAsprintf to avoid large stacks
	* src/openvz/openvz_conf.c (openvzLocateConfFile): Alter
	signature.
	(openvzGetVPSUUID, openvzSetDefinedUUID)
	(openvzWriteVPSConfigParam, openvzReadVPSConfigParam)
	(openvzCopyDefaultConfig): Adjust callers.

	openvz: formatting cleanups
	* src/openvz/openvz_conf.c: Whitespace fixes.
	* src/openvz/openvz_driver.c: Likewise.

	network: use virAsprintf when appropriate
	* src/conf/network_conf.c (virNetworkAllocateBridge): Avoid
	limited buffer from snprintf.

	build: add some modules
	snprintf is currently implicitly picked up by getaddrinfo, but we
	might as well make it explicit so that mingw doesn't break if
	getaddrinfo changes to drop the dependency.

	func doesn't matter for gcc compilation, but may help other compilers
	cope with our use of __func__.

	* bootstrap.conf (gnulib_modules): Add snprintf and func.

2010-09-01  Ryan Harper  <ryanh@us.ibm.com>

	virsh: remove driver check from attach-disk command
	Virsh shouldn't check for driver support but rather let the backend handled this.
	After removing the check, I can successfully attach file-based images to a qemu
	VM with attach-disk.

	% virsh attach-disk vm2 /images/test02.img vdc --driver qemu --type disk --subdriver raw
	Disk attached successfully

	This command generates the following XML:

	<disk type='block' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source dev='/images/test02.img'/>
	      <target dev='vdc' bus='virtio'/>
	      <alias name='virtio-disk2'/>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
	</disk>

2010-09-01  Soren Hansen  <soren@linux2go.dk>

	Use global directory as UML's monitorDir for privileged connections
	For privileged UML connections (uml:///system), we shouldn't use root's
	home dir, but rather somewhere in /var/run/libvirt/uml-guest.

	https://bugzilla.redhat.com/show_bug.cgi?id=499536

	Explicitly pass uml_dir argument to user-mode-linux
	uml_dir overrides user-mode-linux's default of ~/.uml. This is needed
	for a couple of different reasons:

	libvirt expects this to default to virGetUserDirectory(geteuid()) +
	'/.uml'. However, user-mode-linux actually uses the HOME environment
	variable to determine where to look for the uml sockets, but if running
	libvirtd under sudo (which I routinely do during development), $HOME is
	pointing at my user's homedir, while my euid is 0, so libvirt looks in
	/root.

	Also (and this was my actual motivation for this patch), if HOME isn't
	set at all, user-mode-linux utterly fails. Looking at the code, it seems
	it's meant to emit a warning, but alas, it doesn't for some reason.
	If running libvirtd from upstart, HOME is not set, so any system using
	upstart will need this change.

2010-09-01  Eric Blake  <eblake@redhat.com>

	maint: track moved file
	* daemon/.gitignore: Move libvirt-guests.init...
	* tools/.gitignore: ...to its new location.

2010-08-31  Jim Fehlig  <jfehlig@novell.com>

	Add tests for Xen's blktap2 implementation
	xml2sexpr and sexpr2xml tests for blktap2

	Add blktap2 support to xend driver
	Xen4.0 includes a new blktap2 implementation, which is specified
	with 'tap2' prefix.  AFAICT it's configuration syntax is identical
	to blktap, with exception of 'tap2' vs 'tap' prefix.  This patch
	takes the simple approach of accepting and generating sexp
	containing 'tap2' prefix.

2010-08-31  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Map the .vmx annotation to the domain XML description
	Take care of escaping '"' and '|' (the escape character).

	Add tests for this.

	Move hextobin as virHexToBin to util.c
	virHexToBin will be used in the .vmx handling code.

2010-08-27  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	PHYP: Bad comparison when checking for existing domain name
	When creating a new domain from XML, the check for an existing
	domain name should compare the return of the function to a valid
	LPAR ID (!= -1) and not to error (== -1).

2010-08-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix esxVI_BuildSelectSet's invalid argument check
	The check was altered in 8c48743b9737ad4d246ab6043fd299316f9a2091
	and got too strict, I've no clue how that snuck in. This check
	makes every try to open a connection using the ESX driver fail
	with an invalid argument error.

	Revert the change to the check and add a comment to prevent future
	mistakes with this check.

	esx: Add read-only storage volume access
	This allows to list existing volumes and to retrieve information
	about them.

2010-08-25  Jiri Denemark  <jdenemar@redhat.com>

	Move libvirt-guests init script and config to tools
	Since libvirt-guests init script and its configuration do not require
	libvirtd to be running/installed, it was a bad idea to put them into
	daemon directory. libvirt.spec even includes these files in
	libvirt-client subpackage, which may result in build failure for
	client-only builds when the whole daemon directory is just skipped.

	spec: Fix undefined with_libnl
	When building libvirt RPM without macvtap, with_libnl would be
	undefined.

2010-08-25  Soren Hansen  <soren@linux2go.dk>

	Support virDomainAttachDevice and virDomainDetachDevice for disks in UML
	UML supports hot plugging and unplugging of various devices. This patch
	exposes this functionality for disks.

	Rename qemudShrinkDisks to virDomainDiskRemove and move to domain_conf.c
	Other drivers will need this same functionality, so move it to up to
	conf/domain_conf.c and give it a more general name.

2010-08-25  Serge Hallyn  <serge.hallyn@canonical.com>

	docs: fix lxc examples
	* docs/drvlxc.html.in: Use correct VM name, and mention that
	libvirt_lxc might be in an alternate location.

2010-08-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix handling of sparse NUMA topologies
	When finding a sparse NUMA topology, libnuma will return ENOENT
	the first time it is invoked. On subsequent invocations it
	will return success, but with an all-1's CPU mask. Check for
	this, to avoid polluting the capabilities XML with 4096 bogus
	CPUs

	* src/nodeinfo.c: Check for all-1s CPU mask

	Log return value for virConnectGetCapabilities
	Enabling debug doesn't show the capabilities XML for a connection.
	Add an extra debug statement for the return value

	* src/libvirt.c: Enable debug logging of capabilities XML

	Try harder to send RPC error message back to client
	When failing to serialize the normal RPC reply, try harder to
	send a error message back to the client, instead of immediately
	closing the connection.

	* daemon/dispatch.c: Improve error messages when RPC reply
	  can not be sent

	Add explicit warning messages when failing to serialize to XDR
	When libvirtd fails to serialize a message to XDR the client
	connection is terminated immediately. To enable this to be
	diagnosed, log the message which caused the problem on the
	server

	* daemon/dispatch.c: Log XDR serialization failures

2010-08-24  Soren Hansen  <soren@linux2go.dk>

	Allow chardev of type 'file' for UML domains.
	Like the comment suggested, we just open the file and pass the file
	descriptor to uml. The input "stream" is set to "null", since I couldn't
	find any useful way to actually use a file for input for a chardev and
	this also mimics what e.g. QEmu does internally.

2010-08-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Improve object-by-type lookup performance
	Instead of using one big traversal spec for lookup use a set of
	more fine grained traversal specs that are selected based on the
	actual needs of the lookup.

	This gives up to 20% speedup for certain operations like domain
	listing due to less HTTP(S) traffic.

2010-08-24  Jiri Denemark  <jdenemar@redhat.com>

	xen tests: Fix PV-VFB tests with RHEL-5 API
	RHEL-5 Xen doesn't support the old style vnc configuration. In sexpr, we
	can't really check it with rhel5-api turned on. However, for XM
	configuration files it's sufficient to use cfg version 1 instead of 2.

	xml2sexprtest: Remove graphics from unrelated tests
	This caused unnecessary make check failures when libvirt is configured
	--with-rhel5-api

	xen tests: Fix missing "type ioemu" with rhel5-api
	The most common cause of errors with rhel5-api turn on was missing
	"(type ioemu)" in sexpr or its equivalent in XM configuration file. This
	happens because the presence of that part in sexpr (or cfg) depends on
	xen version the host is running. Let's avoid it by explicitly specifying
	interface model which ensures "type ioemu" will always be emitted.

	This patch adds

	    <model type='e1000'/>

	withing the interface element in all affected xml files. And

	    (model 'e1000')

	to all corresponding sexpr files with similar fix to cfg files. Such
	configuration works regardless on Xen version.

	nodeinfotest: Print libvirt error on failure
	If linuxNodeInfoCPUPopulate() fails, the test would just print "FAILED"
	which is not very informative. It's better to print the real error.

2010-08-24  Eric Blake  <eblake@redhat.com>

	xenapi: support xenapi 5.6.0 headers
	* src/xenapi/xenapi_driver.c (xenapiDomainGetInfo): Avoid using
	XEN_VM_POWER_STATE_UNKNOWN, which disappeared in newer xenapi.
	* src/xenapi/xenapi_utils.c (mapPowerState): Likewise.

2010-08-23  Daniel P. Berrange  <berrange@redhat.com>

	Add support for -enable-kqemu flag
	Previously QEMU enabled KQEMU by default and had -no-kqemu.
	0.11.x switched to requiring -enable-kqemu. 0.12.x dropped
	kqemu entirely. This patch adds support for -enable-kqemu
	so 0.11.x works. It replaces a huge set of if() with a
	switch() to make the code a bit more readable.

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Support
	  -enable-kqemu

2010-08-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Use MD5 sum of mount path as storage pool UUID
	With the previous storage pool UUID source not all storage pools
	had a proper UUID, especially GSX storage pools. The mount path
	is unique per host and cannot change during the lifetime of the
	datastore. Therefore, it's MD5 sum can be used as UUID.

	Use gnulib's crypto/md5 module to generate the MD5 sum.

	esx: Make sure dumpxml outputs proper ID for active domains

	xenapi: Fix compile error in previous commit

2010-08-21  Jim Fehlig  <jfehlig@novell.com>

	Add actions to virDomainLifecycle enum
	Xen supports on_crash actions coredump-{destroy,restart}.  libvirt
	cannot parse config returned by xend that contains either of these
	actions

	xen52 # xm li -l test | grep on_crash
	    (on_crash coredump-restart)
	xen52 # virsh dumpxml test
	error: internal error unknown lifecycle type coredump-restart

	This patch adds a new virDomainLifecycleCrash enum and appends
	the new options to existing destroy, restart, preserve, and
	rename-restart options.

2010-08-20  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Remove code duplication
	We already filled the PCI address structure when we checked whether it's
	free or not, so let's just use the structure here instead of filling it
	again.

	qemu: Check for errors when converting PCI address to string

	qemu: Fix JSON migrate_set_downtime command

2010-08-20  Eric Blake  <eblake@redhat.com>

	vbox: factor a large function
	* src/vbox/vbox_tmpl.c (vboxDomainCreateWithFlags): Split...
	(vboxStartMachine): ...into new helper.

	vbox: add location used in rpmfusion release
	* configure.ac (vbox_xpcomc_dir): Add another potential dir.

	xenapi: avoid sprintf
	* src/xenapi/xenapi_utils.h (createVifNetwork): Delete prototype.
	* src/xenapi/xenapi_utils.c (createVifNetwork): Change signature,
	and use virAsprintf.  Detect allocation failure.
	(createVMRecordFromXml): Adjust caller.

	storage: avoid s[n]printf
	* src/storage/storage_backend.c (virStorageBackendCreateQemuImg)
	(virStorageBackendCreateQcowCreate): Use virAsprintf instead.
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskCreateVol, virStorageBackendDiskPartFormat):
	Likewise.

	maint: whitespace cleanups
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskPartFormat): Fix spacing.

	build: delete dead comments
	* src/qemu/qemu_driver.c (qemudGetProcessInfo): Clean up.
	* src/uml/uml_driver.c (umlGetProcessInfo): Likewise.
	* src/xen/sexpr.c (_string2sexpr): Likewise.

2010-08-20  Patrick Dignan  <pat_dignan@dell.com>

	storage: add support for Vendor and Model in XML
	I wrote a patch to add support for listing the Vendor and Model of a
	storage pool in the storage pool XML.  This would allow vendor
	extensions of specific devices.  The patch includes a test for the new
	attributes as well.

	Patrick Dignan

2010-08-20  Eric Blake  <eblake@redhat.com>

	uml: fix logic bug in checking reply length
	* src/uml/uml_driver.c (umlMonitorCommand): Validate that enough
	bytes were read to dereference both res.length, and that many
	bytes from res.data.
	Reported by Soren Hansen.

	nwfilter: use consistent OOM reporting
	* src/nwfilter/nwfilter_driver.c (nwfilterLog): Delete.
	(nwfilterDriverStartup): Use virReportOOMError instead.

2010-08-19  Eric Blake  <eblake@redhat.com>

	build: fix compiler warning
	node_device/node_device_driver.c: In function 'nodeDeviceVportCreateDelete':
	node_device/node_device_driver.c:423: error: implicit declaration of function 'stat' [-Wimplicit-function-declaration]

	* src/node_device/node_device_driver.c (includes): Add <sys/stat.h>.

2010-08-18  Daniel Veillard  <veillard@redhat.com>

	xen: Fix scheduler setting problems
	Doing `virsh schedinfo rhel5u3 --cap 65535' the hypervisor does the
	call, but does not change the value nor raise an error. Best is just to
	consider it's not in the allowed values. The problem is that the error
	won't be output since the xend driver will then be called and raise an
	error

	    error: this function is not supported by the hypervisor: unsupported
	    in xendConfigVersion < 4

	which will override the useful information from
	xenUnifiedDomainSetSchedulerParameters(). So best is to also invert the
	order in which the xen sub-drivers are called.

	* src/xen/xen_hypervisor.c: mark 65535 cap value as out of bound
	* src/xen/xen_hypervisor.c: reverse the order of the calls to the xen
	  sub drivers to get the error message if needed

2010-08-18  Jiri Denemark  <jdenemar@redhat.com>

	nodedev: Free the right pointers when getting WWNs fails

2010-08-18  Dave Allan  <dallan@redhat.com>

	nodedev: Fix sysfs paths for vport operations
	Some kernels, such as the one used in RHEL-5, have vport_create and
	vport_delete operation files in /sys/class/scsi_host/hostN directory
	instead of /sys/class/fc_host/hostN. Let's check both paths for
	compatibility reasons.

	This also removes unnecessary '/' characters from sysfs paths containing
	LINUX_SYSFS_FC_HOST_PREFIX.

2010-08-18  Daniel Berrange  <berrange@redhat.com>

	xen: Fix device count on detach

	remote: Fix incorrect use of private data field
	NodeDeviceCreateXML and NodeDeviceDestroy methods added for NPIV were
	using the wrong privateData field for the remote driver. This doesn't
	impact KVM, since the remote driver handles everything, thus
	privateData == devMonPrivateData. It does impact Xen though, because
	the remote driver only handles a subset of methods and thus
	privateData != devMonPrivateData.

2010-08-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix memory leak when looking up an non-existing domain by name
	In case an optional object cannot be found the lookup function is
	left early and the cleanup code is not executed.

	This pattern occurs in some other functions too.

2010-08-18  Chris Lalancette  <clalance@redhat.com>

	Fix up qemu domain save/managed save locking.
	The current version of the qemu managed save implementation
	is subject to a race where the domain shuts down between
	the time that we start the command and the time that we
	actually try to do the save.  Close this race by making
	qemuDomainSaveFlags() expect both the driver and the passed-in
	vm object to be locked before executing.

2010-08-17  Eric Blake  <eblake@redhat.com>

	docs: mention domain <clock> improvements
	Add documentation for features added a while ago.

	* docs/formatdomain.html.in (Time keeping): Update documentation
	of <clock> element to match 0.8.0 addition.

2010-08-17  Stefan Berger  <stefanb@us.ibm.com>

	cygwin: build fix
	Fixing a problem in the build on cygwin due to missing #define's.

2010-08-17  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix copy&paste error in warning message
	This also makes the message consistent with the message used in error
	path of qemudDomainAttachHostPciDevice.

	qemu: Release PCI slot when detaching disk and net devices

	qemu: Re-reserve all PCI addresses on libvirtd restart
	When reconnecting to existing VMs, we re-reserved only those PCI
	addresses which were explicitly mentioned in domain XML. Since some
	addresses are always reserved (e.g., 0:0:0 and 0:0:1), we need to handle
	those too.

	Also all this should only be done if device flag is supported by qemu.

2010-08-17  Jamie Strandboge  <jamie@canonical.com>

	build: fix AppArmor compilation
	* src/security/virt-aa-helper.c: Add missing include.

2010-08-17  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: extend nwfilter reload support
	In this patch I am extending and fixing the nwfilter module's reload support to stop all ongoing threads (for learning IP addresses of interfaces) and rebuild the filtering rules of all interfaces of all VMs when libvirt is started. Now libvirtd rebuilds the filters upon the SIGHUP signal and libvirtd restart.

	About the patch: The nwfilter functions require a virConnectPtr. Therefore I am opening a connection in qemudStartup, which later on needs to be closed outside where the driver lock is held since otherwise it ends up in a deadlock due to virConnectClose() trying to lock the driver as well.

	I have tested this now for a while with several machines running and needing the IP address learner thread(s). The rebuilding of the firewall rules seems to work fine following libvirtd restart or a SIGHUP. Also the termination of libvirtd worked fine.

2010-08-15  Eric Blake  <eblake@redhat.com>

	build: allow mingw VPATH build
	* .gnulib: Update to latest.
	Reported by Matthias Bolte.

2010-08-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Explicitly disable unused floppy devices
	floppy0.present defaults to true. Therefore, it needs to be
	explicitly set to false when the XML config doesn't specify the
	corresponding floppy device.

	Also update tests accordingly.

	Generate libvirt_qemu.def from libvirt_qemu.syms for MinGW builds

2010-08-15  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	PHYP: Add rudimentary network driver
	I changed virStorage[Open|Close] to virVIOSDriver[Open|Close] so
	the network driver can use it - since the network driver deals
	with Open/Close in the same way.

2010-08-15  Soren Hansen  <soren@linux2go.dk>

	Make umlConnectTapDevice ask brAddTap for a persistent tap device.
	This patch does two things:

	 * It makes umlConnectTapDevice ask brAddTap for a persistent tap by
	   passing it a NULL tapfd argument.
	 * Stops umlConnectTapDevice from immediately dismantling the bridge
	   it just set up.

	Close fd's of persistent tap devices
	When passing a NULL tapfd argument to brAddTap, we need to close the fd
	of the tap device. If we don't, libvirt will keep the fd open
	indefinitely and renders the the guest unable to configure its side of
	the tap device.

	Make sure all command line arguments get passed to UML
	If umlBuildCommandLineChr fails (e.g. due to an unsupported chardev
	type), it returns NULL. umlBuildCommandLine does not check for this and
	sets this as an argument on the comand line, effectively ending the
	argument list. This patch checks for this case and sets the chardev to
	"none".

2010-08-14  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Discard class D,E IP addresses when sniffing pkts
	When sniffing the network traffic, discard class D and E IP addresses when sniffing traffic. This was a reason why filters were not correctly rebuilt on VMs on the local 192.* network when libvirt was restarted and those VMs did not use a DHCP request to get its IP address.

	nwfilter: serialize execution of scripts with ebtables cmds
	While testing the SIGHUP handling and reloading of the nwfilter driver, I found that when the filters are rebuilt and mutlipe threads handled the individual interfaces, concurrently running multiple external bash scripts causes strange failures even though the executed ebtables commands are working on different tables for different interfaces. I cannot say for sure where the concurrency problems are caused, but introducing this lock definitely helps.

2010-08-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	Only require XDR when building libvirtd or the remote driver

2010-08-13  Chris Lalancette  <clalance@redhat.com>

	Move the tunnelled migration unix socket to /var/lib/libvirt/qemu
	Since the qemu process is running as qemu:qemu, it can't actually
	look at the unix socket in /var/run/libvirt/qemu which is owned by
	root and has permission 700.  Move the unix socket to
	/var/lib/libvirt/qemu, which is already owned by qemu:qemu.

	Thanks to Justin Clift for test this out for me.

	Fix tunnelled migration with qemu running as qemu:qemu.
	The problem is that on the source of the migration, libvirtd
	is responsible for creating the unix socket over which the data
	will flow.  Since libvirtd is running as root, this file will
	be created as root.  When the qemu process running as qemu:qemu
	goes to access the unix file to write data to it, it will get
	permission denied and fail.  Make sure to change the owner
	of the unix file to qemu:qemu.

	Thanks to Justin Clift for testing this patch out for me.

2010-08-13  Stefan Berger  <stefanb@us.ibm.com>

	Fix valgrind complaints when using kill -SIGHUP on libvirtd
	This patch fixes a couple of complaints from valgrind when tickling libvirtd with SIGHUP.

	The first two files contain fixes for memory leaks. The 3rd one initializes an uninitialized variable. The 4th one is another memory leak.

2010-08-13  Daniel Veillard  <veillard@redhat.com>

	qemu: avoid calling the balloon info command if disabled
	 Basically a followup of the previous patch about balloon desactivation
	if desactivated, to not ask for balloon information to qemu as we will
	just get an error back.
	 This can make a huge difference in the time needed for domain
	information or list when a machine is loaded, and balloon has been
	desactivated in the guests.

	* src/qemu/qemu_driver.c: do not get the balloon info if the balloon
	  suppor is disabled

2010-08-12  Jiri Denemark  <jdenemar@redhat.com>

	bridge: Add --dhcp-no-override option to dnsmasq
	--dhcp-no-override description from dnsmasq man page:

	      Disable  re-use  of  the  DHCP servername and filename fields as
	      extra option space. If it can, dnsmasq moves the boot server and
	      filename  information  (from  dhcp-boot)  out of their dedicated
	      fields into DHCP options. This make extra space available in the
	      DHCP  packet  for options but can, rarely, confuse old or broken
	      clients. This flag forces "simple and safe" behaviour  to  avoid
	      problems in such a case.

	It seems some virtual network card ROMs are this old/buggy so let's add
	--dhcp-no-override as a workaround for them. We don't use extra DHCP
	options so this should be safe. The option was added in dnsmasq-2.41,
	which becomes the minimum required version.

2010-08-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Improve VMX file name parsing and formatting
	For parsing try to match by datastore mount path first, if that
	fails fallback to /vmfs/volumes/<datastore>/<path> parsing. This
	also fixes problems with GSX on Windows. Because GSX on Windows
	doesn't use /vmfs/volumes/ style file names.

	For formatting use the datastore mount path too, instead of using
	/vmfs/volumes/<datastore>/<path> as fixed format.

2010-08-12  Jiri Denemark  <jdenemar@redhat.com>

	bridge: Fix potential segfault when preparing dnsmasq arguments
	We add --dhcp-lease-max=xxx argument when network->def->nranges > 0 but
	we only allocate space for in the opposite case :-) I guess we are lucky
	enough to miscount somewhere else so that we actually allocate more
	space than we need since no-one has hit this bug so far.

2010-08-11  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Split VMX code into a general and an ESX specific part
	Introduce esxVMX_Context containing functions pointers to
	glue both parts together in a generic way.

	Move the ESX specific part to esx_driver.c.

	This is a step towards making the VMX code reusable in a
	potential VMware Workstation and VMware Player driver.

2010-08-11  Daniel Veillard  <veillard@redhat.com>

	allow memballoon type of none to desactivate it
	  The balloon device is automatically added to qemu guests if supported,
	but it may be useful to desactivate it. The simplest to not change the
	existing behaviour is to allow
	  <memballoon type="none"/>
	as an extra option to desactivate it (it is automatically added if the
	memballoon construct is missing for the domain).
	The following simple patch just adds the extra option and does not
	change the default behaviour but avoid creating a balloon device if
	type="none" is used.

	* docs/schemas/domain.rng: add the extra type attribute value
	* src/conf/domain_conf.c src/conf/domain_conf.h: add the extra enum
	  value
	* src/qemu/qemu_conf.c: if enum is NONE, don't activate the device,
	  i.e. don't pass the args to qemu/kvm

2010-08-11  Jiri Denemark  <jdenemar@redhat.com>

	Avoid unnecessary bootstrap runs in VPATH builds

2010-08-11  Doug Goldstein  <cardoe@gentoo.org>

	Add a detailed message when tap device add fails
	Added a more detailed error message when adding a tap devices fails and
	the kernel is missing tun support.

	Fix return value usage
	Fix the error checking to use the return value from brAddTap() instead
	of checking the current errno value which might have been changed by
	clean up calls inside of brAddTap().

2010-08-11  Eric Blake  <eblake@redhat.com>

	nodeinfo: skip offline CPUs
	https://bugzilla.redhat.com/622515 - When hot-unplugging CPUs,
	libvirt failed to start a guest that had been pinned to CPUs that
	were still online.

	Tested on a dual-core laptop, where I also discovered that, per
	http://www.cyberciti.biz/files/linux-kernel/Documentation/cpu-hotplug.txt,
	/sys/devices/system/cpu/cpu0/online does not exist on systems where it
	cannot be hot-unplugged.

	* src/nodeinfo.c (linuxNodeInfoCPUPopulate): Ignore CPUs that are
	currently offline.  Detect readdir failure.
	(parse_socket): Move guts...
	(get_cpu_value): ...to new function, shared with...
	(cpu_online): New function.

2010-08-10  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Hack around asynchronous device_del
	device_del command is not synchronous for PCI devices, it merely asks
	the guest to release the device and returns. If the host wants to use
	that device before the guest actually releases it, we are in big
	trouble. To avoid this, we already added a loop which waits up to 10
	seconds until the device is actually released before we do anything else
	with that device. But we only added this loop for managed PCI devices
	before we try reattach them back to the host.

	However, we need to wait even for non-managed devices. We don't reattach
	them automatically, but we still want to prevent the host from using it.
	This was revealed thanks to sVirt: when we relabel sysfs files
	corresponding to the PCI device before the guest finished releasing the
	device, qemu is no longer allowed to access those files and if it wants
	(as a result of guest's request) to write anything to them, it just
	exits, which kills the guest.

	This is not a proper fix and needs some further work both on libvirt and
	qemu side in the future.

2010-08-10  Eric Blake  <eblake@redhat.com>

	maint: update an email address preference
	* AUTHORS (Soren Hansen): Update address.
	* .mailmap: Alias other addresses to new preference.

2010-08-10  Diego Elio Pettenò  <flameeyes@gmail.com>

	build-sys: only build the test programs during the check phase.
	This avoids building the tests when testing libvirt is not the aim.

2010-08-10  Soren Hansen  <soren@linux2go.dk>

	Add "ubd" to the list of disk prefixes
	virDiskNameToIndex has a list of disk name prefixes that it uses in the
	process of finding the disk's index. This list is missing "ubd" which
	is the disk prefix used for UML domains.

2010-08-10  Daniel Veillard  <veillard@redhat.com>

	Extend virSocketParseAddr() to allow a NULL result pointer
	That way it can be used to verify a numeric address without storing
	the details
	* src/util/network.c: change virSocketParseAddr to allow a null @addr
	  parameter

2010-08-10  Philipp Hahn  <hahn@univention.de>

	bootloader_args is named bootargs in xen-xm
	According to <xen-3.4.3/tools/python/xen/xm/create.py:158>
		gopts.var('bootargs', val='NAME',
				  fn=set_value, default=None,
				  use="Arguments to pass to boot loader")
	the "bootloader_args" parameter needs to be translated into "bootargs"
	when using "virsh domxml-to-native xen-xm".
	The reverse direction (domxml-from-native) is already okay.

	This patch fixes domxml-to-native and adds two test files to catch this
	problem.

2010-08-06  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: refactor phypListDomainsGeneric to eliminate buffer overflow
	src/phyp/phyp_driver.c:phypListDomainsGeneric was crashing due to a buffer
	overflow if any line returned from virRun wasn't <=10 characters.

	Since virStrToLong_i recognizes any non-numeric as a terminator (not
	just NULL), there actually is no need to copy the number into a
	separate string anyway, so this patch eliminates that copy, the fixed
	length buffer, and therefore the potential to overflow.

	This change also provided the oppurtunity to eliminate the character
	counting loop, instead using the return from virStrToLong_i to point
	past the end of the number, then simply skip the \n to get to the
	next.

2010-08-06  Justin Clift  <jclift@redhat.com>

	docs: fix an incorrect keyword in updated hooks page

2010-08-06  Diego Elio Pettenò  <flameeyes@gmail.com>

	build-sys: fix build when daemon is disabled by not installing libvirtd.8
	Since the rule to build libvirtd.8 is within the WITH_LIBVIRTD conditional,
	so declare the man page in there as well. Without this change, build
	without daemon will fail.

2010-08-06  Justin Clift  <jclift@redhat.com>

	docs: significant expansion of custom hook script information

2010-08-06  Doug Goldstein  <cardoe@gentoo.org>

	Fix return value usage
	Fix the error checking to use the return value from brAddTap() instead
	of checking the current errno value which might have been changed by
	clean up calls inside of brAddTap().

	qemu: improve error if tun device is missing
	Added a more detailed error message when adding a tap devices fails and
	the kernel is missing tun support.

2010-08-05  Eric Blake  <eblake@redhat.com>

	build: rerun bootstrap if po/Makevars got nuked
	There has been a frequent complaint of:

	make[2]: Entering directory `/home/remote/eblake/libvirt/po'
	make[2]: *** No rule to make target `/config.status', needed by `Makefile'.  Stop.

	It happens after nuking and regenerating the po directory,
	which is a common action after running anything like
	'make dist' or 'make rpm' that dirties all the .po files.

	Teach autogen.sh that it must regenerate po/Makevars to avoid
	the missing variable declaration, and teach cfg.mk to recognize
	that a nuked po directory is cause to rerun autogen.sh.

	* cfg.mk (_update_required): Check for po/Makevars.
	* autogen.sh (bootstrap): Run bootstrap if it got lost.
	Diagnosed by Justin Clift.

2010-08-05  Daniel Veillard  <veillard@redhat.com>

	Do not use boot=on on IDE device
	the followup on the boot=on problem, basically it's not needed to
	specify it when booting out of IDE devices when using KVM
	* src/qemu/qemu_conf.c: do not use boot=on for IDE devices
	* tests/qemuxml2argvdata/qemuxml2argv*.args: this changes the output
	  for 5 of the tests

2010-08-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.8.3
	* configure.ac docs/news.html.in libvirt.spec.in: updates
	* po/*.po*: update and regenerated

2010-08-04  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix PCI address allocation
	Patch version revamped by Eric Blake <eblake@redhat.com> of Jiri
	Denemark <jdenemar@redhat.com> original patch

	When attaching a PCI device which doesn't explicitly set its PCI
	address, libvirt allocates the address automatically. The problem is
	that when checking which PCI address is unused, we only check for those
	with slot number higher than the highest slot number ever used.

	Thus attaching/detaching such device several times in a row (31 is the
	theoretical limit, less then 30 tries are enough in practise) makes any
	further device attachment fail. Furthermore, attaching a device with
	predefined PCI address to 0:0:31 immediately forbids attachment of any
	PCI device without explicit address.

	This patch changes the logic so that we always check all PCI addresses
	before we say there is no PCI address available.

	Modifications from v1: revert back to remembering the last slot
	reserved, but allow wraparound to not be limited by the end.
	In this way, slots are still assigned in the same order as
	before the patch, rather than filling in the gaps closest to
	0 and risking making windows guests mad.

	* src/qemu/qemu_conf.c: fix pci reservation code to do a round-robbin
	  check of all available PCI splot availability before failing.

2010-08-04  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	OpenVZ: implement suspend/resume driver APIs
	* src/openvz/openvz_driver.c: implements openvzDomainSuspend and
	  openvzDomainResume

2010-08-03  Laine Stump  <laine@laine.org>

	Don't leak delay string when freeing virInterfaceBridgeDefs

	Fix build error in virsh.c
	Another gettext string with no format args sent to printf as a format string.

2010-08-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Set storage pool target path to host.mountInfo.path
	Now all storage pool types expose the target path.

	esx: Make storage pool lookup by name and UUID more robust
	Don't rely on summary.url anymore, because its value is different
	between an esx:// and vpx:// connection. Use host.mountInfo.path
	instead.

	Don't fallback to lookup by UUID (actually lookup by absolute path)
	in esxVI_LookupDatastoreByName when lookup by name fails. Add a
	seperate function for this: esxVI_LookupDatastoreByAbsolutePath

	esx: Restrict vpx:// to handle a single host in a vCenter
	Now a vpx:// connection has an explicitly specified host. This
	allows to enabled several functions for a vpx:// connection
	again, like host UUID, hostname, general node info, max vCPU
	count, free memory, migration and defining new domains.

	Lookup datacenter, compute resource, resource pool and host
	system once and cache them. This simplifies the rest of the
	code and reduces overall HTTP(S) traffic a bit.

	esx:// and vpx:// can be mixed freely for a migration.

	Ensure that migration source and destination refer to the
	same vCenter. Also directly encode the resource pool and
	host system object IDs into the migration URI in the prepare
	function. Then directly build managed object references in
	the perform function instead of re-looking up already known
	information.

	esx: Map some managed object types
	Datacenter, ComputeResource and HostSystem will be used for
	simplified handling and caching.

	esx: Parse the path of the URI
	The path will be used to specify the datacenter, compute resource
	and host system to be used with a vpx:// connection.

2010-08-03  Eric Blake  <eblake@redhat.com>

	qemu: don't lose error on setting monitor capabilities
	Spotted by clang.  Regression introduced in commit e72cc3c11d.

	* src/qemu/qemu_driver.c (qemuConnectMonitor): Don't lose error status.

	build: avoid compiler warning, for real this time
	* tools/virsh.c (vshParseArgv): Drop spurious argument to printf.

	Fix virsh error message when -d arg is not numeric

2010-08-03  Daniel Veillard  <veillard@redhat.com>

	Add Aurelien to AUTHORS

2010-08-03  Aurelien ROUGEMONT  <beorn@binaries.fr>

	Fix a couple of typo in iSCSI backend
	- a pure typo error and a wrong command referenced in an error message.

2010-08-03  Daniel Veillard  <veillard@redhat.com>

	Make virsh -d check its input
	it was using atoi direct without checking leading to confusion
	in case of flag error for example with -c

	* tools/virsh.c: vshParseArgv() use virStrToLong_i and remove the
	  unchecked atoi used to parse teh parameter

2010-08-02  Laine Stump  <laine@redhat.com>

	Add iptables rule to fixup DHCP response checksum.
	This patch attempts to take advantage of a newly added netfilter
	module to correct for a problem with some guest DHCP client
	implementations when used in conjunction with a DHCP server run on the
	host systems with packet checksum offloading enabled.

	The problem is that, when the guest uses a RAW socket to read the DHCP
	response packets, the checksum hasn't yet been fixed by the IP stack,
	so it is incorrect.

	The fix implemented here is to add a rule to the POSTROUTING chain of
	the mangle table in iptables that fixes up the checksum for packets on
	the virtual network's bridge that are destined for the bootpc port (ie
	"dhcpc", ie port 68) port on the guest.

	Only very new versions of iptables will have this support (it will be
	in the next upstream release), so a failure to add this rule only
	results in a warning message. The iptables patch is here:

	  http://patchwork.ozlabs.org/patch/58525/

	A corresponding kernel module patch is also required (the backend of
	the iptables patch) and that will be in the next release of the
	kernel.

2010-08-02  Chris Lalancette  <clalance@redhat.com>

	Fix the ACS checking in the PCI code.
	When trying to assign a PCI device to a guest, we have
	to check that all bridges upstream of that device support
	ACS.  That means that we have to find the parent bridge of
	the current device, check for ACS, then find the parent bridge
	of that device, check for ACS, etc.  As it currently stands,
	the code to do this iterates through all PCI devices on the
	system, looking for a device that has a range of busses that
	included the current device's bus.

	That check is not restrictive enough, though.  Depending on
	how we iterated through the list of PCI devices, we could first
	find the *topmost* bridge in the system; since it necessarily had
	a range of busses including the current device's bus, we
	would only ever check the topmost bridge, and not check
	any of the intermediate bridges.

	Note that this also caused a fairly serious bug in the
	secondary bus reset code, where we could erroneously
	find and reset the topmost bus instead of the inner bus.

	This patch changes pciGetParentDevice() so that it first
	checks if a bridge device's secondary bus exactly matches
	the bus of the device we are looking for.  If it does, we've
	found the correct parent bridge and we are done.  If it does not,
	then we check to see if this bridge device's busses *include* the
	bus of the device we care about.  If so, we mark this bridge device
	as best, and go on.  If we later find another bridge device whose
	busses include this device, but is more restrictive, then we
	free up the previous best and mark the new one as best.  This
	algorithm ensures that in the normal case we find the direct
	parent, but in the case that the parent bridge secondary bus
	is not exactly the same as the device, we still find the
	correct bridge.

	This patch was tested by me on a 4-port NIC with a
	bridge without ACS (where assignment failed), a 4-port
	NIC with a bridge with ACS (where assignment succeeded),
	and a 2-port NIC with no bridges (where assignment
	succeeded).

	Free up memballoon def.
	Forgetting to do this was causing a memory leak.

	Don't put a semicolon on the end of a VIR_ENUM_IMPL.

	Fix a bogus warning when parsing <hostdev>
	When parsing hostdev, the following message would be emitted:

	10:17:19.052: error : virDomainHostdevDefParseXML:3748 : internal error unknown node alias

	However, alias is appropriately parsed in
	virDomainDeviceInfoParseXML anyway.  Disable the error message
	in the initial XML parsing loop.

2010-08-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	Remove duplicate </p> from downloads.html.in

2010-07-31  Matthias Bolte  <matthias.bolte@googlemail.com>

	Update ID after stopping a domain

2010-07-31  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	openvzDomainCreateWithFlags: set domain id to the correct value
	When an openvz domain is defined with virDomainDefineXML,
	domain id is set to -1. A call to virDomainGetInfo after
	starting the domain would then fail because this invalid
	id is passed to openvzGetProcessInfo.

2010-07-31  Eric Blake  <eblake@redhat.com>

	storage: kill dead stores
	Found by clang.  Clang complained that virStorageBackendProbeTarget
	could dereference NULL if backingStoreFormat was NULL, but since all
	callers passed a valid pointer, I added attributes instead of null
	checks.

	* src/storage/storage_backend.c
	(virStorageBackendQEMUImgBackingFormat): Kill dead store.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Likewise.  Skip null checks, by adding attributes.

	qemu: kill some dead stores
	Spotted by clang.

	* src/qemu/qemu_monitor.c (qemuMonitorClose): Kill dead store.
	* src/qemu/qemu_driver.c (qemudDomainSaveImageStartVM): Likewise.

	network: kill dead store
	* src/network/bridge_driver.c (networkDefine): Kill dead store.

2010-07-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	xenapi: Update ID after starting a domain

	esx: Update ID after starting a domain

2010-07-30  Chris Lalancette  <clalance@redhat.com>

	Fix DMI uuid parsing.
	valgrind was complaining that virUUIDParse was depending on
	an uninitialized value.  Indeed it was; virSetHostUUIDStr()
	didn't initialize the dmiuuid buffer to 0's, meaning that
	anything after the string read from /sys was uninitialized.
	Clear out the dmiuuid buffer before use, and make sure to
	always leave a \0 at the end.

2010-07-30  Daniel Veillard  <veillard@redhat.com>

	Do not activate boot=on on devices when not using KVM
	  Basically the 'boot=on' boot selection device is something present in
	KVM but not in upstream QEmu, as a result if we boot a QEmu domain
	without KVM acceleration we must disable boot=on ... even if the front
	end kvm binary expose that capability in the help page.

	* src/qemu/qemu_conf.c: in qemudBuildCommandLine if -no-kvm
	  is passed, then deactivate QEMUD_CMD_FLAG_DRIVE_BOOT

2010-07-30  Chris Lalancette  <clalance@redhat.com>

	Fix a memory leak in the qemudBuildCommandLine.
	ADD_ARG_LIT should only be used for literal arguments,
	since it duplicates the memory.  Since virBufferContentAndReset
	is already allocating memory, we should only use ADD_ARG.

2010-07-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix freeing of heterogeneous lists
	Always call the free function of the base type. The base type
	function then dynamically dispatches the call to the free function
	for the actual type.

	esx: Switch from name to number checks in the subdrivers

	esx: Improve blocked task detection and fix race condition
	esxVI_WaitForTaskCompletion can take a UUID to lookup the
	corresponding domain and check if the current task for it
	is blocked by a question. It calls another function to do
	this: esxVI_LookupAndHandleVirtualMachineQuestion looks up
	the VirtualMachine and checks for a question. If there is
	a question it calls esxVI_HandleVirtualMachineQuestion to
	handle it.

	If there was no question or it has been answered the call
	to esxVI_LookupAndHandleVirtualMachineQuestion returns 0.
	If any error occurred during the lookup and answering
	process -1 is returned. The problem with this is, that -1
	is also returned when there was no error but the question
	could not be answered. So esxVI_WaitForTaskCompletion cannot
	distinguish between this two situations and reports that a
	question is blocking the task even when there was actually
	another problem.

	This inherent problem didn't surface until vSphere 4.1 when
	you try to define a new domain. The driver tries to lookup
	the domain that is just in the process of being registered.
	There seems to be some kind of race condition and the driver
	manages to issue a lookup command before the ESX server was
	able to register the domain. This used to work before.

	Due to the return value problem described above the driver
	reported a false error message in that case.

	To solve this esxVI_WaitForTaskCompletion now takes an
	additional occurrence parameter that describes whether or
	not to expect the domain to be existent. Also add a new
	parameter to esxVI_LookupAndHandleVirtualMachineQuestion
	that allows to distinguish if the call returned -1 because
	of an actual error or because the question could not be
	answered.

2010-07-30  Eric Blake  <eblake@redhat.com>

	esx: silence spurious compiler warning
	* src/esx/esx_vi_types.c (_DESERIALIZE_NUMBER)
	(ESX_VI__TEMPLATE__DESERIALIZE_NUMBER): Add range check to shut up
	gcc 4.5.0 regarding long long.

	build: distribute libvirt_qemu.syms
	* src/Makefile.am (EXTRA_DIST): Ensure 'make distcheck' and
	'rpmbuild' can reproduce a build.
	* daemon/Makefile.am (DAEMON_SOURCES): Likewise.

	build: restore operation of bit-rotted 'make cov'
	'./autobuild.sh' with lcov installed discovered that our
	coverage support has been bit-rotting for a while.  This
	restores it back to a successful state, although I have
	not yet spent any time looking through the resulting files to
	look for low-hanging fruit in the unit test coverage front.

	* configure.ac: Clear COMPILER_FLAGS at right place.
	* Makefile.am (cov): Newer genhtml no longer likes plain -s.
	* m4/compiler-flags.m4 (gl_COMPILER_FLAGS): Don't AC_SUBST
	COMPILER_FLAGS; it is a shell variable for use in configure only.
	* src/Makefile.am (AM_CFLAGS, AM_LDFLAGS): New variables, to make
	it easier to provide global flag additions.  Use throughout, to
	uniformly apply coverage flags.
	* .gitignore: Globally ignore gcov output.
	* daemon/.gitignore: Simplify.
	* src/.gitignore: Likewise.
	* tests/.gitignore: Likewise.

	xen: fix logic bug
	The recent switch to enable -Wlogical-op paid off again.
	gcc 4.5.0 (rawhide) is smarter than 4.4.4 (Fedora 13).

	* src/xen/xend_internal.c (xenDaemonAttachDeviceFlags)
	(xenDaemonUpdateDeviceFlags, xenDaemonDetachDeviceFlags): Use
	correct operator.

	build: fix 'make syntax-check' failure
	src/lxc/veth.c:150:        VIR_DEBUG(_("Failed to delete '%s' (%d)"),
	src/lxc/veth.c:188:            VIR_DEBUG(_("Failed to disable '%s' (%d)"),
	maint.mk: do not mark these strings for translation

	* src/lxc/veth.c (vethDelete, vethInterfaceUpOrDown): Don't
	translate VIR_DEBUG.

2010-07-30  Ryota Ozaki  <ozaki.ryota@gmail.com>

	lxc: Fix return values of veth.c functions
	Previously, the functions in src/lxc/veth.c could sometimes return
	positive values on failure rather than -1. This made accurate error
	reporting difficult, and led to one failure to catch an error in a
	calling function.

	This patch makes all the functions in veth.c consistently return 0 on
	success, and -1 on failure. It also fixes up the callers to the veth.c
	functions where necessary.

	Note that this patch may be related to the bug:

	  https://bugzilla.redhat.com/show_bug.cgi?id=607496.

	It will not fix the bug, but should unveil what happens.

	* po/POTFILES.in - add veth.c, which previously had no translatable strings
	* src/lxc/lxc_controller.c
	* src/lxc/lxc_container.c
	* src/lxc/lxc_driver.c    - fixup callers to veth.c, and remove error logs,
	                            as they are now done in veth.c
	* src/lxc/veth.c - make all functions consistently return -1 on error.
	* src/lxc/veth.h - use ATTRIBUTE_NONNULL to protect against NULL args.

2010-07-30  Laine Stump  <laine@redhat.com>

	Eliminate memory leak in xenUnifiedDomainInfoListFree
	This fixes a leak described in

	   https://bugzilla.redhat.com/show_bug.cgi?id=590073

	xenUnifiedDomainInfoList has a pointer to a list of pointers to
	xenUnifiedDomain. We were freeing up all the domains, but neglecting
	to free the list.

	This was found by Paolo Bonzini <pbonzini@redhat.com>.

2010-07-29  Ryota Ozaki  <ozaki.ryota@gmail.com>

	lxc: Fix 'autostart' doesn't take effect actually
	lxcStartup forgot to call lxcAutostartConfigs. Fix it.

	This patch should fix https://bugzilla.redhat.com/show_bug.cgi?id=589863 .

2010-07-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix --with-xen-proxy related compile error
	Move virDomainChrTargetTypeToString out of the #ifndef PROXY
	block, because it's used outside of it.

2010-07-29  Chris Lalancette  <clalance@redhat.com>

	Fix a potential race in pciInitDevice.
	If detecting the FLR flag of a pci device fails, then we
	could run into the situation of trying to close a file
	descriptor twice, once in pciInitDevice() and once in pciFreeDevice().
	Fix that by removing the pciCloseConfig() in pciInitDevice() and
	just letting pciFreeDevice() handle it.

	Thanks to Chris Wright for pointing out this problem.

	While we are at it, fix an error check.  While it would actually
	work as-is (since success returns 0), it's still more clear to
	check for < 0 (as the rest of the code does).

2010-07-29  Cole Robinson  <crobinso@redhat.com>

	qemu: virtio console support
	Enable specifying a virtio console device with:

	<console type='pty'>
	  <target type='virtio'/>
	</console>

	domain conf: Track <console> target type
	All <console> devices now export a <target> type attribute. QEMU defaults
	to 'serial', UML defaults to 'uml, xen can be either 'serial' or 'xen'
	depending on fullvirt. Understandably there is lots of test fallout.

	This will be used to differentiate between a serial vs. virtio console for
	QEMU.

	domain conf: char: Add an explicit targetType field
	targetType only tracks the actual <target> format we are parsing. Currently
	we only fill abide this value for channel devices.

	domain conf: Rename character prop targetType -> deviceType
	There is actually a difference between the character device type (serial,
	parallel, channel, ...) and the target type (virtio, guestfwd). Currently
	they are awkwardly conflated.

	Start to pull them apart by renaming targetType -> deviceType. This is
	an entirely mechanical change.

	docs: domain: Document virtio <channel>

	tests: Test qemuxml2xml when expected xml changes
	Add tests for auto memballon, implicit IDE, SCSI, virtio channel
	controllers, and console/serial back compat.

	Additionally, an explicit qemuxml2argvtest for scsi disks is added.

2010-07-28  Gerhard Stenzel  <gerhard.stenzel@de.ibm.com>

	fix handling of PORT_PROFILE_RESPONSE_INPROGRESS netlink message
	During function test of the 802.1Qbg implementation in lldpad we came
	across a small problem in the handling of the netlink message
	corresponding to PORT_PROFILE_RESPONSE_INPROGRESS. This should not
	result in returning the default rc=1.

	- src/util/macvtap.c: fix getPortProfileStatus() to return 0 in that
	  case and also fix an indentation problem

2010-07-28  Eric Blake  <eblake@redhat.com>

	maint: fix comment typos
	* src/network/bridge_driver.c
	(networkAddMasqueradingIptablesRules): Fix spelling and grammar.

2010-07-28  Chris Lalancette  <clalance@redhat.com>

	Fix up confusing indentation in qemudDomainAttachHostPciDevice.

2010-07-28  Eric Blake  <eblake@redhat.com>

	maint: turn on gcc logical-op checking
	This would have detected the bug in commit 38ad33931 (Aug 09), which
	we missed until commit f828ca35 (Jul 10); over 11 months later.

	However, on Fedora 13, it also triggers LOTS of warnings from
	the libcurl-devel header for two files:

	esx/esx_vi.c: In function 'esxVI_CURL_Perform':
	esx/esx_vi.c:232: error: logical '&&' with non-zero constant will always evaluate as true [-Wlogical-op]
	esx/esx_vi.c:232: error: logical '&&' with non-zero constant will always evaluate as true [-Wlogical-op]
	esx/esx_vi.c:232: error: logical '&&' with non-zero constant will always evaluate as true [-Wlogical-op]
	...
	xenapi/xenapi_driver.c: In function 'call_func':
	xenapi/xenapi_driver.c:1872: error: logical '&&' with non-zero constant will always evaluate as true [-Wlogical-op]
	xenapi/xenapi_driver.c:1872: error: logical '&&' with non-zero constant will always evaluate as true [-Wlogical-op]
	xenapi/xenapi_driver.c:1872: error: logical '&&' with non-zero constant will always evaluate as true [-Wlogical-op]
	...

	libcurl allows to disable the type-checking code that triggers those
	warnings, along with the reduction in type-safety of calls to some
	libcurl functions. I figure this is worth the improved compiler
	checking throughout the rest of libvirt.

	* acinclude.m4 (--enable-compile-warnings=error): Add -Wlogical-op.
	* configure.ac: Add -DCURL_DISABLE_TYPECHECK to LIBCURL_CFLAGS to
	avoid compilation warning.

	Suggested by Daniel P. Berrange.
	Tweaked by Matthias Bolte.

	libvirt-guests: add reload, condrestart
	Optional per LSB, but required by Fedora:
	https://fedoraproject.org/wiki/Packaging/SysVInitScript

	* daemon/libvirt-guests.init.in (main): Add more required
	commands.

	libvirt-guests: enhance status
	LSB and https://fedoraproject.org/wiki/Packaging/SysVInitScript
	require status to output something useful, rather than just use
	the exit code.

	* daemon/libvirt-guests.init.in (rh_status): Break into new routine,
	and provide output.
	(usage): Document status.

	libvirt-guests: detect invalid arguments
	Reject extra arguments.
	Return the correct status for unknown arguments, as mandated by
	https://fedoraproject.org/wiki/Packaging/SysVInitScript
	Add --help, as a permitted extension.

	* daemon/libvirt-guests.init.in (usage): New function.  Use it in
	more places, and return correct value.

2010-07-28  Daniel P. Berrange  <berrange@redhat.com>

	Invert logic for checking for QEMU disk cache options
	QEMU has had two different syntax for disk cache options

	 Old: on|off
	 New: writeback|writethrough|none

	QEMU recently added another 'unsafe' option which broke the
	libvirt check. We can avoid this & future breakage, if we
	do a negative check for the old syntax, instead of a positive
	check for the new syntax

	* src/qemu/qemu_conf.c: Invert cache option check

2010-07-28  Cole Robinson  <crobinso@redhat.com>

	qemu: Allow setting boot menu on/off
	Add a new element to the <os> block:

	  <bootmenu enable="yes|no"/>

	Which maps to -boot,menu=on|off on the QEMU command line.

	I decided to use an explicit 'enable' attribute rather than just make the
	bootmenu element boolean. This allows us to treat lack of a bootmenu element
	as 'use hypervisor default'.

	docs: Link wiki FAQ to main page
	Since DV recommended keeping the build instructions distributed with the
	source, move them from the old FAQ to the downloads page.

	qemu: Error on unsupported graphics config
	Throw an explicit error if multiple graphics devices are specified, or
	an unsupported type is specified (rdp).

2010-07-27  Jiri Denemark  <jdenemar@redhat.com>

	libvirt-guests: Don't throw errors if libvirtd is not installed
	When only client parts of libvirt are installed (i.e., no libvirtd
	daemon), libvirt-guests init script in its default configuration would
	throw seriously looking errors during host shutdown:

	Running guests on default URI: error: unable to connect to
	'/var/run/libvirt/libvirt-sock', libvirtd may need to be started: No
	such file or directory
	error: failed to connect to the hypervisor

	This patch changes the script to print rather harmless message in that
	situation:

	Running guests on default URI: libvirtd not installed; skipping this
	URI.

2010-07-27  Chris Lalancette  <clalance@redhat.com>

	Force FLR on for buggy SR-IOV devices.
	Some buggy PCI devices actually support FLR, but
	forget to advertise that fact in their PCI config space.
	However, Virtual Functions on SR-IOV devices are
	*required* to support FLR by the spec, so force has_flr
	on if this is a virtual function.

2010-07-27  Eric Blake  <eblake@redhat.com>

	build: fix VPATH builds
	After the recent libvirt-qemu library addition, VPATH builds fail with:

	  CC     libvirt_qemu_la-libvirt-qemu.lo
	In file included from ../../src/libvirt-qemu.c:29:
	../../include/libvirt/libvirt-qemu.h:17:22: error: libvirt.h: No such file or directory
	...
	  CCLD   libvirt-qmeu.la
	/usr/bin/ld: cannot open linker script file libvirt_qemu.syms: No such file or directory

	This fixes both issues (there are still some documentation VPATH issues,
	but those don't show up with 'make check').

	* configure.ac (LIBVIRT_QEMU_SYMBOL_FILE): While libvirt.syms is
	generated and lives in $(builddir), libvirt_qemu.syms is static
	and lives in $(srcdir).
	* include/libvirt/libvirt-qemu.h (includes): Pull in libvirt.h via
	the public location, since this is a public header.

2010-07-27  Chris Wright  <chrisw@redhat.com>

	pciResetDevice: use inactive devices to determine safe reset
	When doing a PCI secondary bus reset, we must be sure that there are no
	active devices on the same bus segment.  The active device tracking is
	designed to only track host devices that are active in use by guests.
	This ignores host devices that are actively in use by the host.  So the
	current logic will reset host devices.

	Switch this logic around and allow sbus reset when we are assigning all
	devices behind a bridge to the same guest at guest startup or as a result
	of a single attach-device command.

	* src/util/pci.h: change signature of pciResetDevice to add an
	  inactive devices list
	* src/qemu/qemu_driver.c src/xen/xen_driver.c: use (or not) the new
	  functionality of pciResetDevice() depending on the place of use
	* src/util/pci.c: implement the interface and logic changes

	qemudDomainAttachHostPciDevice refactor to use new helpers
	- src/qemu/qemu_driver.c: Eliminate code duplication by using the new
	  helpers qemuPrepareHostdevPCIDevices and qemuDomainReAttachHostdevDevices.
	  This reduces the number of open coded calls to pciResetDevice.

	Add helpers qemuPrepareHostdevPCIDevice and qemuDomainReAttachHostdevDevices
	- src/qemu/qemu_driver.c: These new helpers take hostdev list and count
	  directly rather than getting them indirectly from domain definition.
	  This will allow reuse for the attach-device case.

	qemuGetPciHostDeviceList take hostdev list directly
	- src/qemu/qemu_driver.c: Update qemuGetPciHostDeviceList to take a
	  hostdev list and count directly, rather than getting this indirectly
	  from domain definition. This will allow reuse for the attach-device case.

2010-07-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Support vSphere 4.1
	Also accept version > 4.1, but output a warning.

	esx: Add vpx:// scheme to allow direct connection to a vCenter
	Add a pointer to the primary context of a connection and use it in all
	driver functions that don't dependent on the context type. This includes
	almost all functions that deal with a virDomianPtr. Therefore, using
	a vpx:// connection allows you to perform all the usual domain related
	actions like start, destroy, suspend, resume, dumpxml etc.

	Some functions that require an explicitly specified ESX server don't work
	yet. This includes the host UUID, the hostname, the general node info, the
	max vCPU count and the free memory. Also not working yet are migration and
	defining new domains.

2010-07-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Don't ignore the vcenter query parameter
	Since 070f61002f47b602c15d1e4950a122ac9edefe1b the vcenter query
	parameter has been ignored, because the refactoring to use
	esxUtil_ParseQuery was incomplete. This effectively broke migration,
	because the vcenter query parameter is essential for a migration.

	esx: Add autodetection for the SCSI controller model
	This works for file-backed SCSI disk device with a datastore
	related source path.

	esx: Allow 'vmpvscsi' as SCSI controller model

	secaatest: Fix compilation
	Since 68719c4bddb85fbcc931a5b7d99ac7c8a0af09b0 virSecurityDriverStartup
	takes and additional parameter to control disk format probing.

	Pass false as third parameter.

	virt-aa-helper-test: Fix failure due to the new disk format probing option
	Commit 68719c4bddb85fbcc931a5b7d99ac7c8a0af09b0 added the disk format
	probing option. This makes virt-aa-helper-test fail because the domain
	config didn't specifiy the disk format and it didn't pass '-p 1' to
	virt-aa-helper to allow disk format probing.

	Specify the disk format in the domain config. Pass the '-p 1' option
	to virt-aa-helper for the test case with two disks. This way this test
	also covers this new option.

	virt-aa-helper: Make getopt accept the p option
	Commit 68719c4bddb85fbcc931a5b7d99ac7c8a0af09b0 added the
	p option to control disk format probing, but it wasn't added
	to the getopt_long optstring parameter.

	Add the p option to the getopt_long optstring parameter.

	virt-aa-helper: Fix return value of add_file_path
	Commit a8853344994a7c6aaca882a5e949ab5536821ab5 added this
	function and wrapped vah_add_file in it. vah_add_file may
	return -1, 0, 1. It returns 1 in case the call to valid_path
	detects a restricted file. The original code treated a return
	value != 0 as error. The refactored code treats a return
	value < 0 as error. This triggers segfault in virt-aa-helper
	and breaks virt-aa-helper-test for the restricted file tests.

	Make sure that add_file_path returns -1 on error.

	virt-aa-helper: Ignore open errors again
	virt-aa-helper used to ignore errors when opening files.
	Commit a8853344994a7c6aaca882a5e949ab5536821ab5 refactored
	the related code and changed this behavior. virt-aa-helper
	didn't ignore open errors anymore and virt-aa-helper-test
	fails.

	Make sure that virt-aa-helper ignores open errors again.

2010-07-24  Eric Blake  <eblake@redhat.com>

	qemu-api: avoid build failure
	* src/remote_protocol-structs: Tweak to match intentional type
	change (with no ABI change) in remote protocol.

2010-07-24  Chris Lalancette  <clalance@redhat.com>

	Add tests for the new Qemu namespace XML.
	Thanks to DV for knocking together the Relax-NG changes
	quickly for me.

	Changes since v1:
	 - Change the domain.rng to correspond to the new schema
	 - Don't allocate caps->ns in testQemuCapsInit since it is a static table

	Changes since v2:
	 - Change domain.rng to add restrictions on allowed environment names

	Changes since v3:
	 - Remove a bogus comment in the tests

	Qemu remote protocol.
	Since we are adding a new "per-hypervisor" protocol, we
	make it so that the qemu remote protocol uses a new
	PROTOCOL and PROGRAM number.  This allows us to easily
	distinguish it from the normal REMOTE protocol.

	This necessitates changing the proc in remote_message_header
	from a "remote_procedure" to an "unsigned", which should
	be the same size (and thus preserve the on-wire protocol).

	Changes since v1:
	 - Fixed up a couple of script problems in remote_generate_stubs.pl
	 - Switch an int flag to a bool in dispatch.c

	Changes since v2:
	 - None

	Changes since v3:
	 - Change unsigned proc to signed proc, to conform to spec

	Qemu arbitrary monitor commands.
	Implement the qemu driver's virDomainQemuMonitorCommand
	and hook it into the API entry point.

	Changes since v1:
	 - Rename the (external) qemuMonitorCommand to qemuDomainMonitorCommand
	 - Add virCheckFlags to qemuDomainMonitorCommand

	Changes since v2:
	 - Drop ATTRIBUTE_UNUSED from the flags

	Changes since v3:
	 - Add a flag to priv so we only print out monitor command warning once.  Note
	   that this has not been plumbed into qemuDomainObjPrivateXMLFormat or
	   qemuDomainObjPrivateXMLParse, which means that if you run a monitor command,
	   restart libvirtd, and then run another monitor command, you may get an
	   an erroneous VIR_INFO.  It's a pretty minor matter, and I didn't think it
	   warranted the additional code.
	 - Add BeginJob/EndJob calls around EnterMonitor/ExitMonitor

	Qemu Monitor API entry point.
	Add the library entry point for the new virDomainQemuMonitorCommand()
	entry point.  Because this is not part of the "normal" libvirt API,
	it gets its own header file, library file, and will eventually
	get its own over-the-wire protocol later in the series.

	Changes since v1:
	 - Go back to using the virDriver table for qemuDomainMonitorCommand, due to
	   linking issues
	 - Added versioning information to the libvirt-qemu.so

	Changes since v2:
	 - None

	Changes since v3:
	 - Add LGPL header to libvirt-qemu.c
	 - Make virLibConnError and virLibDomainError macros instead of function calls

	Changes since v4:
	 - Move exported symbols to libvirt_qemu.syms

	Handle arbitrary qemu command-lines in qemuParseCommandLine.
	Now that we have the ability to specify arbitrary qemu
	command-line parameters in the XML, use it to handle unknown
	command-line parameters when doing a native-to-xml conversion.

	Changes since v1:
	 - Rename num_extra to num_args
	 - Fix up a memory leak on an error path

	Changes since v2:
	 - Add a VIR_WARN when adding the argument via qemu:arg

	Changes since v3:
	 - None

	Qemu arbitrary command-line arguments.
	Implement the qemu hooks for XML namespace data.  This
	allows us to specify a qemu XML namespace, and then
	specify:

	<qemu:commandline>
	 <qemu:arg value='arg'/>
	 <qemu:env name='name' value='value'/>
	</qemu:commandline>

	In the domain XML.

	Changes since v1:
	 - Change the <qemu:arg>arg</qemu:arg> XML to <qemu:arg value='arg'/> XML
	 - Fix up some memory leaks in qemuDomainDefNamespaceParse
	 - Rename num_extra and extra to num_args and args, respectively
	 - Fixed up some error messages
	 - Make sure to escape user-provided data in qemuDomainDefNamespaceFormatXML

	Changes since v2:
	 - Add checking to ensure environment variable names are valid
	 - Invert the logic in qemuDomainDefNamespaceFormatXML to return early

	Changes since v3:
	 - Change strspn() to c_isalpha() check of first letter of environment variable

	Add namespace callback hooks to domain_conf.
	This patch adds namespace XML parsers to be hooked into
	the main domain parser.  This allows for individual hypervisor
	drivers to add per-namespace XML into the main domain XML.

	Changes since v1:
	 - Use a statically declared table for caps->ns, removing the need to
	   allocate/free it.

	Changes since v2:
	 - None

	Changes since v3:
	 - None

2010-07-24  Philipp Hahn  <hahn@univention.de>

	Fix SEGV on exit after domainEventDeregister()
	When the last callback is removed using domainEventDeregister(), the
	events dispatcher is deregistered from the C-library, but
	domainEventsCallbacks is still an empty list.
	On shutdown __del__() deregisters the dispatacher again, which SEGVs

		# You need the event-loop implementation from the Python examples;
		# give the file a name which is importable by Python.
		ln examples/domain-events/events-python/event-test.py eloop.py
		python -c 'from eloop import *
		import sys

		def dump(*args): print " ".join(map(str, args))

		virEventLoopPureStart()
		c = libvirt.open("xen:///")
		c.domainEventRegister(dump, None)
		c.domainEventDeregister(dump)
		sys.exit(0)'

	domainEventDeregister() needs to delete domainEventCallbacks so subsequent
	calls to __del__() and domainEventRegister() choose the right code paths.
	Setting it to None is not enough, since calling domainEventRegiser() again
	would trigger an TypeError.

2010-07-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix .mailmap after accidental wrong committer address

2010-07-23  Chris Wright  <chrisw@redhat.com>

	pciSharesBusWithActive fails to find multiple devices on bus
	The first conditional is always true which means the iterator will
	never find another device on the same bus.

	    if (dev->domain != check->domain ||
	        dev->bus != check->bus ||
	  ----> (check->slot == check->slot &&
	         check->function == check->function)) <-----

	The goal of that check is to verify that the device is either:

	  in a different pci domain
	  on a different bus
	  is the same identical device

	This means libvirt may issue a secondary bus reset when there are
	devices
	on that bus that actively in use by the host or another guest.

	* src/util/pci.c: fix a bogus test in pciSharesBusWithActive()

2010-07-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix incorrect use of private data in remote driver
	The remote driver is using the wrong privateData field in
	a couple of functions. THis is harmless for stateful
	drivers like QEMU/UML/LXC, but will crash with Xen

	* src/remote/remote_driver.c: Fix use of privateData field

	Set a stable & high MAC addr for guest TAP devices on host
	A Linux software bridge will assume the MAC address of the enslaved
	interface with the numerically lowest MAC addr. When the bridge
	changes MAC address there is a period of network blackout, so a
	change should be avoided. The kernel gives TAP devices a completely
	random MAC address. Occassionally the random TAP device MAC is lower
	than that of the physical interface (eth0, eth1etc) that is enslaved,
	causing the bridge to change its MAC.

	This change sets an explicit MAC address for all TAP devices created
	using the configured MAC from the XML, but with the high byte set
	to 0xFE. This should ensure TAP device MACs are higher than any
	physical interface MAC.

	* src/qemu/qemu_conf.c, src/uml/uml_conf.c: Pass in a MAC addr
	  for the TAP device with high byte set to 0xFE
	* src/util/bridge.c, src/util/bridge.h: Set a MAC when creating
	  the TAP device to override random MAC

	Fix PCI address assignment if no IDE controller is present
	The PCI slot 1 must be reserved at all times, since PIIX3 is
	always present, even if no IDE device is in use for guest disks

	* src/qemu/qemu_conf.c: Always reserve slot 1 for PIIX3

2010-07-23  Ryota Ozaki  <ozaki.ryota@gmail.com>

	lxc: force kill of init process by sending SIGKILL if needed
	Init process may remain after sending SIGTERM for some reason.
	For example, if original init program is used, it is definitely
	not killed by SIGTERM.

	* src/lxc/lxc_controller.c: kill with SIGKILL if SIGTERM wasn't
	  sufficient

2010-07-22  Laine Stump  <laine@laine.org>

	Remove erroneous setting of return value to errno.
	One error exit in virStorageBackendCreateBlockFrom was setting the
	return value to errno. The convention for volume build functions is to
	return 0 on success or -1 on failure. Not only was it not necessary to
	set the return value (it defaults to -1, and is set to 0 when
	everything has been successfully completed), in the case that some
	caller were checking for < 0 rather than != 0, they would incorrectly
	believe that it completed successfully.

	Change virDirCreate to return -errno on failure.
	virDirCreate also previously returned 0 on success and errno on
	failure. This makes it fit the recommended convention of returning 0
	on success, -errno (ie a negative number) on failure.

	Make virStorageBackendCopyToFD return -errno.
	Previously virStorageBackendCopyToFD would simply return -1 on
	error. This made the error return from one of its callers inconsistent
	(createRawFileOpHook is supposed to return -errno, but if
	virStorageBackendCopyToFD failed, createRawFileOpHook would just
	return -1). Since there is a useful errno in every case of error
	return from virStorageBackendCopyToFD, and since the other uses of
	that function ignore the return code (beyond simply checking to see if
	it is < 0), this is a safe change.

	Change virFileOperation to return -errno (ie < 0) on error.
	virFileOperation previously returned 0 on success, or the value of
	errno on failure. Although there are other functions in libvirt that
	use this convention, the preferred (and more common) convention is to
	return 0 on success and -errno (or simply -1 in some cases) on
	failure. This way the check for failure is always (ret < 0).

	* src/util/util.c - change virFileOperation and virFileOperationNoFork to
	                    return -errno on failure.

	* src/storage/storage_backend.c, src/qemu/qemu_driver.c
	  - change the hook functions passed to virFileOperation to return
	    -errno on failure.

2010-07-21  Daniel P. Berrange  <berrange@redhat.com>

	Document the memory balloon device
	* formatdomain.html.in: Document <memballoon> element

	Re-arrange PCI device address assignment to match QEMU's default
	To try and ensure that people upgrading from old QEMU get guests
	with the same PCI device ordering, change the way we assign addrs
	to match QEMU's default order. This should make Windows less
	annoyed.

	* src/qemu/qemu_conf.c: Follow QEMU's default PCI ordering
	  logic when assigning addresses
	* tests/*.args: Update for changed PCI addresses

2010-07-21  Daniel P. Berrange  <dan@berrange.com>

	Explicitly represent balloon device in XML and handle PCI address
	To allow compatibility with older QEMU PCI device slot assignment
	it is necessary to explicitly track the balloon device in the
	XML. This introduces a new device

	   <memballoon model='virtio|xen'/>

	It can also have a PCI address, auto-assigned if necessary.

	The memballoon will be automatically added to all Xen and QEMU
	guests by default.

	* docs/schemas/domain.rng: Add <memballoon> element
	* src/conf/domain_conf.c, src/conf/domain_conf.h: parsing
	  and formatting for memballoon device. Always add a memory
	  balloon device to Xen/QEMU if none exists in XML
	* src/libvirt_private.syms: Export memballoon model APIs
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Honour the
	  PCI device address in memory balloon device
	* tests/*: Update to test new functionality

	Rearrange VGA/IDE controller address reservation
	The first VGA and IDE devices need to have fixed PCI address
	reservations. Currently this is handled inline with the other
	non-primary VGA/IDE devices. The fixed virtio balloon device
	at slot 3, ensures auto-assignment skips the slots 1/2. The
	virtio address will shortly become configurable though. This
	means the reservation of fixed slots needs to be done upfront
	to ensure that they don't get re-used for other devices.

	This is more or less reverting the previous changeset:

	  commit 83acdeaf173b2a1206b755c1ab317cac36facd90
	  Author: Daniel P. Berrange <berrange@redhat.com>
	  Date:   Wed Feb 3 16:11:29 2010 +0000

	  Fix restore of QEMU guests with PCI device reservation

	The difference is that this time, instead of unconditionally
	reserving the address, we only reserve the address if it was
	initially type=none. Addresses of type=pci were handled
	earlier in process by qemuDomainPCIAddressSetCreate(). This
	ensures restore step doesn't have problems

	* src/qemu/qemu_conf.c: Reserve first VGA + IDE address
	  upfront

	Remove inappropriate use of VIR_ERR_NO_SUPPORT
	The VIR_ERR_NO_SUPPORT refers to an API which is not implemented.
	There is a separate VIR_ERR_CONFIG_UNSUPPORTED for XML config
	options that are not available with the current hypervisor.

	* src/qemu/qemu_conf.c, src/qemu/qemu_driver.c: Remove
	  many VIR_ERR_NO_SUPPORT replace with VIR_ERR_CONFIG_UNSUPPORTED

2010-07-21  Chris Lalancette  <clalance@redhat.com>

	Fix a NULL dereference in the case that the arg in question didn't exist.

2010-07-21  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus free of static strings
	Remove bogus free of statically allocated strings introduced
	in 03ca42046a54c5cfadb2e69194896abf06f6a10f

	* src/conf/capabilities.c: Don't free static strings for
	  default disk driver type/name

2010-07-20  Chris Lalancette  <clalance@redhat.com>

	Fix a deadlock in bi-directional p2p concurrent migration.
	If you try to execute two concurrent migrations p2p
	from A->B and B->A, the two libvirtd's will deadlock
	trying to perform the migrations.  The reason for this is
	that in p2p migration, the libvirtd's are responsible for
	making the RPC Prepare, Migrate, and Finish calls.  However,
	they are currently holding the driver lock while doing so,
	which basically guarantees deadlock in this scenario.

	This patch fixes the situation by adding
	qemuDomainObjEnterRemoteWithDriver and
	qemuDomainObjExitRemoteWithDriver helper methods.  The Enter
	take an additional object reference, then drops both the
	domain object lock and the driver lock.  The Exit takes
	both the driver and domain object lock, then drops the
	reference.  Adding calls to these Enter and Exit helpers
	around remote calls in the various migration methods
	seems to fix the problem for me in testing.

	This should make the situation safe. The additional domain
	object reference ensures that the domain object won't disappear
	while this operation is happening.  The BeginJob that is called
	inside of qemudDomainMigratePerform ensures that we can't execute a
	second migrate (or shutdown, or save, etc) job while the
	migration is active.  Finally, the additional check on the state
	of the vm after we reacquire the locks ensures that we can't
	be surprised by an external event (domain crash, etc).

	Make virsh setmaxmem balloon only when successful.
	After playing around with virsh setmaxmem for a bit,
	I ran into some surprising behavior; if a hypervisor does
	not support the virDomainSetMaxMemory() API, but the value
	specified for setmaxmem is less than the current amount
	of memory in the domain, the domain would be ballooned
	down *before* an error was reported.

	To make this more consistent, run virDomainSetMaxMemory()
	before trying to shrink; that way, if an error is thrown,
	no changes to the running domain are made.

	Use unsigned long in cmdSetmem.
	The virsh command "setmem" takes as input a number that
	should represent an unsigned long number of kilobytes.  Fix
	cmdSetmem to properly parse this as an unsigned long instead
	of an int.

2010-07-20  Laine Stump  <laine@laine.org>

	fsync new storage volumes even if new volume was copied.
	Originally the storage volume files were opened with O_DSYNC to make
	sure they were flushed to disk immediately. It turned out that this
	was extremely slow in some cases, so the O_DSYNC was removed in favor
	of just calling fsync() after all the data had been written. However,
	this call to fsync was inside the block that is executed to zero-fill
	the end of the volume file. In cases where the new volume is copied
	from an old volume, and they are the same length, this fsync would
	never take place.

	Now the fsync is *always* done, unless there is an error (in which
	case it isn't important, and is most likely inappropriate.

	Don't skip zero'ing end of volume file when inputvol is shorter than newvol
	A missing set of braces around an error condition caused us to skip
	zero'ing out the remainder of a new volume file if the new volume was
	longer than the original (the goto was supposed to be taken only in
	the case of error, but was always being taken).

2010-07-20  Chris Lalancette  <clalance@redhat.com>

	Always clear out the last_error in virshReportError.
	Otherwise you can get bogus "unknown error" printouts on
	subsequent commands.

	Fix up inconsistent virsh option error reporting.
	The virsh option error reporting was not being used
	consistently; some commands would spit out errors on
	missing required options while others would just silently fail.
	However, vshCommandOptString knows which ones are required
	and which ones aren't, so make it spit out an error where
	appropriate.  The rest of the patch is just cleaning up
	the uses of vshCommandOptString to deal with the new error
	reporting.

2010-07-20  Daniel P. Berrange  <berrange@redhat.com>

	Use the extract backing store format in storage volume lookup
	The storage volume lookup code was probing for the backing store
	format, instead of using the format extracted from the file
	itself. This meant it could report in accurate information. If
	a format is included in the file, then use that in preference,
	with probing as a fallback.

	* src/storage/storage_backend_fs.c: Use extracted backing store
	  format

	Rewrite qemu-img backing store format handling
	When creating qcow2 files with a backing store, it is important
	to set an explicit format to prevent QEMU probing. The storage
	backend was only doing this if it found a 'kvm-img' binary. This
	is wrong because plenty of kvm-img binaries don't support an
	explicit format, and plenty of 'qemu-img' binaries do support
	a format. The result was that most qcow2 files were not getting
	a backing store format.

	This patch runs 'qemu-img -h' to check for the two support
	argument formats

	  '-o backing_format=raw'
	  '-F raw'

	and use whichever option it finds

	* src/storage/storage_backend.c: Query binary to determine
	  how to set the backing store format

	Add ability to set a default driver name/type when parsing disks
	Record a default driver name/type in capabilities struct. Use this
	when parsing disks if value is not set in XML config.

	* src/conf/capabilities.h: Record default driver name/type for disks
	* src/conf/domain_conf.c: Fallback to default driver name/type
	  when parsing disks
	* src/qemu/qemu_driver.c: Set default driver name/type to raw

	Disable all disk probing in QEMU driver & add config option to re-enable
	Disk format probing is now disabled by default. A new config
	option in /etc/qemu/qemu.conf will re-enable it for existing
	deployments where this causes trouble

	Pass security driver object into all security driver callbacks
	The implementation of security driver callbacks often needs
	to access the security driver object. Currently only a handful
	of callbacks include the driver object as a parameter. Later
	patches require this is many more places.

	* src/qemu/qemu_driver.c: Pass in the security driver object
	  to all callbacks
	* src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c,
	  src/security/security_apparmor.c, src/security/security_driver.h,
	  src/security/security_selinux.c: Add a virSecurityDriverPtr
	  param to all security callbacks

	Convert all disk backing store loops to shared helper API
	Update the QEMU cgroups code, QEMU DAC security driver, SELinux
	and AppArmour security drivers over to use the shared helper API
	virDomainDiskDefForeachPath().

	* src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c,
	  src/security/security_selinux.c, src/security/virt-aa-helper.c:
	  Convert over to use virDomainDiskDefForeachPath()

	Add an API for iterating over disk paths
	There is duplicated code which iterates over disk backing stores
	performing some action. Provide a convenient helper for doing
	this to eliminate duplication & risk of mistakes with disk format
	probing

	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/libvirt_private.syms: Add virDomainDiskDefForeachPath()

	Require format to be passed into virStorageFileGetMetadata
	Require the disk image to be passed into virStorageFileGetMetadata.
	If this is set to VIR_STORAGE_FILE_AUTO, then the format will be
	resolved using probing. This makes it easier to control when
	probing will be used

	* src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c,
	  src/security/security_selinux.c, src/security/virt-aa-helper.c:
	  Set VIR_STORAGE_FILE_AUTO when calling virStorageFileGetMetadata.
	* src/storage/storage_backend_fs.c: Probe for disk format before
	  calling virStorageFileGetMetadata.
	* src/util/storage_file.h, src/util/storage_file.c: Remove format
	  from virStorageFileMeta struct & require it to be passed into
	  method.

2010-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Refactor virStorageFileGetMetadataFromFD to separate functionality
	The virStorageFileGetMetadataFromFD did two jobs in one. First
	it probed for storage type, then it extracted metadata for the
	type. It is desirable to be able to separate these jobs, allowing
	probing without querying metadata, and querying metadata without
	probing.

	To prepare for this, split out probing code into a new pair of
	methods

	  virStorageFileProbeFormatFromFD
	  virStorageFileProbeFormat

	* src/util/storage_file.c, src/util/storage_file.h,
	  src/libvirt_private.syms: Introduce virStorageFileProbeFormat
	  and virStorageFileProbeFormatFromFD

	Remove 'type' field from FileTypeInfo struct
	Instead of including a field in FileTypeInfo struct for the
	disk format, rely on the array index matching the format.
	Use verify() to assert the correct number of elements in the
	array.

	* src/util/storage_file.c: remove type field from FileTypeInfo

	Extract the backing store format as well as name, if available
	When QEMU opens a backing store for a QCow2 file, it will
	normally auto-probe for the format of the backing store,
	rather than assuming it has the same format as the referencing
	file. There is a QCow2 extension that allows an explicit format
	for the backing store to be embedded in the referencing file.
	This closes the auto-probing security hole in QEMU.

	This backing store format can be useful for libvirt users
	of virStorageFileGetMetadata, so extract this data and report
	it.

	QEMU does not require disk image backing store files to be in
	the same format the file linkee. It will auto-probe the disk
	format for the backing store when opening it. If the backing
	store was intended to be a raw file this could be a security
	hole, because a guest may have written data into its disk that
	then makes the backing store look like a qcow2 file. If it can
	trick QEMU into thinking the raw file is a qcow2 file, it can
	access arbitrary files on the host by adding further backing
	store links.

	To address this, callers of virStorageFileGetMeta need to be
	told of the backing store format. If no format is declared,
	they can make a decision whether to allow format probing or
	not.

	CVE-2010-2242 Apply a source port mapping to virtual network masquerading
	IPtables will seek to preserve the source port unchanged when
	doing masquerading, if possible. NFS has a pseudo-security
	option where it checks for the source port <= 1023 before
	allowing a mount request. If an admin has used this to make the
	host OS trusted for mounts, the default iptables behaviour will
	potentially allow NAT'd guests access too. This needs to be
	stopped.

	With this change, the iptables -t nat -L -n -v rules for the
	default network will be

	Chain POSTROUTING (policy ACCEPT 95 packets, 9163 bytes)
	 pkts bytes target     prot opt in     out     source               destination
	   14   840 MASQUERADE  tcp  --  *      *       192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535
	   75  5752 MASQUERADE  udp  --  *      *       192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535
	    0     0 MASQUERADE  all  --  *      *       192.168.122.0/24    !192.168.122.0/24

	* src/network/bridge_driver.c: Add masquerade rules for TCP
	  and UDP protocols
	* src/util/iptables.c, src/util/iptables.c: Add source port
	  mappings for TCP & UDP protocols when masquerading.

2010-07-17  Justin Clift  <jclift@redhat.com>

	man pages: update authors and copyright notice for libvirtd and virsh
	This patch removes the individual author names from the libvirtd and virsh
	man pages, instead referring to the main AUTHORS file distributed with
	libvirt.  This approach is needed, as we can't guarantee unicode support
	across all versions of pod2man used with libvirt.

	Additionally, this patch includes the libvirtd man page in the spec file
	used with "make rpm".  Without this patch "make rpm" is broken.

2010-07-16  Chris Lalancette  <clalance@redhat.com>

	Fix compile on i686.
	When printing out size_t, we need to use %zu to make sure it
	will continue to compile on both 32-bit and 64-bit platforms.

	Remove unused and bitrotting vshCommandOptStringList

	Remove error checking after using vshMalloc.
	vshMalloc and friends always exit() on allocation failure,
	so there is no reason to do checking for NULL in the code
	that uses it.

	Remove the "showerror" parameter from vshConnectionUsability.
	Nobody was using it anyway.

2010-07-16  David Allan  <dallan@redhat.com>

	RFC: Canonicalize block device paths
	There are many naming conventions for partitions associated with a
	block device.  Some of the major ones are:

	/dev/foo -> /dev/foo1
	/dev/foo1 -> /dev/foo1p1
	/dev/mapper/foo -> /dev/mapper/foop1
	/dev/disk/by-path/foo -> /dev/disk/by-path/foo-part1

	The universe of possible conventions isn't clear.  Rather than trying
	to understand all possible conventions, this patch divides devices
	into two groups, device mapper devices and everything else.  Device
	mapper devices seem always to follow the convention of device ->
	devicep1; everything else is canonicalized.

2010-07-15  Ryota Ozaki  <ozaki.ryota@gmail.com>

	daemon: dispatch.c should include stdio.h (and stdarg.h)
	dispatch.c requires stdio.h (and stdarg.h), however, currently
	dispatch.c implicitly relys on rpc/xdr.h to include stdio.h.
	If rpc/xdr.h unxpectedly does not include stdio.h, the compilation
	of dispatch.c fails.

	This can happen, for example, when portablexdr is installed
	under /usr/local; because portablexdr's rpc/xdr.h does not
	include stdio.h and gcc looks up it not /usr/include/rpc/xdr.h.

	Note that stdarg.h is also included according to man va_start,
	although stdio.h seems including it anyway.

2010-07-15  Jim Meyering  <meyering@redhat.com>

	uml_driver: correct logic error in umlMonitorCommand
	* src/uml/uml_driver.c (umlMonitorCommand): Correct flaw that would
	cause unconditional "incomplete reply ..." failure, since "nbytes"
	was always 0 or 1.

	qemuConnectMonitor: fix a bug that would have masked SELinux failure
	* src/qemu/qemu_driver.c (qemuConnectMonitor): Correct erroneous
	parenthesization in two expressions.  Without this fix, failure
	to set or clear SELinux security context in the monitor would go
	undiagnosed.  Also correct a diagnostic and split some long lines.

2010-07-14  Cole Robinson  <crobinso@redhat.com>

	python: Fix IOErrorReasonCallback bindings
	A copy and paste error was causing us to dispatch the incorrect
	routine. Spotted by Dan Kenigsberg.

	.gitignore: Ignore generated libvirtd docs

2010-07-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Make esxVI_*_Deserialize dynamically dispatched
	This will be used to deserialize the response from a call
	to esxVI_SearchDatastore_Task properly.

2010-07-13  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add openauth example to demonstrate a custom auth callback

2010-07-13  Laine Stump  <laine@redhat.com>

	Eliminate compiler warning due to gettext string with no format args

2010-07-13  Justin Clift  <jclift@redhat.com>

	docs: fix so generated .html files are removed with make clean

2010-07-13  Jiri Denemark  <jdenemar@redhat.com>

	cpuCompare: Fix crash on unexpected CPU XML
	When comparing a CPU without <model> element, such as

	    <cpu>
	        <topology sockets='1' cores='1' threads='1'/>
	    </cpu>

	libvirt would happily crash without warning.

	cpu: Fail when CPU type cannot be detected from XML
	When autodetecting whether XML describes guest or host CPU, the presence
	of <arch> element is checked. If it's present, we treat the XML as host
	CPU definition. Which is right, since guest CPU definitions do not
	contain <arch> element. However, if at the same time the root <cpu>
	element contains `match' attribute, we would silently ignore it and
	still treat the XML as host CPU. We should rather refuse such invalid
	XML.

	cpuCompare: Fix comparison of two host CPUs
	When a CPU to be compared with host CPU describes a host CPU instead of
	a guest CPU, the result is incorrect. This is because instead of
	treating additional features in host CPU description as required, they
	were treated as if they were mentioned with all possible policies at the
	same time.

	qemu: Use -nodefconfig when probing for CPU models
	In case qemu supports -nodefconfig, libvirt adds uses it when launching
	new guests. Since this option may affect CPU models supported by qemu,
	we need to use it when probing for available models.

	virsh: Fix man page syntax
	pod2man prints the following warning when generating virsh.1:

	    tools/virsh.pod:890: Unmatched =back

2010-07-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix potential crash in QEMU monitor JSON impl
	An indentation mistake meant that a check for return status
	was not properly performed in all cases. This could result
	in a crash on NULL pointer in a following line.

	* src/qemu/qemu_monitor_json.c: Fix check for return status
	  when processing JSON for blockstats

2010-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Fix build by removing unknown pod2man flag
	Some versions of pod2man do not support the -u flag, so this
	can't be used

	* daemon/Makefile.am: Remove -u flag from pod2man

	Ensure we return the callback ID in python events binding
	A missing return statement in the python binding meant that
	the callers could not get the callback ID, and thus not be
	able to unregister event callbacks

	* python/libvirt-override-virConnect.py: Add missing return
	  statement

2010-07-10  Justin Clift  <jclift@redhat.com>

	html docs: added firewall explanation page by daniel berrange

2010-07-09  Justin Clift  <jclift@redhat.com>

	libvirtd: add man page for libvirtd
	With gracious thanks to Chris Lalancette for helping knock the
	description section into shape.

	This addresses BZ #595350

	  https://bugzilla.redhat.com/show_bug.cgi?id=595350

2010-07-09  Justin Clift  <justin@salasaga.org>

	virsh: add new --details option to vol-list
	This patch adds a new --details option to the virsh vol-list
	command, making its output more useful when many luns are
	present.

	Addresses BZ # 605543

	  https://bugzilla.redhat.com/show_bug.cgi?id=605543

2010-07-09  Justin Clift  <jclift@redhat.com>

	authors: update my authors details

2010-07-08  Chris Lalancette  <clalance@redhat.com>

	Fix a compile error in the previous commit.

	Implement virsh managedsave-remove command.

2010-07-07  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Add new models from qemu's target-x86_64.conf

	cpu: Add support for CPU vendor
	By specifying <vendor> element in CPU requirements a guest can be
	restricted to run only on CPUs by a given vendor. Host CPU vendor is
	also specified in capabilities XML.

	The vendor is checked when migrating a guest but it's not forced, i.e.,
	guests configured without <vendor> element can be freely migrated.

	cpuBaseline: Detect empty set of common features
	In case the set of CPUs has no features in common, report incompatible
	CPUs instead of returning the simplest CPU model with all features
	disabled.

	cpuBaseline: Don't mess with the CPU returned by arch driver
	All features in the baseline CPU definition were always created with
	policy='require' even though an arch driver returned them with different
	policy settings.

	Make html docs in non-srcdir build

2010-07-05  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.8.2
	- configure.ac docs/news.html.in libvirt.spec.in: updated
	- po/*/o* : updated or.po and regenerated

2010-07-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Let configure detect/set the XPCOMC directory
	This allows the user to give an explicit path to configure

	  ./configure --with-vbox=/path/to/virtualbox

	instead of having the VirtualBox driver probe a set of possible
	paths at runtime. If no explicit path is specified then configure
	probes the set of "known" paths.

	https://bugzilla.redhat.com/show_bug.cgi?id=609185

2010-07-02  Cole Robinson  <crobinso@redhat.com>

	udev: Parse PCI devices even if libpciaccess fails
	We only use libpciaccess for resolving device product/vendor. If
	initializing the library fails (say if using qemu:///session), don't
	warn so loudly, and carry on as usual.

	qemu: Improve some qemu.conf error reporting
	Log some info if we can't find a config file. Make parse failures
	fatal, and actually raise an error message.

	util: virExec: Dispatch all errors raised after fork
	Any error message raised after the process has forked needs
	to be followed by virDispatchError, otherwise we have no chance of
	ever seeing it. This was selectively done for hook functions in the past,
	but really applies to all post-fork errors.

2010-06-30  Ryota Ozaki  <ozaki.ryota@gmail.com>

	cgroup: Fix compilation broken on MinGW due to dirent->d_type
	As pointed out by Eric Blake, using dirent->d_type breaks
	compilation on MinGW. This patch addresses this by using
	'#if defined' as same as doing for virCgroupForDriver.

2010-06-30  Justin Clift  <justin@salasaga.org>

	html docs: add link to PHP bindings by Radek Hladik

2010-06-30  Eric Blake  <eblake@redhat.com>

	virsh: tweak help output for VSH_OT_DATA
	https://bugzilla.redhat.com/show_bug.cgi?id=609044 complained
	that 'virsh help pool-create-as' didn't document the shortcut
	that you can do 'virsh pool-create-as $name $type --target $target'
	rather than having to supply the four optional source- arguments
	in order to fill out the necessary positional arguments.

	This one-liner changes the help output to hopefully make this more obvious:

	  NAME
	    pool-create-as - create a pool from a set of args

	  SYNOPSIS
	    pool-create-as <name> [--print-xml] <type> [<source-host>] [<source-path>] [<source-dev>] [<source-name>] [<target>] [--source-format <string>]

	  DESCRIPTION
	    Create a pool.

	  OPTIONS
	    [--name] <string>  name of the pool
	    --print-xml      print XML document, but don't define/create
	    [--type] <string>  type of the pool
	    [--source-host] <string>  source-host for underlying storage
	    [--source-path] <string>  source path for underlying storage
	    [--source-dev] <string>  source device for underlying storage
	    [--source-name] <string>  source name for underlying storage
	    [--target] <string>  target for underlying storage
	    --source-format <string>  format for underlying storage

	* tools/virsh.c (vshCmddefHelp): Make it more obvious that data
	arguments may, but not must, be specified by option leaders.

2010-06-30  Daniel P. Berrange  <berrange@redhat.com>

	Avoid invoking the qemu monitor destroy callback if the constructor fails
	Some, but not all, codepaths in the qemuMonitorOpen() method
	would trigger the destroy callback. The caller does not expect
	this to be invoked if construction fails, only during normal
	release of the monitor. This resulted in a possible double-unref
	of the virDomainObjPtr, because the caller explicitly unrefs
	the virDomainObjPtr  if qemuMonitorOpen() fails

	* src/qemu/qemu_monitor.c: Don't invoke destroy callback from
	  qemuMonitorOpen() failure paths

2010-06-30  Ryota Ozaki  <ozaki.ryota@gmail.com>

	cgroup: Add missing errno == ENOENT check in virCgroupRemoveRecursively
	ENOENT happens normally when a subsystem is enabled with any other
	subsystems and the directory of the target group has already removed
	in a prior loop. In that case, the function should just return without
	leaving an error message.

	NB this is the same behavior as before introducing virCgroupRemoveRecursively.

2010-06-29  Chris Lalancette  <clalance@redhat.com>

	Fix crash when detaching devices from qemu domains.
	Make sure to *not* call qemuDomainPCIAddressReleaseAddr if
	QEMUD_CMD_FLAG_DEVICE is *not* set (for older qemu).  This
	prevents a crash when trying to do device detachment from
	a qemu guest.

	Check for active PCI devices when doing nodedevice operations.
	In the current libvirt PCI code, there is no checking whether
	a PCI device is in use by a guest when doing node device
	detach or reattach.  This causes problems when a device is
	assigned to a guest, and the administrator starts issuing
	nodedevice commands.  Make it so that we check the list
	of active devices when trying to detach/reattach, and only
	allow the operation if the device is not assigned to a guest.

2010-06-29  Justin Clift  <justin@salasaga.org>

	virsh: add new --details option to pool-list
	This patch adds a new --details option to the virsh pool-list
	command, making its output more useful to people who use virsh
	for significant lengths of time.

	Addresses BZ # 605543

	  https://bugzilla.redhat.com/show_bug.cgi?id=605543

2010-06-29  Eric Blake  <eblake@redhat.com>

	virFileResolveLink: guarantee an absolute path
	https://bugzilla.redhat.com/show_bug.cgi?id=608092

	* src/util/util.c (virFileResolveLink): Use
	canonicalize_file_name, rather than areadlink.

	phyp: don't steal storage management from other drivers
	Fix regression introduced in commit a4a287242 - basically, the
	phyp storage driver should only accept the same URIs that the
	main phyp driver is willing to accept.  Blindly accepting all
	URIs meant that the phyp storage driver was being consulted for
	'virsh -c qemu:///session pool-list --all', rather than the
	qemu storage driver, then since the URI was not for phyp, attempts
	to then use the phyp driver crashed because it was not initialized.

	* src/phyp/phyp_driver.c (phypStorageOpen): Only accept connections
	already open to a phyp driver.

2010-06-29  Laine Stump  <laine@redhat.com>

	Avoid calling virStorageFileIsSharedFS with NULL
	This code was just recently added (by me) and didn't account for the
	fact that stdin_path is sometimes NULL. If it's NULL, and
	SetSecurityAllLabel fails, a segfault would result.

2010-06-29  Ryota Ozaki  <ozaki.ryota@gmail.com>

	lxc: Fix virsh console doesn't work after restarting libvirtd
	Because tty path is unexpectedly not saved in the live configuration
	file of a domain, libvirtd cannot get the console of the domain back
	after restarting.

	The reason why the tty path isn't saved is that, to save the tty path,
	the save function, virDomainSaveConfig, requires that the target domain
	is running (pid != -1), however, lxc driver calls the function before
	starting the domain to pass the configuration to controller.

	To ensure to save the tty path, the patch lets lxc driver call the save
	function again after starting the domain.

	lxc: Fix error handlings in lxcContainerRenameAndEnableInterfaces
	The function is expected to return negative value on failure,
	however, it returns positive value when either setInterfaceName
	or vethInterfaceUpOrDown fails. Because the function returns
	the return value of either as is, however, the two functions
	may return positive value on failure.

	The patch fixes the defects and add error messages.

	lxc: Change VIR_ERROR to VIR_DEBUG for just a debugging message
	The message is actually not of error but of debugging.
	02:22:56.091: error : lxcControllerMain:316 : monitor=3 client=4 appPty=19 contPty=7

2010-06-28  Laine Stump  <laine@laine.org>

	Selectively ignore domainSetSecurityAllLabel failure in domain restore
	When the saved domain image is on an NFS share, at least some part of
	domainSetSecurityAllLabel will fail (for example, selinux labels can't
	be modified). To allow domain restore to still work in this case, just
	ignore the errors.

	use virStorageFileIsSharedFS utility function in qemudDomainSaveFlag
	Previously, this function had it's own bit of code performing the same
	function. Since there's now an equivalent utility function, let's use it.

	Enhance virStorageFileIsSharedFS
	virStorageFileIsSharedFS would previously only work if the entire path
	in question was stat'able by the uid of the libvirtd process. This
	patch changes it to crawl backwards up the path retrying the statfs
	call until it gets to a partial path that *can* be stat'ed.

	This is necessary to use the function to learn the fstype for files
	stored as a different user (and readable only by that user) on a
	root-squashed remote filesystem.

	Set proper selinux label on image file during qemu domain restore
	Also restore the label to its original value after qemu is finished
	with the file.

	Prior to this patch, qemu domain restore did not function properly if
	selinux was set to enforce.

2010-06-26  Eric Blake  <eblake@redhat.com>

	build: fix regression with libvirt-api.xml generation
	(EXTRA_DIST): Remove redundant listing of xml files.
	(html/%-%.html, html/%-virterror.html, %-api.xml, %-refs.xml):
	Rewrite with...
	(python_generated_files): ...new macro, since make didn't see
	through the dependency chain correctly otherwise.

2010-06-26  Chris Lalancette  <clalance@redhat.com>

	Fix a reference leak for node devices.
	There were some major, and some minor bugs having to do with
	the reference counting of node devices in daemon/remote.c.

	Some functions were completely failing to unreference node devices;
	this would lead to many open file descriptors, which would eventually
	fail.

	The minor bugs were along the same lines, but were in rarely
	used error paths.

2010-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Don't squash file permissions when migration fails
	If an active migration operation fails, or is cancelled by the
	admin, the QEMU on the destination is shutdown and the one on
	the source continues running. It is important in shutting down
	the QEMU on the destination, the security drivers don't reset
	the file labelling/permissions.

	* src/qemu/qemu_driver.c: Don't reset labelling/permissions
	  on migration abort

2010-06-25  Eric Blake  <eblake@redhat.com>

	phyp: optimize use of sed
	Minor speedups by using the full power of sed.

	* src/phyp/phyp_driver.c (phypGetVIOSFreeSCSIAdapter)
	(phypDiskType, phypListDefinedDomains): Use fewer processes, by
	folding other work into sed.
	(phypGetVIOSPartitionID): Likewise.  Also avoid non-portable use
	of 'sed -s'.

2010-06-25  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: add storage management driver
	Add the storage management driver to the Power Hypervisor driver.
	This is a big but simple patch, it's just a new set of functions.

	This patch includes:
	 * Storage driver: The set of pool-* and vol-* functions.
	 * attach-disk function.
	 * Support for IVM on the new functions.

	phyp: add rudimentary storage driver
	* src/phyp/phyp_driver.c (phypStorageDriver): New driver.
	(phypStorageOpen, phypStorageClose): New functions.
	(phypRegister): Register it.

2010-06-25  Eric Blake  <eblake@redhat.com>

	phyp: reduce scope of driver functions
	Several phyp functions are not namespace clean, and had no reason
	to be exported since no one outside the phyp driver needed to use
	them.  Rather than do lots of forward declarations, I was able
	to topologically sort the file.  So, this patch looks huge, but
	is really just a matter of marking things static and dealing with
	the compiler fallout.

	* src/phyp/phyp_driver.h (PHYP_DRIVER_H): Add include guard.
	(phypCheckSPFreeSapce): Delete unused declaration.
	(phypGetSystemType, phypGetVIOSPartitionID, phypCapsInit)
	(phypBuildLpar, phypUUIDTable_WriteFile, phypUUIDTable_ReadFile)
	(phypUUIDTable_AddLpar, phypUUIDTable_RemLpar, phypUUIDTable_Pull)
	(phypUUIDTable_Push, phypUUIDTable_Init, phypUUIDTable_Free)
	(escape_specialcharacters, waitsocket, phypGetLparUUID)
	(phypGetLparMem, phypGetLparCPU, phypGetLparCPUGeneric)
	(phypGetRemoteSlot, phypGetBackingDevice, phypDiskType)
	(openSSHSession): Move declarations to phyp_driver.c and make static.
	* src/phyp/phyp_driver.c: Rearrange file contents to provide
	topological sorting of newly-static funtions (no semantic changes
	other than reduced scope).
	(phypGetBackingDevice, phypDiskType): Mark unused, for now.

	maint: add gnulib gettimeofday module
	* bootstrap.conf (gnulib_modules): Add gettimeofday.

2010-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix test case failure due to missing -nodefconfig
	The previous change which split -nodefconfig probing off
	from -device broke the test case because it missed adding
	the QEMUD_CMD_FLAG_NODEFCONFIG to the test

	* src/util/bridge.c: Set QEMUD_CMD_FLAG_NODEFCONFIG for all
	  configs with QEMUD_CMD_FLAG_DEVICE set

	Fix migration in text mode and shared storage migration in json mode
	The patches for shared storage migration were not correctly written
	for json mode. Thus the 'blk' and 'inc' parameters were never being
	set. In addition they didn't set the QEMU_MONITOR_MIGRATE_BACKGROUND
	so migration was synchronous. Due to multiple bugs in QEMU's JSON
	impl this wasn't noticed because it treated the sync migration requst
	as asynchronous anyway. Finally 'background' parameter was converted
	to take arbitrary flags but not renamed, and not all uses were changed
	to unsigned int.

	* src/qemu/qemu_driver.c: Set QEMU_MONITOR_MIGRATE_BACKGROUND in
	  doNativeMigrate
	* src/qemu/qemu_monitor_json.c: Process QEMU_MONITOR_MIGRATE_NON_SHARED_DISK
	  and QEMU_MONITOR_MIGRATE_NON_SHARED_INC flags
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.h, src/qemu/qemu_monitor_text.c,
	  src/qemu/qemu_monitor_text.h: change 'int background' to
	  'unsigned int flags' in migration APIs. Add logging of flags
	  parameter

	Avoid blocking all APIs during incoming migration
	During incoming migration the QEMU monitor is not able to be
	used. The incoming migration code did not keep hold of the
	job lock because migration is split across multiple API calls.
	This meant that further monitor commands on the guest would
	hang until migration finished with no timeout.

	In this change the qemuDomainMigratePrepare method sets the
	job flag just before it returns. The qemuDomainMigrateFinish
	method checks for this job flag & clears it once done. This
	prevents any use of the monitor between prepare+finish steps.

	The qemuDomainGetJobInfo method is also updated to refresh
	the job elapsed time. This means that virsh domjobinfo can
	return time data during incoming migration

	* src/qemu/qemu_driver.c: Keep a job active during incoming
	  migration. Refresh job elapsed time when returning job info

	Set labelling for character devices in security drivers
	When configuring serial, parallel, console or channel devices
	with a file, dev or pipe backend type, it is necessary to label
	the file path in the security drivers. For char devices of type
	file, it is neccessary to pre-create (touch) the file if it does
	not already exist since QEMU won't be allowed todo so itself.
	dev/pipe configs already require the admin to pre-create before
	starting the guest.

	* src/qemu/qemu_security_dac.c: set file ownership for character
	  devices
	* src/security/security_selinux.c: Set file labeling for character
	  devices
	* src/qemu/qemu_driver.c: Add character devices to cgroup ACL

	Add API for iterating over all character devices
	The parallel, serial, console and channel devices are all just
	character devices. A lot of code needs todo the same thing to
	all these devices. This provides an convenient API for iterating
	over all of them.

	* src/conf/domain_conf.c, src/conf/domain_conf.c,
	  src/libvirt_private.syms: Add virDomainChrDefForeach

	Add missing parameter in python Disk IO error callback
	The IO error callback was forgetting to pass the action
	parameter, causing a stack trace when IO errors arrive

	* python/libvirt-override-virConnect.py: Add missing action
	  parameter in IO error callback

2010-06-25  Laine Stump  <laine@laine.org>

	Check for presence of qemu -nodefconfig option before using it
	We previously assumed that if the -device option existed in qemu, that
	-nodefconfig would also exist. It turns out that isn't the case, as
	demonstrated by qemu-kvm-0.12.3 in Fedora 13.

	*/src/qemu/qemu_conf.[hc] - add a new QEMUD_CMD_FLAG, set it via the
	                            help output, and check it before adding
	                            -nodefconfig to the qemu commandline.

2010-06-25  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	Adding Storage Management driver (style and indentation)
	This is just the indentation, style  and cleanup patch.

2010-06-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Use bool instead of int where appropriated

	esx: Add support for the controller element
	Also don't abuse the disk driver name to specify the SCSI controller
	model anymore:

	  <driver name='buslogic'/>

	Use the newly added model attribute of the controller element for this:

	  <controller type='scsi' index='0' model='buslogic'/>

	The disk driver name approach is deprecated now, but still works for
	backward compatibility reasons.

	Update the documentation and tests accordingly.

	Fix usage of the words controller and id in the VMX handling code. Use
	controller, bus and unit properly.

	Add optional model attribute to the controller element
	This is a step towards controller support for the ESX driver.

	Add wide SCSI bus disk address generation support
	The domain XML parsing code autogenerates disk address and
	controller elements when they are not explicitly specified.
	The code assumes a narrow SCSI bus (7 units per bus). ESX
	uses a wide SCSI bus (16 units per bus).

	This is a step towards controller support for the ESX driver.

	Cleanup some LIBADD and CFLAGS
	Move libnl to libvirt_util.la, because macvtap.c requires it.

	Add GnuTLS to libvirt_driver.la, because libvirt.c calls gcrypt functions.
	When built without loadable driver modules, then the remote driver pulls
	in GnuTLS.

	Move libgnu.la from libvirt_parthelper_CFLAGS to libvirt_parthelper_LDADD.

2010-06-24  Ryota Ozaki  <ozaki.ryota@gmail.com>

	cgroup: Enable memory.use_hierarchy of cgroup for domain
	Through conversation with Kumar L Srikanth-B22348, I found
	that the function of getting memory usage (e.g., virsh dominfo)
	doesn't work for lxc with ns subsystem of cgroup enabled.

	This is because of features of ns and memory subsystems.
	Ns creates child cgroup on every process fork and as a result
	processes in a container are not assigned in a cgroup for
	domain (e.g., libvirt/lxc/test1/). For example, libvirt_lxc
	and init (or somewhat specified in XML) are assigned into
	libvirt/lxc/test1/8839/ and libvirt/lxc/test1/8839/8849/,
	respectively. On the other hand, memory subsystem accounts
	memory usage within a group of processes by default, i.e.,
	it does not take any child (and descendant) groups into
	account. With the two features, virsh dominfo which just
	checks memory usage of a cgroup for domain always returns
	zero because the cgroup has no process.

	Setting memory.use_hierarchy of a group allows to account
	(and limit) memory usage of every descendant groups of the group.
	By setting it of a cgroup for domain, we can get proper memory
	usage of lxc with ns subsystem enabled. (To be exact, the
	setting is required only when memory and ns subsystems are
	enabled at the same time, e.g., mount -t cgroup none /cgroup.)

	cgroup: Change virCgroupRemove to remove all descendant groups at first
	As same as normal directories, a cgroup cannot be removed if it
	contains sub groups. This patch changes virCgroupRemove to remove
	all descendant groups (subdirectories) of a target group before
	removing the target group.

	The handling is required when we run lxc with ns subsystem of cgroup.
	Ns subsystem automatically creates child cgroups on every process
	forks, but unfortunately the groups are not removed on process exits,
	so we have to remove them by ourselves.

	With this patch, such child (and descendant) groups are surely removed
	at lxc shutdown, i.e., lxcVmCleanup which calls virCgroupRemove.

2010-06-23  Eric Blake  <eblake@redhat.com>

	virsh: document attach-disk better
	http://bugzilla.redhat.com/601143, part 1 - document existing
	behavior.  Ever since Mar 2010 (commit ced154cb), the use of
	'attach-disk' or 'attach-device' to change cdrom/floppy media has been
	documented but deprecated, but the replacement to use 'update-device'
	was not documented.

	* tools/virsh.c (cmdAttachInterface, cmdAttachDisk): Fix bad error
	message.
	* tools/virsh.pod (attach-device, attach-disk): Refer to
	update-device for cdrom and floppy behavior.
	(update-device): Add documentation.

2010-06-23  Alan Pevec  <apevec@redhat.com>

	network: allow tftp port if tftp is defined
	add iptables rules to allow TFTP from the virtual network if <tftp>
	element is defined in the network definition.

	Fedora bz#580215

	* src/network/bridge_driver.c: open UDP port 69 for TFTP traffic if
	  tftproot is defined

	bridge_driver.c: fix file description

2010-06-23  Daniel P. Berrange  <berrange@redhat.com>

	Add '-nodefconfig' command line arg to QEMU
	We already use the '-nodefaults' command line arg with QEMU to stop
	it adding any default devices to guests. Unfortunately, QEMU will
	load global config files from /etc/qemu that may also add default
	devices. These aren't blocked by '-nodefaults', so we need to also
	add the '-nodefconfig' arg to prevent that.

	Unfortunately these global config files are also used to define
	custom CPU models. So in blocking global hardware device addition
	we also block definitions of new CPU models. Libvirt doesn't know
	about these custom CPU models though, so it would never make use
	of them anyway. Thus blocking them via -nodefconfig isn't a show
	stopping problem. We would need to expand libvirt's own CPU model
	XML database to support these instead.

	* src/qemu/qemu_conf.c: Add '-nodefconfig' if available
	* tests/qemuxml2argvdata/: Add '-nodefconfig' to all data files which
	  have '-nodefaults' present

	Fix reference handling leak on qemuMonitor
	The current code pattern requires that callers of qemuMonitorClose
	check for the return value == 0, and if so, set priv->mon = NULL
	and release the reference held on the associated virDomainObjPtr

	The change d84bb6d6a3bd2fdd530184cc9743249ebddbee71 violated that
	requirement, meaning that priv->mon never gets set to NULL, and
	a reference count is leaked on virDomainObjPtr.

	This design was a bad one, so remove the need to check the return
	valueof qemuMonitorClose(). Instead allow registration of a
	callback that's invoked just when the last reference on qemuMonitorPtr
	is released.

	Finally there was a potential reference leak in qemuConnectMonitor
	in the failure path.

	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add a destroy
	  callback invoked from qemuMonitorFree
	* src/qemu/qemu_driver.c: Use the destroy callback to release the
	  reference on virDomainObjPtr when the monitor is freed. Fix other
	  potential reference count leak in connecting to monitor

	Make checks for inactive QEMU guest more robust
	Before issuing monitor commands it is neccessary to check whether
	the guest is still running. Most places use virDomainIsActive()
	correctly, but a few relied on 'priv->mon != NULL'. In theory
	these should be equivalent, but the release of the last reference
	count on priv->mon can be delayed a small amount of time until
	the event handler is finally deregistered. A further ref counting
	bug also means that priv->mon might be never released. In such a
	case, code could mistakenly issue a monitor command and wait for
	a response that will never arrive, effectively leaving the QEMU
	driver waiting on virCondWait() forever..

	To protect against these possibilities, make sure all code uses
	virDomainIsActive(), not 'priv->mon != NULL'

	* src/qemu/qemu_driver.c: Replace 'priv->mon != NULL' with
	  calls to 'priv->mon != NULL'()

	Improve some error messages about unsupported APIs/URIs
	If there is no driver for a URI we report

	  "no hypervisor driver available"

	This is bad because not all virt drivers are hypervisors (ie container
	based virt).

	If there is no driver support for an API we report

	  "this function is not supported by the hypervisor"

	This is bad for the same reason, and additionally because it is
	also used for the network, interface & storage drivers.

	* src/util/virterror.c: Improve error messages

2010-06-22  Jiri Denemark  <jdenemar@redhat.com>

	Don't leak open fd to virsh in libvirt-guests init script
	Running virsh while having /var/lib/libvirt/libvirt-guests file open
	makes SELinux emit messages about preventing virsh from reading that
	file. Since virsh doesn't really want to read anything, it's better to
	run it with /dev/null on stdin to prevent those messages.

2010-06-22  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: fix loadable module support
	Following Daniel Berrange's multiple helpful suggestions for improving
	this patch and introducing another driver interface, I now wrote the
	below patch where the nwfilter driver registers the functions to
	instantiate and teardown the nwfilters with a function in
	conf/domain_nwfilter.c called virDomainConfNWFilterRegister. Previous
	helper functions that were called from qemu_driver.c and qemu_conf.c
	were move into conf/domain_nwfilter.h with slight renaming done for
	consistency. Those functions now call the function expored by
	domain_nwfilter.c, which in turn call the functions of the new driver
	interface, if available.

2010-06-21  Justin Clift  <justin@salasaga.org>

	virsh: remove a doubled up include for errno.h

2010-06-21  Jiri Denemark  <jdenemar@redhat.com>

	Misc cleanups
	- Fix documentation for virGetStorageVol: it has 'key' argument instead
	  of 'uuid'.
	- Remove TODO comment from virReleaseStorageVol: we use volume key as an
	  identifier instead of UUID.
	- Print human-readable UUID string in debug message in virReleaseSecret.

	Do not free static buffer with UUID
	As anywhere else, uuid is defined as a fixed size array inside
	_virSecret structure; we shouldn't try to free it.

	Remove unnecessary check for non-NULL uuid
	The first thing we do in all these functions is to check uuid != NULL
	and fail if it isn't.

	Index hashes by UUID instead of name
	Per-connection hashes for domains, networks, storage pools and network
	filter pools were indexed by names which was not the best choice. UUIDs
	are better identifiers, so lets use them.

2010-06-21  Philipp Hahn  <hahn@univention.de>

	Allow one-or-more <boot dev="..."/> entries
	According to docs/formatdomain.html.in, "The boot element can be
	repeated multiple times to setup a priority list of boot devices to try
	in turn." The Relax-NG schema required / allowed exactly one entry.

2010-06-19  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: extensions of docs with
	As requested, here a couple of paragraphs about the recently added statematch attribute and some advanced (and tricky) traffic filtering topics.

2010-06-18  Cole Robinson  <crobinso@redhat.com>

	Add ACK'd v2 changes for previous commit

	qemu: Fix crash on failed VM startup
	If VM startup fails early enough (can't find a referenced USB device),
	libvirtd will crash trying to clear the VNC port bit, since port = 0,
	which overflows us out of the bitmap bounds.

	Fix this by being more defensive in the bitmap operations, and only
	clearing a previously set VNC port.

2010-06-18  Philipp Hahn  <hahn@univention.de>

	Fix description of virStorageVolGetInfo()
	Probably a copy-paste-bug in python/libvirt-override-api.xml:
	virStorageVolGetInfo() extracts information about a "storage volume",
	not the "storage pool" as virStoragePoolGetInfo() does.

2010-06-18  Justin Clift  <justin@salasaga.org>

	virsh: add --uuid option to vol-pool
	Adds an optional switch, --uuid, for telling the virsh vol-pool command
	to return the pool UUID rather than pool name.

2010-06-18  Eric Blake  <eblake@redhat.com>

	qemu: reduce file padding requirements
	Followup to https://bugzilla.redhat.com/show_bug.cgi?id=599091,
	commit 20206a4b, to reduce disk waste in padding.

	* src/qemu/qemu_monitor.h (QEMU_MONITOR_MIGRATE_TO_FILE_BS): Drop
	back to 4k.
	(QEMU_MONITOR_MIGRATE_TO_FILE_TRANSFER_SIZE): New macro.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Update comment.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextMigrateToFile): Use
	two invocations of dd to output non-aligned large blocks.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONMigrateToFile):
	Likewise.

2010-06-18  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: add XML attribute to control iptables state match
	This patch adds an optional XML attribute to a nwfilter rule to give the user control over whether the rule is supposed to be using the iptables state match or not. A rule may now look like shown in the XML below with the statematch attribute either having value '0' or 'false' (case-insensitive).

	[...]
	<rule action='accept' direction='in' statematch='false'>
	<tcp srcmacaddr='1:2:3:4:5:6'
	           srcipaddr='10.1.2.3' srcipmask='32'
	           dscp='33'
	           srcportstart='20' srcportend='21'
	           dstportstart='100' dstportend='1111'/>
	</rule>
	[...]

	I am also extending the nwfilter schema and add this attribute to a test case.

2010-06-18  Justin Clift  <justin@salasaga.org>

	virsh: ensure persistence and autostart are shown for dominfo and pool-info
	This patch adds the persistence status (yes/no) to the output of the virsh
	dominfo and pool-info commands.  This patch also adds the autostart status
	to the output of the virsh pool-info command.

	Red Hat BZ for this:

	  https://bugzilla.redhat.com/show_bug.cgi?id=603696

2010-06-18  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: adding support for IVM
	Use virBuffer* API to conditionally keep the portion of the command
	line specific to HMC, so that IVM can work.

2010-06-17  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: use match target on incoming traffic
	The following patch enables the iptables match target to be used by
	default for incoming traffic. So far it has only be used for outgoing
	traffic.

	macvtap: work-around for 2.6.32 and older kernels
	This patch works around a recent extension of the netlink driver I had made use of when building the netlink messages. Unfortunately older kernels don't accept IFLA_IFNAME + name of interface as a replacement for the interface's index, so this patch now gets the interface index ifindex if it's not provided (ifindex <= 0).

2010-06-17  Justin Clift  <justin@salasaga.org>

	virsh: change printf() calls to vshPrint()
	Trivial fix changing printf() calls to vshPrint() where the ctl
	variable is available.

	virsh: improve help text for vol query commands
	Improves the help text for vol-path, vol-name, and vol-key, which
	previously referred to volume UUIDs.

	Addresses BZ # 598365.

	virsh: add pool support to vol-key command
	Presently the vol-key command only supports being provided with
	a volume path.

	This patch adds support for providing it with a pool and volume
	identifier pair as well.

	    virsh # vol-key --pool <pool-name-or-uuid> <vol-name-or-path>

2010-06-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add several missing vir*Free calls in libvirtd's remote code
	Justin Clift reported a problem with adding virStoragePoolIsPersistent
	to virsh's pool-info command, resulting in a strange problem. Here's
	an example:

	    virsh # pool-create-as images_dir3 dir - - - - "/home/images2"
	    Pool images_dir3 created

	    virsh # pool-info images_dir3
	    Name:           images_dir3
	    UUID:           90301885-94eb-4ca7-14c2-f30b25a29a36
	    State:          running
	    Capacity:       395.20 GB
	    Allocation:     30.88 GB
	    Available:      364.33 GB

	    virsh # pool-destroy images_dir3
	    Pool images_dir3 destroyed

	At this point the images_dir3 pool should be gone (because it was
	transient) and we should be able to create a new pool with the same name:

	    virsh # pool-create-as images_dir3 dir - - - - "/home/images2"
	    Pool images_dir3 created

	    virsh # pool-info images_dir3
	    Name:           images_dir3
	    UUID:           90301885-94eb-4ca7-14c2-f30b25a29a36
	    error: Storage pool not found

	The new pool got the same UUID as the first one, but we didn't specify
	one. libvirt should have picked a random UUID, but it didn't.

	It turned out that virStoragePoolIsPersistent leaks a reference to the
	storage pool object (actually remoteDispatchStoragePoolIsPersistent does).
	As a result, pool-destroy doesn't remove the virStoragePool for the
	"images_dir3" pool from the virConnectPtr's storagePools hash on libvirtd's
	side. Then the second pool-create-as get's the stale virStoragePool object
	associated with the "images_dir3" name. But this object has the old UUID.

	This commit ensures that all get_nonnull_* and make_nonnull_* calls for
	libvirt objects are matched properly with vir*Free calls. This fixes the
	reference leaks and the reported problem.

	All remoteDispatch*IsActive and remoteDispatch*IsPersistent functions were
	affected. But also remoteDispatchDomainMigrateFinish2 was affected in the
	success path. I wonder why that didn't surface earlier. Probably because
	domainMigrateFinish2 is executed on the destination host and in the common
	case this connection is opened especially for the migration and gets closed
	after the migration is done. So there was no chance to run into a problem
	because of the leaked reference.

	esx: Update case insensitive .vmx tests
	Commit b9efc7dc3b97ef667ab99cee884b8485ebcb2f91 made virFileHasSuffix
	case insensitive. Honor this in the tests by switching vmdk to VMDK.

	esx: Accept 'disk' as harddisk device type in .vmx files

2010-06-17  Eric Blake  <eblake@redhat.com>

	phyp: sed cleanups
	* src/phyp/phyp_driver.c (phypNumDomainsGeneric): Avoid glob
	collision by quoting sed argument.
	(phypDomainSetCPU): Avoid non-portable \+ in sed.
	(phypGetVIOSPartitionID, phypDiskType, phypListDomainsGeneric)
	(phypListDefinedDomains): Micro-optimize anchored substitutions.

2010-06-16  Justin Clift  <justin@salasaga.org>

	virsh: mark autostart answers for translation
	This is a trivial fix for several autostart yes/no strings that
	weren't correctly marked for translation.

2010-06-15  Eric Blake  <eblake@redhat.com>

	virsh: add start --paused support
	Make 'start --paused' mirror 'create --paused'.

	* tools/virsh.c (cmdStart): Use new virDomainCreateWithFlags API
	when needed.
	* tools/virsh.pod (start): Document --paused.

	qemu: support starting persistent domain paused
	Match earlier change for qemu pause support with virDomainCreateXML.

	* src/qemu/qemu_driver.c (qemudDomainObjStart): Add parameter; all
	callers changed.
	(qemudDomainStartWithFlags): Implement flag support.

	drivers: add virDomainCreateWithFlags if virDomainCreate exists
	* src/esx/esx_driver.c (esxDomainCreate): Move guts...
	(esxDomainCreateWithFlags): ...to new function.
	(esxDriver): Trivially support the new API.
	* src/lxc/lxc_driver.c (lxcDomainStart, lxcDomainStartWithFlags)
	(lxcDriver): Likewise.
	* src/opennebula/one_driver.c (oneDomainStart)
	(oneDomainStartWithFlags, oneDriver): Likewise.
	* src/openvz/openvz_driver.c (openvzDomainCreate)
	(openvzDomainCreateWithFlags, openvzDriver): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainStart)
	(qemudDomainStartWithFlags, qemuDriver): Likewise.
	* src/test/test_driver.c (testDomainCreate)
	(testDomainCreateWithFlags, testDriver): Likewise.
	* src/uml/uml_driver.c (umlDomainStart, umlDomainStartWithFlags)
	(umlDriver): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainCreate)
	(vboxDomainCreateWithFlags, Driver): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainCreate)
	(xenUnifiedDomainCreateWithFlags, xenUnifiedDriver): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainCreate)
	(xenapiDomainCreateWithFlags, xenapiDriver): Likewise.

	remote: protocol implementation for virDomainCreateWithFlags
	Define the wire format for the new virDomainCreateWithFlags
	API, and implement client and server side of marshaling code.

	* daemon/remote.c (remoteDispatchDomainCreateWithFlags): Add
	server side dispatch for virDomainCreateWithFlags.
	* src/remote/remote_driver.c (remoteDomainCreateWithFlags)
	(remote_driver): Client side serialization.
	* src/remote/remote_protocol.x
	(remote_domain_create_with_flags_args)
	(remote_domain_create_with_flags_ret)
	(REMOTE_PROC_DOMAIN_CREATE_WITH_FLAGS): Define wire format.
	* daemon/remote_dispatch_args.h: Regenerate.
	* daemon/remote_dispatch_prototypes.h: Likewise.
	* daemon/remote_dispatch_table.h: Likewise.
	* src/remote/remote_protocol.c: Likewise.
	* src/remote/remote_protocol.h: Likewise.
	* src/remote_protocol-structs: Likewise.

	libvirt: introduce domainCreateWithFlags API
	Persistent domain creation needs the same features as transient
	domains, but virDomainCreate lacks the flags argument present in
	virDomainCreateXML.  virDomainCreateFlags is already claimed as
	a public enum, so we have to break convention and expose
	virDomainCreateWithFlags.

	* include/libvirt/libvirt.h.in (virDomainCreateWithFlags): Add.
	* src/driver.h (virDrvDomainCreateWithFlags): Internal API.
	* src/libvirt.c (virDomainCreateWithFlags): Glue public API to
	driver API.
	* src/libvirt_public.syms (LIBVIRT_0.8.2): Expose public API.
	* src/esx/esx_driver.c (esxDriver): Add stub for driver.
	* src/lxc/lxc_driver.c (lxcDriver): Likewise.
	* src/opennebula/one_driver.c (oneDriver): Likewise.
	* src/openvz/openvz_driver.c (openvzDriver): Likewise.
	* src/phyp/phyp_driver.c (phypDriver): Likewise.
	* src/qemu/qemu_driver.c (qemuDriver): Likewise.
	* src/remote/remote_driver.c (remote_driver): Likewise.
	* src/test/test_driver.c (testDriver): Likewise.
	* src/uml/uml_driver.c (umlDriver): Likewise.
	* src/vbox/vbox_tmpl.c (Driver): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDriver): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDriver): Likewise.

	maint: simplify some ignore files
	* .hgignore: Delete, no longer used.
	* examples/python/.gitignore: Delete, covered globally.
	* include/.gitignore: Likewise.
	* python/tests/.gitignore: Likewise.
	* docs/schemas/.gitignore: Likewise.
	* tests/xml2sexprdata/.gitignore: Likewise.
	* tests/sexpr2xmldata/.gitignore: Likewise.
	* tests/confdata/.gitignore: Likewise.
	* tests/xencapsdata/.gitignore: Likewise.
	* tests/xmconfigdata/.gitignore: Likewise.
	* tests/xml2sexprdata/.gitignore: Likewise.

	parthelper: fix compilation without optimization
	Daniel's patch works with gcc and CFLAGS containing -O (the
	autoconf default), but fails with non-gcc or with other
	CFLAGS (such as -g), since c-ctype.h declares c_isdigit as
	a macro only for certain compilation settings.

	* src/Makefile.am (libvirt_parthelper_LDFLAGS): Add gnulib
	library, for when c_isdigit is not a macro.
	* src/storage/parthelper.c (main): Avoid out-of-bounds
	dereference, noticed by Jim Meyering.

2010-06-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix enumeration of partitions in disks with a trailing digit in path
	Disks with a trailing digit in their path (eg /dev/loop0 or
	/dev/dm0) have an extra 'p' appended before the partition
	number (eg, to form /dev/loop0p1 not /dev/loop01). Fix the
	partition lookup to append this extra 'p' when required

	* src/storage/parthelper.c: Add a 'p' before partition
	  number if required

2010-06-12  Eric Blake  <eblake@redhat.com>

	uml: sanity check external data before using it
	Otherwise, a malicious packet could cause a DoS via spurious
	out-of-memory failure.

	* src/uml/uml_driver.c (umlMonitorCommand): Validate that incoming
	data is reliable before using it to allocate/dereference memory.
	Don't report bogus errno on short read.
	Reported by Jim Meyering.

2010-06-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	Improve error message for disabled client-side drivers
	Report that libvirt was built without that driver instead of
	trying to connect to a libvirtd, when we know that this is
	going to fail.

2010-06-11  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: check getenv("DISPLAY") for NULL in vboxDomainDumpXML
	Otherwise this will segfault if DISPLAY is not defined.

	Check getenv("PATH") for NULL in virFindFileInPath
	Otherwise this will segfault if PATH is not defined.

	Reported by Emre Erenoglu

2010-06-11  Justin Clift  <justin@salasaga.org>

	virsh: add snapshot backing store support to vol-create-as
	This patch adds two new parameters to the vol-create-as command:

	 --backing-vol <volume-name-or-key-or-path>
	 --backing-vol-format <format-of-backing-vol>

	  virsh # vol-create-as guest_images_lvm snapvol1 5G --backing-vol \
	              rhel6vm1lun1
	  Vol snapvol1 created

	  virsh # vol-create-as image_dir qcow2snap2 5G --format qcow2 \
	              --backing-vol imagevol1.qcow2 \
	              --backing-vol-format qcow2
	  Vol qcow2snap2 created

	Additionally, the virsh man page update fixes incorrect snapshot
	parameters that were included in my prior bulk volume command patch.

2010-06-10  Eric Blake  <eblake@redhat.com>

	build: fix some mingw issues
	On Fedora 13 with sufficient mingw32-* packages installed, running
	./autobuild.sh failed to cross-compile to mingw because
	mingw32-pthreads installed a broken <pthread.h>.  With that
	issue fixed, the build still failed due to use of O_SYNC.
	Meanwhile, recent .spec.in changes got out of sync.

	* bootstrap.conf (gnulib_modules): Add fcntl-h, for O_SYNC.
	* .gnulib: Update to latest, to work around buggy pthreads-win32
	library.
	* bootstrap: Import latest from gnulib.
	* mingw32-libvirt.spec.in: Distribute new file.

	build: avoid pthreads-win32 on mingw
	* src/util/threads.c (includes) [WIN32]: On mingw, favor native
	threading over pthreads-win32 library.
	* src/util/thread.h [WIN32] Likewise.
	Suggested by Daniel P. Berrange.

2010-06-09  Daniel P. Berrange  <berrange@redhat.com>

	Fix cgroup setup code to cope with root squashing NFS
	When a disk is on a root squashed NFS server, it may not be
	possible to stat() the disk file in virCgroupAllowDevice.
	The virStorageFileGetMeta method may also fail to extract
	the parent backing store. Both of these errors have to be
	ignored to avoid breaking NFS deployments

	* src/qemu/qemu_driver.c: Ignore errors in cgroup setup to
	   keep root squash NFS happy

2010-06-09  Justin Clift  <justin@salasaga.org>

	virsh: fixed trivial comment and debug message in vshCommandOptVolBy function

	virsh: remove xen reference in header comment
	With libvirt and virsh now being used for much more than Xen, this
	patch removes the outdated reference to Xen in the file header.

2010-06-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add proxy query parameter
	Allow to specify a proxy to be used by libcurl.

	esx: Refactor esxUtil_ParseQuery's parameter handling
	Pass a struct containing the parameters instead of passing each
	one individually. This make future extensions a bit simpler.

2010-06-09  Justin Clift  <justin@salasaga.org>

	virsh: add the volume commands to the virsh man page
	This patch also includes the new vol-pool command.

	virsh: add new vol-pool command
	This patch adds a new "vol-pool" command to virsh, to round out the
	identifier conversion functions for volumes in virsh.  Now it is
	possible to work with volumes when starting from just a volume key
	or volume path.

2010-06-09  Eric Blake  <eblake@redhat.com>

	virsh: add --paused option to create
	* tools/virsh.c (opts_create): Add --paused option.
	(cmdCreate): Pass appropriate flag.
	* tools/virsh.pod: Document it.

	qemu: allow creation of a paused domain
	https://bugzilla.redhat.com/show_bug.cgi?id=589465

	Some guests (eg with badly configured grub, or Windows' installation cd)
	require quick response from the console user. That's why we have a
	"launchPaused" option in vdsm.

	To implement it via libvirt, we need to ask libvirt not to call
	qemuMonitorStartCPUs() after starting qemu.  Calling virDomainStop
	immediately after the domain is up is inherently raceful.

	* src/qemu/qemu_driver.c (qemudStartVMDaemon): Add new parameter;
	all callers adjusted.
	(qemudDomainCreate): Implement support for new flag.

	virDomainCreateXML: support new flag
	* include/libvirt/libvirt.h.in (virDomainCreateFlags): Add
	VIR_DOMAIN_START_PAUSED.
	* src/libvirt.c (virDomainCreateXML): Update documentation.
	* src/lxc/lxc_driver.c (lxcDomainCreateAndStart): Reject new flag
	as unimplemented.
	* src/opennebula/one_driver.c (oneDomainCreateAndStart):
	Likewise.
	* src/openvz/openvz_driver.c (openvzDomainCreateXML): Likewise.
	* src/phyp/phyp_driver.c (phypDomainCreateAndStart): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainCreate): Likewise.
	* src/test/test_driver.c (testDomainCreateXML): Likewise.
	* src/uml/uml_driver.c (umlDomainCreate): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainCreateXML): Likewise.
	* src/xen/xend_internal.c (xenDaemonCreateXML): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainCreateXML): Likewise.

2010-06-09  David Allan  <dallan@redhat.com>

	Fix leaks in udev device add/remove v3
	* This patch is a modification of a patch submitted by Nigel Jones.
	  It fixes several memory leaks on device addition/removal:

	1. Free the virNodeDeviceDefPtr in udevAddOneDevice if the return
	   value is non-zero

	2. Always release the node device reference after the device has been
	   processed.

	* Refactored for better readability per the suggestion of clalance

	Add multiIQN tests
	* Fix broken rng schema
	* Add test input & output files

	Add multiiqn XML dump
	* Use virBufferEscapeString() per Dan B.

2010-06-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix test breakage from virtio serial changes
	The virtio serial changes broke the test suite because they forgot
	to add the new address attribute to the domain XML schema. The
	xml2xml test also broke because the XML no longer roundtrips. This
	is due to testing of auto-addition of <controller> elements. Split
	that test case off into a separate XML file to avoid breakage

	* docs/schemas/domain.rng: Allow port number for virtio serial addresses
	* tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.args,
	  tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.xml: Revert to
	  a simple config to avoid breaking xml2xml test
	* tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-auto.xml,
	  tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-auto.args: Add
	  complex test case for auto-controller addition for xml2argv test
	* tests/qemuxml2argvtest.c: Add channel-virtio-auto test

	Enable probing of VPC disk format type
	A look at the QEMU source revealed the missing bits of info about
	the VPC file format, so we can enable this now

	* src/util/storage_file.c: Enable VPC format, providing version
	  and disk size offset fields

	Ensure that PCI device is reattached to host if hotadd fails
	When an attempt to hotplug a PCI device to a guest fails,
	the device was left attached to pci-stub. It is neccessary
	to reset the device and then attach it to the host driver
	again.

	* src/qemu/qemu_driver.c: Reattach PCI device to host if
	  hotadd fails

	Don't raise errors in the selinux restore code
	The restore code is done in places where errors cannot be
	raised, since they will overwrite over pre-existing errors.

	* src/security/security_selinux.c: Only warn about failures
	  in label restore, don't report errors

	Fix check for errors in device_add command in QEMU text monitor
	Any output at all from device_add indicates an error in the
	command execution. Thus it needs to check for reply != ""

	* src/qemu/qemu_monitor_text.c: Fix reply check for errors
	  to treat any output as an error

	Prefer UDEV to HAL drivers if both a compiled
	HAL is deprecated and UDEV is the future. Thus if both
	options are compiled, we should prefer use of UDEV over
	HAL

	* src/node_device/node_device_driver.c: Switch init
	  order to try UDEV first, then HAL

2010-06-08  Daniel J Walsh  <dwalsh@redhat.com>

	Add support for setting socket MLS level in SELinux driver
	When SELinux is running in MLS mode, libvirtd will have a
	different security level to the VMs. For libvirtd to be
	able to connect to the monitor console, the client end of
	the UNIX domain socket needs a different label. This adds
	infrastructure to set the socket label via the security
	driver framework

	* src/qemu/qemu_driver.c: Call out to socket label APIs in
	  security driver
	* src/qemu/qemu_security_stacked.c: Wire up socket label
	  drivers
	* src/security/security_driver.h: Define security driver
	  entry points for socket labelling
	* src/security/security_selinux.c: Set socket label based on
	  VM label

2010-06-08  Daniel P. Berrange  <berrange@redhat.com>

	Network duplicate UUID/name checking
	The network driver is not doing correct checking for
	duplicate UUID/name values. This introduces a new method
	virNetworkObjIsDuplicate, based on the previously
	written virDomainObjIsDuplicate.

	* src/conf/network_conf.c, src/conf/network_conf.c,
	  src/libvirt_private.syms: Add virNetworkObjIsDuplicate,
	* src/network/bridge_driver.c: Call virNetworkObjIsDuplicate
	  for checking uniqueness of uuid/names

	Fix error codes for missing storage pools
	The storage pool driver is mistakenly using the error code
	VIR_ERR_INVALID_STORAGE_POOL which is for diagnosing invalid
	pointers. This patch switches it to use VIR_ERR_NO_STORAGE_POOL
	which is the correct code for cases where the storage pool does
	not exist

	* src/storage/storage_driver.c: Replace VIR_ERR_INVALID_STORAGE_POOL
	  with VIR_ERR_NO_STORAGE_POOL

	Storage pool duplicate UUID/name checking
	The storage pool driver is not doing correct checking for
	duplicate UUID/name values. This introduces a new method
	virStoragePoolObjIsDuplicate, based on the previously
	written virDomainObjIsDuplicate.

	* src/conf/storage_conf.c, src/conf/storage_conf.c,
	  src/libvirt_private.syms: Add virStoragePoolObjIsDuplicate,
	* src/storage/storage_driver.c: Call virStoragePoolObjIsDuplicate
	  for checking uniqueness of uuid/names

	Fix auto-adding of virtio serial controllers
	The domain parsing code would auto-add a virtio serial controller
	if it saw any virtio serial channel defined. Unfortunately it
	always added a controller with index=0, even if the channel address
	specified an index != 0. It only added one controller, even if
	multiple controllers were referenced by channels. Finally, it let
	the ports+vectors parameters initialize to zero instead of -1, which
	prevented the controllers accepting any ports.

	* src/conf/domain_conf.c: Initialize ports+vectors when adding
	  virtio serial controllers. Add all neccessary virtio serial
	  controllers, instead of hardcoding controller 0
	* qemuxml2argvdata/qemuxml2argv-channel-virtio.args,
	  qemuxml2argvdata/qemuxml2argv-channel-virtio.xml: Expand to
	  test controller auto-add behaviour

	Include port number with virtio serial devices
	To ensure that the device addressing scheme is stable across
	hotplug/unplug, all virtio serial channels needs to have an
	associated port number in their address. This is then specified
	to QEMU using the nr=NNN parameter

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Parsing
	  for port number in vioserial address types.
	* src/qemu/qemu_conf.c: Set 'nr=NNN' parameter with virtio
	  serial port number
	* tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.args,
	  tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.xml: Expand
	  data set to ensure coverage of port addressing

	Disable use of 'reason' field in block IO event in QEMU
	QEMU upstream decided against adding a 'reason' field to
	the block IO event in QMP. Disable this code to remove a
	annoying warning message. It will be renabled when the
	error string reason is re-introduced in QEMU

	Ensure UNIX domain sockets are removed on daemon shutdown
	When libvirtd exits it is leaving UNIX domain sockets on
	the filesystem. These need to be removed.

	The qemudInitPaths() method has signficant code churn to
	switch from using a pre-allocated buffer on the stack, to
	dynamically allocating on the heap.

	* daemon/libvirtd.c, daemon/libvirtd.h: Store a reference
	  to the UNIX domain socket path and unlink it on shutdown

2010-06-08  Justin Clift  <justin@salasaga.org>

	virsh: fix minor virsh man page typos and formatting problems

2010-06-08  Jamie Strandboge  <jamie@ubuntu.com>

	Fix AppArmor save/restore.Add stdin_path to qemudStartVMDaemon() args.
	Refactor to update AppArmor security driver to adjust profile for
	save/restore. This addresses the following bugs:

	 https://bugzilla.redhat.com/show_bug.cgi?id=529363
	 https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/457716

	Add stdin_path to qemudStartVMDaemon() args.
	Adjust args to qemudStartVMDaemon() to also specify path to stdin_fd,
	so this can be passed to the AppArmor driver via SetSecurityAllLabel().

	This updates all calls to qemudStartVMDaemon() as well as setting up
	the non-AppArmor security driver *SetSecurityAllLabel() declarations
	for the above. This is required for the following
	"apparmor-fix-save-restore" patch since AppArmor resolves the passed
	file descriptor to the pathname given to open().

2010-06-06  Jim Meyering  <meyering@redhat.com>

	avoid syntax-check failure
	* .mailmap: Map a stray commit-author email address to the canonical one.
	Reported by Justin Clift.

2010-06-05  Laine Stump  <laine@laine.org>

	Adjust block size used by dd to speed QEMU domain save operations.
	See https://bugzilla.redhat.com/show_bug.cgi?id=599091

	Saving a paused 512MB domain took 3m47s with the old block size of 512
	bytes. Changing the block size to 1024*1024 decreased the time to 56
	seconds. (Doubling again to 2048*1024 yielded 0 improvement; lowering
	to 512k increased the save time to 1m10s, about 20%)

	Fix dereference of potentially freed pointer in qemudDomainSaveFlags
	The pointer to the xml describing the domain is saved into an object
	prior to calling VIR_REALLOC_N() to make the size of the memory it
	points to a multiple of QEMU_MONITOR_MIGRATE_TO_FILE_BS. If that
	operation needs to allocate new memory, the pointer that was saved is
	no longer valid.

	To avoid this situation, adjust the size *before* saving the pointer.

	(This showed up when experimenting with very large values of
	QEMU_MONITOR_MIGRATE_TO_FILE_BS).

2010-06-05  Jim Fehlig  <jfehlig@linux-ypgk.site>

	Fixes for commit 211dd1e9
	Fixes for issues in commit 211dd1e9 noted by by Jim Meyering.

	1. Allocate content buffer of size content_length + 1 to ensure
	   NUL-termination.
	2. Limit content buffer size to 64k
	3. Fix whitespace issue

	V2:
	  - Add comment to clarify allocation of content buffer
	  - Add ATTRIBUTE_NONNULL where appropriate
	  - User NULLSTR macro

2010-06-05  Eric Blake  <eblake@redhat.com>

	autobuild.sh: avoid bashism
	* autobuild.sh: Replace 'set -o pipefail' with POSIX alternative.
	Reported by Matthias Bolte.

2010-06-04  Jim Fehlig  <jfehlig@novell.com>

	Allocate buffer to hold xend response
	There are cases when a response from xend can exceed 4096 bytes, in
	which case anything beyond 4096 is ignored. This patch changes the
	current fixed-size, stack-allocated buffer to a dynamically allocated
	buffer based on Content-Length in HTTP header.

2010-06-03  David Allan  <dallan@redhat.com>

	Update nodedev scsi_host data before use
	* It appears that the udev event for HBA creation arrives before the
	  associated sysfs data is fully populated, resulting in bogus data
	  for the nodedev entry until the entry is refreshed.  This problem is
	  particularly troublesome when creating NPIV vHBAs because it results
	  in libvirt failing to find the newly created adapter and waiting for
	  the full timeout period before erroneously failing the create
	  operation.  This patch forces an update before any attempt to use
	  any scsi_host nodedev entry.

	Fix device destroy return value
	* Set return value in error cases
	* Clarify error message when parent device is not vport capable

2010-06-03  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: Strict check when listing domains

2010-06-03  Stefan Berger  <stefanb@us.ibm.com>

	add 802.1Qbh and 802.1Qbg handling
	This patch that adds support for configuring 802.1Qbg and 802.1Qbh
	switches. The 802.1Qbh part has been successfully tested with real
	hardware. The 802.1Qbg part has only been tested with a (dummy)
	server that 'behaves' similarly to how we expect lldpad to 'behave'.

	The following changes were made during the development of this patch:

	 - Merging Scott's v13-pre1 patch
	 - Fixing endptr related bug while using virStrToLong_ui() pointed out
	   by Jim Meyering
	 - Addressing Jim Meyering's comments to v11
	 - requiring mac address to the vpDisassociateProfileId() function to
	   pass it further to the 802.1Qbg disassociate part (802.1Qbh untouched)
	 - determining pid of lldpad daemon by reading it from /var/run/libvirt.pid
	   (hardcode as is hardcode alson in lldpad sources)
	 - merging netlink send code for kernel target and user space target
	   (lldpad) using one function nlComm() to send the messages
	 - adding a select() after the sending and before the reading of the
	   netlink response in case lldpad doesn't respond and so we don't hang
	 - when reading the port status, in case of 802.1Qbg, no status may be
	   received while things are 'in progress' and only at the end a status
	   will be there.
	 - when reading the port status, use the given instanceId and vf to pick
	   the right IFLA_VF_PORT among those nested under IFLA_VF_PORTS.
	 - never sending nor parsing IFLA_PORT_SELF type of messages in the
	   802.1Qbg case
	 - iterating over the elements in a IFLA_VF_PORTS to pick the right
	   IFLA_VF_PORT by either IFLA_PORT_PROFILE and given profileId
	   (802.1Qbh) or IFLA_PORT_INSTANCE_UUID and given instanceId (802.1Qbg)
	   and reading the current status in IFLA_PORT_RESPONSE.
	 - recycling a previous patch that adds functionality to interface.c to
	   - get the vlan identifier on an interface
	   - get the flags of an interface and some convenience function to
	     check whether an interface is 'up' or not (not currently used here)
	 - adding function to determine the root physical interface of an
	   interface. For example if a macvtap is linked to eth0.100, it will
	   find eth0. Also adding a function that finds the vlan on the 'way to
	   the root physical interface'
	 - conveying the root physical interface name and index in case of 802.1Qbg
	 - conveying mac address of macvlan device and vlan identifier in
	   IFLA_VFINFO_LIST[ IFLA_VF_INFO[ IFLA_VF_MAC(mac), IFLA_VF_VLAN(vlan) ] ]
	   to (future) lldpad via netlink
	  - To enable build with --without-macvtap rename the
	    [dis|]associatePortProfileId functions, prepend 'vp' before their
	    name and make them non-static functions.
	  - Renaming variable multicast to nltarget_kernel and inverting
	    the logic
	  - Addressing Jim Meyering's comments; this also touches existing
	    code for example for correcting indentation of break statements or
	    simplification of switch statements.
	  - Renamed occurrencvirVirtualPortProfileDef to virVirtualPortProfileParamses
	  - 802.1Qbg part prepared for sending a RTM_SETLINK and getting
	    processing status back plus a subsequent RTM_GETLINK to
	    get IFLA_PORT_RESPONSE.
	    Note: This interface for 802.1Qbg may still change
	  - [David Allan] move getPhysfn inside IFLA_VF_PORT_MAX to avoid
	compiler
	    warning when latest if_link.h isn't available
	  - move from Stefan's 802.1Qb{g|h} XML v8 to v9
	  - move hostuuid and vf index calcs to inside doPortProfileOp8021Qbh
	  - remove debug fprintfs
	  - use virGetHostUUID (thanks Stefan!)
	  - fix compile issue when latest if_link.h isn't available
	  - change poll timeout to 10s, at 1/8 intervals
	     - if polling times out, log msg and return -ETIMEDOUT
	  - Add Stefan's code for getPortProfileStatus
	  - Poll for up to 2 secs for port-profile status, at 1/8 sec intervals:
	     - if status indicates error, abort openMacvtapTap
	     - if status indicates success, exit polling
	     - if status is "in-progress" after 2 secs of polling, exit
	       polling loop silently, without error

	My patch finishes out the 802.1Qbh parts, which Stefan had mostly complete.
	I've tested using the recent kernel updates for VF_PORT netlink msgs and
	enic for Cisco's 10G Ethernet NIC.  I tested many VMs, each with several
	direct interfaces, each configured with a port-profile per the XML.  VM-to-VM,
	and VM-to-external work as expected.  VM-to-VM on same host (using same NIC)
	works same as VM-to-VM where VMs are on diff hosts.  I'm able to change
	settings on the port-profile while the VM is running to change the virtual
	port behaviour.  For example, adjusting a QoS setting like rate limit.  All
	VMs with interfaces using that port-profile immediatly see the effect of the
	change to the port-profile.

	I don't have a SR-IOV device to test so source dev is a non-SR-IOV device,
	but most of the code paths include support for specifing the source dev and
	VF index.  We'll need to complete this by discovering the PF given the VF
	linkdev.  Once we have the PF, we'll also have the VF index.  All this info-
	mation is available from sysfs.

2010-06-02  Eric Blake  <eblake@redhat.com>

	bitmap: reject zero-size bitmap
	* src/util/bitmap.c (virBitmapAlloc): Tighten sanity check.

2010-06-02  Cole Robinson  <crobinso@redhat.com>

	hostusb: Properly handle 'usbX' sysfs files
	Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=598272

	Some files under /sys/bus/usb/devices/ have the format 'usbX', where
	X is the USB bus number. Use STRPREFIX to correctly parse the bus numbers.

2010-06-02  Justin Clift  <justin@salasaga.org>

	Add --source-format argument to virsh pool-define-as and pool-create-as
	This is the corresponding patch for the virsh man page (virsh.pod).

	Add --source-format argument to virsh pool-define-as and pool-create-as
	When creating pools from dedicated disks, the existing pool-define-as
	and pool-create-as commands are a bit non-optimal.

	Ideally, a person would be able to specify all of the required options
	directly on the command line instead of having to edit the XML.

	At the moment, there is no way to specify the format type (ie gpt) so it
	gets included in the XML the pool is constructed with.

	Please find attached a simple (tested) patch to add an optional
	"--source-format 'type'" to virsh.  This is patched against current git
	master and will apply cleanly.

	Also created a Red Hat BZ ticket for this (#597790) for tracking.

	Trivial virsh.pod additions --all for "list" command and similar
	This is just a trivial patch to virsh.pod (from git master). It adds the
	following pieces to the virsh man page:

	  + Shows the --inactive and --all optional parameters for the list
	    command.

	    Closes Bugzilla #575512, reported by Renich Bon Ciric
	    https://bugzilla.redhat.com/show_bug.cgi?id=575512

	  + Corrects the existing description of the list command, to now say
	    that only running domains are listed if no domains are specified.

	    The man page up until this point has said all domains are listed if
	    no domains are specified, which is incorrect.

	  + Adds the "shut off" state to the list of states for the list
	    command.

	  + Adds a missing =back around line 755, that pod2man was complaining
	    was missing.

2010-06-02  Eric Blake  <eblake@redhat.com>

	build: fix VPATH 'make syntax-check'
	* cfg.mk (sc_check_author_list): Look in correct location.

	build: depend on correct file
	Otherwise, VPATH builds fail with:

	make[1]: *** No rule to make target `libvirt-guests.init', needed by `all'.

	Regression introduced in commit 482e08a9.

	* daemon/Makefile.am (%.init): Look in correct place for
	config.status.

2010-06-02  Cole Robinson  <crobinso@redhat.com>

	qemu: Add a qemu.conf option for clearing capabilities
	Currently there is no way to opt out of libvirt dropping POSIX
	capabilities for qemu. This at least is a useful debugging tool, but
	is also wanted by users (and distributors):

	https://bugzilla.redhat.com/show_bug.cgi?id=559154
	https://bugzilla.redhat.com/show_bug.cgi?id=573850

	v2: Clarify qemu.conf comment, warn about security implications

	v3: Add .aug changes

2010-05-29  Jim Meyering  <meyering@redhat.com>

	build: make cpp indentation conform
	* src/storage/storage_backend.h (VIR_STORAGE_VOL_OPEN_DEFAULT):
	Adjust s/#define/# define/, and align continued lines.

2010-05-29  Cole Robinson  <crobinso@redhat.com>

	storage: Check for invalid storage mode before opening
	If a directory pool contains pipes or sockets, a pool start can fail or hang:

	https://bugzilla.redhat.com/show_bug.cgi?id=589577

	We already try to avoid these special files, but only attempt after
	opening the path, which is where the problems lie. Unify volume opening
	into helper functions, which use the proper open() flags to avoid error,
	followed by fstat to validate storage mode.

	Previously, virStorageBackendUpdateVolTargetInfoFD attempted to enforce the
	storage mode check, but allowed callers to detect this case and silently
	continue. In practice, only the FS backend was using this feature, the rest
	were treating unknown mode as an error condition. Unfortunately the InfoFD
	function wasn't raising an error message here, so error reporting was
	busted.

	This patch adds 2 functions: virStorageBackendVolOpen, and
	virStorageBackendVolOpenModeSkip. The latter retains the original opt out
	semantics, the former now throws an explicit error.

	This patch maintains the previous volume mode checks: allowing specific
	modes for specific pool types requires a bit of surgery, since VolOpen
	is called through several different helper functions.

	v2: Use ATTRIBUTE_NONNULL. Drop stat check, just open with
	    O_NONBLOCK|O_NOCTTY.

	v3: Move mode check logic back to VolOpen. Use 2 VolOpen functions with
	    different error semantics.

	v4: Make second VolOpen function more extensible. Didn't opt to change
	    FS backend defaults, this can just be to fix the original bug.

	v5: Prefix default flags with VIR_, use ATTRIBUTE_RETURN_CHECK

2010-05-29  Stefan Berger  <stefanb@us.ibm.com>

	macvtap: cannot support target device name
	Since the macvtap device needs active tear-down and the teardown logic
	is based on the interface name, it can happen that if for example 1 out
	of 3 interfaces was successfully created, that during the failure path
	the macvtap's target device name is used to tear down an interface that
	is doesn't own (owned by another VM).

	So, in this patch, the target interface name is reset so that there is
	no target interface name and the interface name is always cleared after
	a tear down.

2010-05-29  David Allan  <dallan@redhat.com>

	Improve nodedev parent/child relationships
	* If a nodedev has a parent that we don't want to display, we should
	  continue walking up the udev device tree to see if any of its
	  earlier ancestors are devices that we display.  It makes the tree
	  much nicer looking than having a whole lot of devices hanging off
	  the root node.

2010-05-29  Jiri Denemark  <jdenemar@redhat.com>

	Fix libvirt-guests init script
	Firstly, the init script has to touch its file under /var/lock/subsys
	when started, otherwise the system would think it's not running and
	won't stop it during shutdown.

	Secondly, for some reason there is a policy to automatically enable
	init scripts when they are installed, so let the specfile do this. We
	also need to start the init script to ensure it will be stopped during
	the first shutdown after installing the package.

	Also $LISTFILE should be enclosed by quotes everywhere as suggested by
	Eric.

2010-05-28  Jim Meyering  <meyering@redhat.com>

	maint: new syntax-check rule to ensure that AUTHORS stays in sync
	* cfg.mk (sc_check_AUTHOR_list): New rule.
	* .mailmap: New file, to tell git log how to map email addresses.

2010-05-28  Paolo Smiraglia  <paolo.smiraglia@gmail.com>

	hooks: fix typo
	* src/util/hooks.c (virHookLxcOp): Use correct bound.

2010-05-28  Eric Blake  <eblake@redhat.com>

	build: silence cppi warning, clarify vbox headers
	These files are borrowed from upstream release versions, and should
	not need further edits in the context of libvirt (instead, a new
	upstream vbox release would entail adding a new header file).  We do
	not re-generate these files as part of libvirt, nor do we want to lose
	our minor edits (such as cppi cleanups).

	* src/vbox/vbox_CAPI_v2_2.h: Clarify file origins.
	* src/vbox/vbox_CAPI_v3_0.h: Likewise.
	* src/vbox/vbox_CAPI_v3_1.h: Likewise.
	* src/vbox/vbox_CAPI_v3_2.h: Likewise.  Reindent with cppi.

2010-05-28  Cole Robinson  <crobinso@redhat.com>

	network: bridge: Don't start network if it collides with host routing
	Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=235961

	If using the default virtual network, an easy way to lose guest network
	connectivity is to install libvirt inside the VM. The autostarted
	default network inside the guest collides with host virtual network
	routing. This is a long standing issue that has caused users quite a
	bit of pain and confusion.

	On network startup, parse /proc/net/route and compare the requested
	IP+netmask against host routing destinations: if any matches are found,
	refuse to start the network.

	v2: Drop sscanf, fix a comment typo, comment that function could use
	    libnl instead of /proc

	v3: Consider route netmask. Compare binary data rather than convert to
	    string.

	v4: Return to using sscanf, drop inet functions in favor of virSocket,
	    parsing safety checks. Don't make parse failures fatal, in case
	    expected format changes.

	v5: Try and continue if we receive unexpected. Delimit parsed lines to
	    prevent scanning past newline

2010-05-28  Eric Blake  <eblake@redhat.com>

	maint: update AUTHORS with recent contributors
	git shortlog $(git log -1 --format=%H AUTHORS).. | grep -v "^ "

	then add missing entries to AUTHORS.

	* AUTHORS: Update.

2010-05-28  Cole Robinson  <crobinso@redhat.com>

	xen: Fix chardev listen sexpr formatting
	'listen' isn't a valid qemu-dm option, as reported a long time ago here:

	https://bugzilla.redhat.com/show_bug.cgi?id=492958

	Matches the near identical logic in qemu_conf.c

	v2: When parsing sexpr, only match on ",server", rather than
	    full ',server,nowait'.

	xen: Remove unused function

2010-05-28  David Allan  <dallan@redhat.com>

	v2 of Cole's wlan support
	* Incorporated Jim's feedback (v1 & v2)

	* Moved case of DEVTYPE == "wlan" up as it's definitive that we have a network interface.

	* Made comment more detailed about the wired case to explain better
	  how it differentiates between wired network interfaces and USB
	  devices.

2010-05-27  Марк Коренберг  <socketpair gmail com>

	Add docs on drive <serial> element
	* docs/formatdomain.html.in: Document <serial> element within
	  <disk> and fix typo on <driver/> element

2010-05-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Simplify goto usage
	Eliminate almost all backward jumps by replacing this common pattern:

	int
	some_random_function(void)
	{
	    int result = 0;
	    ...

	  cleanup:
	    <unconditional cleanup code>
	    return result;

	  failure:
	    <cleanup code in case of an error>
	    result = -1;
	    goto cleanup
	}

	with this simpler pattern:

	int
	some_random_function(void)
	{
	    int result = -1;
	    ...
	    result = 0;

	  cleanup:
	    if (result < 0) {
	        <cleanup code in case of an error>
	    }

	    <unconditional cleanup code>
	    return result;
	}

	Add a bool success variable in functions that don't have a int result
	that can be used for the new pattern.

	Also remove some unnecessary memsets in error paths.

2010-05-27  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	Support for VirtualBox version 3.2

2010-05-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	Use printf instead of echo -e in libvirt.spec.in
	make rpm created dummy tests containing '-e #!/bin/sh' for me.

	Install, distribute and package domainsnapshot.rng

2010-05-27  Eric Blake  <eblake@redhat.com>

	build: support 'make check' in pristine tree
	Otherwise, 'make check' in the python dir tries to reference a file in
	docs that is built by 'make' but not by 'make check'.

	* docs/Makefile.am (check-local): New rule.
	Reported by Matthias Bolte.

2010-05-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Expose host UUID in the capabilities XML
	Parse the BIOS UUID. This information may not be available, in that
	case no host UUID is exposed in the capabilities XML.

2010-05-27  Daniel P. Berrange  <berrange@redhat.com>

	Fix integer overflow in hotplug methods
	The hotplug methods still had the qemuCmdFlags variable declared
	as an int, instead of unsigned long long. This caused flag checks
	to be incorrect for flags > 31

	* src/qemu/qemu_driver.c: Fix integer overflow in hotplug

2010-05-27  Alex Williamson  <alex.williamson@redhat.com>

	Pass pre-opened PCI device sysfs config file to QEMU
	This allows libvirt to open the PCI device sysfs config file prior
	to dropping privileges so qemu can access the full config space.
	Without this, a de-privileged qemu can only access the first 64
	bytes of config space.

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Detect support
	  for pci-assign.configfd option. Use this option when formatting
	  PCI device string if possible
	* src/qemu/qemu_driver.c: Pre-open PCI sysfs config file and pass
	  to QEMU

2010-05-26  Cole Robinson  <crobinso@redhat.com>

	daemon: sysconf: Update comment about VNC audio

2010-05-26  Chris Lalancette  <clalance@redhat.com>

	Fix failing virGetHostname.
	We've been running into a lot of situations where
	virGetHostname() is returning "localhost", where a plain
	gethostname() would have returned the correct thing.  This
	is because virGetHostname() is *always* trying to canonicalize
	the name returned from gethostname(), even when it doesn't
	have to.

	This patch changes virGetHostname so that if the value returned
	from gethostname() is already FQDN or localhost, it returns
	that string directly.  If the value returned from gethostname()
	is a shortened hostname, then we try to canonicalize it.  If
	that succeeds, we returned the canonicalized hostname.  If
	that fails, and/or returns "localhost", then we just return
	the original string we got from gethostname() and hope for
	the best.

	Note that after this patch it is up to clients to check whether
	"localhost" is an allowed return value.  The only place
	where it's currently not is in qemu migration.

2010-05-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	xen-proxy build broken
	The virVirtualPortProfileFormat just went below the
	virVirtualPortProfileParamsParseXML function and got inside the

	The attached patch moves virVirtualPortProfileFormat below the #ifndef
	PROXY block.

	esx: Add read-only storage pool access
	Allows listing existing pools and requesting information about them.

	Alter the esxVI_ProductVersion enum in a way that allows to check for
	product type by masking.

2010-05-26  Eric Blake  <eblake@redhat.com>

	build: fix HTML errors in nwfilter docs
	A build on Ubuntu reported:

	|| Generating formatnwfilter.html.tmp
	/dados/develop/libvirt/docs/formatnwfilter.html.in|390| HTML parser error : Unexpected end tag : p
	||     </p>
	||         ^
	/dados/develop/libvirt/docs/formatnwfilter.html.in|705| HTML parser error : Unexpected end tag : code
	||          <td>End of range of valid source ports</code></td>
	||                                                       ^
	/dados/develop/libvirt/docs/formatnwfilter.html.in|710| HTML parser error : Unexpected end tag : code
	||          <td>Start of range of valid destination ports</code></td>
	||                                                              ^

	* docs/formatnwfilter.html.in: Fix invalid HTML constructs.
	Reported by Eduardo Otubo.

	build: fix compilation without macvtap
	* src/util/macvtap.c: (associatePortProfileId)
	(disassociatePortProfileId): Move inside HAVE_MACVTAP
	conditional.
	Reported by Eduardo Otubo.

2010-05-26  Jim Meyering  <jim@meyering.net>

	tests: avoid new failure of the daemon-conf test
	* tests/daemon-conf: Accommodate the fact that out template,
	daemon/libvirtd.conf now contains an invalid host_uuid.
	Convert it to a valid one before the final libvirtd-running
	test that must terminate normally.

	libvirtd: diagnose invalid host UUID
	* daemon/libvirtd.c (remoteReadConfigFile): Diagnose an invalid
	host UUID rather than silently exiting with status 7.

2010-05-26  Stefan Berger  <stefanb@us.ibm.com>

	vepa: parsing for 802.1Qb{g|h} XML
	This patch parses the following two XML descriptions, one for
	802.1Qbg and one for 802.1Qbh, and stores the data internally.
	The actual triggering of the switch setup protocol has not been
	implemented here but the relevant code to do that should go into
	the functions associatePortProfileId() and disassociatePortProfileId().

	   <interface type='direct'>
	      <source dev='eth0.100' mode='vepa'/>
	      <model type='virtio'/>
	      <virtualport type='802.1Qbg'>
	        <parameters managerid='12' typeid='0x123456' typeidversion='1'
	         instanceid='fa9b7fff-b0a0-4893-8e0e-beef4ff18f8f'/>
	      </virtualport>
	      <filterref filter='clean-traffic'/>
	    </interface>

	    <interface type='direct'>
	      <source dev='eth0.100' mode='vepa'/>
	      <model type='virtio'/>
	      <virtualport type='802.1Qbh'>
	        <parameters profileid='my_profile'/>
	      </virtualport>
	    </interface>

	I'd suggest to use this patch as a base for triggering the setup
	protocol with the 802.1Qb{g|h} switch.

	Several rounds of changes were made to this patch. The
	following is a list of these changes.
	- Renamed structure virVirtualPortProfileDef to virVirtualPortProfileParams
	  as per Daniel Berrange's request
	- Addressing Daniel Berrange's comments:
	 - removing macvtap.h's dependency on domain_conf.h by
	   moving the virVirtualPortProfileDef structure into macvtap.h
	   and not passing virtDomainNetDefPtr to any functions in
	   macvtap.c
	- Addressed most of Chris Wright's comments:
	  - indicating error in case virtualport XML node cannot be parsed
	    properly
	  - parsing hex and decimal numbers using virStrToLong_ui() with
	    parameter '0' for base
	  - tgifname (target interface name) variable wasn't necessary
	    to pass to openMacvtapTap function anymore
	- assigning the virtual port data structure to the virDomainNetDef
	  only if it was previously parsed
	- make sure that the error code returned by openMacvtapTap() is a negative n
	  in case the associatePortProfileId() function failed.
	- renaming vsi in the XML to virtualport
	- replace all occurrences of vsi in the source as well
	- removing mode and MAC address parameters from the functions that
	  will communicate with the hareware diretctly or indirectly
	- moving the associate and disassociate functions to the end of the
	  file for subsequent patches to easier make them generally available
	  for export
	- passing the macvtap interface name rather than the link device since
	  this otherwise gives funny side effects when using netlink messages
	  where IFLA_IFNAME and IFLA_ADDRESS are specified and the link dev
	  all of a sudden gets the MAC address of the macvtap interface.
	- Removing rc = -1 error indications in the case of 802.1Qbg|h setup in case
	  we wanted to use hook scripts for the setup and so the setup doesn't fail
	  here.
	- if instance ID UUID is not supplied it will automatically be generated
	  - adapted schema to make instance ID UUID optional
	  - added test case
	- parser and XML generator have been separated into their own
	  functions so they can be re-used elsewhere (passthrough case
	  for example)
	- Adapted XML parser and generator support the above shown type
	  (802.1Qbg, 802.1Qbh).
	- Adapted schema to above XML
	- Adapted test XML to above XML
	- Passing through the VM's UUID which seems to be necessary for
	  802.1Qbh -- sorry no host UUID
	- adding virtual function ID to association function, in case it's
	  necessary to use (for SR-IOV)

	vepa+vsi: Introduce dependency on libnl
	This patch introduces a dependency on libnl, which subsequent patches
	will then use.

	Changes from V1 to V2:
	- added diffstats
	- following changes in tree

2010-05-26  Cole Robinson  <crobinso@redhat.com>

	storage: Sanitize pool target paths
	Spurious / in a pool target path makes life difficult for apps using the
	GetVolByPath, and doing other path based comparisons with pools. This
	has caused a few issues for virt-manager users:

	https://bugzilla.redhat.com/show_bug.cgi?id=494005
	https://bugzilla.redhat.com/show_bug.cgi?id=593565

	Add a new util API which removes spurious /, virFileSanitizePath. Sanitize
	target paths when parsing pool XML, and for paths passed to GetVolByPath.

	v2: Leading // must be preserved, properly sanitize path=/, sanitize
	    away /./ -> /

	v3: Properly handle starting ./ and ending /.

	v4: Drop all '.' handling, just sanitize / for now.

2010-05-26  Daniel P. Berrange  <berrange@redhat.com>

	Expose a host UUID in the capabilities XML
	Allow for a host UUID in the capabilities XML. Local drivers
	will initialize this from the SMBIOS data. If a sanity check
	shows SMBIOS uuid is invalid, allow an override from the
	libvirtd.conf configuration file

	* daemon/libvirtd.c, daemon/libvirtd.conf: Support a host_uuid
	  configuration option
	* docs/schemas/capability.rng: Add optional host uuid field
	* src/conf/capabilities.c, src/conf/capabilities.h: Include
	  host UUID in XML
	* src/libvirt_private.syms: Export new uuid.h functions
	* src/lxc/lxc_conf.c, src/qemu/qemu_driver.c,
	  src/uml/uml_conf.c: Set host UUID in capabilities
	* src/util/uuid.c, src/util/uuid.h: Support for host UUIDs
	* src/node_device/node_device_udev.c: Use the host UUID functions
	* tests/confdata/libvirtd.conf, tests/confdata/libvirtd.out: Add
	  new host_uuid config option to test

2010-05-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix handling of disk backing stores with cgroups
	The cgroups ACL code was only allowing the primary disk image.
	It is possible to chain images together, so we need to search
	for backing stores and add them to the ACL too. Since the ACL
	only handles block devices, we ignore the EINVAL we get from
	plain files. In addition it was missing code to teardown the
	cgroup when hot-unplugging a disk

	* src/qemu/qemu_driver.c: Allow backing stores in cgroup ACLs
	  and add missing teardown code in unplug path

2010-05-25  Chris Lalancette  <clalance@redhat.com>

	Fix up basic migration.
	Basic live migration was broken by the commit that added
	non-shared block support in two ways:

	1)  It added a virCheckFlags() to doNativeMigrate().  Besides
	the fact that typical usage of virCheckFlags() is in driver
	entry points, and doNativeMigrate() is not an entry point,
	it was missing important flags like VIR_MIGRATE_LIVE.  Move
	the virCheckFlags to the top-level qemuDomainMigratePrepare2
	and friends.

	2)  It also added a memory leak in qemuMonitorTextMigrate()
	by not freeing the memory used by virBufferContentAndReset().
	This is fixed by storing the pointer in a temporary variable
	and freeing it at the end.

	With this patch in place, normal live migration works again.

	v3: Instead of the churn for virCheckFlagsUI and UL, instead
	always promote flags to an unsigned long and always use %lx
	for the fprintf.
	v2: Add back flags check, which required adding virCheckFlagsUI
	and virCheckFlagsUL

2010-05-25  Cole Robinson  <crobinso@redhat.com>

	qemu: Allow using regular audio backends with VNC
	Currently all host audio backends are disabled if a VM is using VNC, in
	favor of the QEMU VNC audio extension. Unfortunately no released VNC
	client supports this extension, so users have no way of getting audio
	to work if using VNC.

	Add a new config option in qemu.conf which allows changing libvirt's
	behavior, but keep the default intact.

	v2: Fix doc typos, change name to vnc_allow_host_audio

	storage: mpath: Fix incorrect VIR_ERROR use

2010-05-25  Chris Lalancette  <clalance@redhat.com>

	Allow nwfilter functions to be compiled with C++
	Unfortunately the NWFilter functions were outside of the
	"extern C { ... }" declaration in include/libvirt/libvirt.h.in,
	which means that they couldn't be properly used with C++.  Move
	them inside of the braces, which should fix the problem.

2010-05-25  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: documentation
	This patch adds documentation of the nwfilter subsystem of libvirt to
	the existing (web) docs.

2010-05-25  Eric Blake  <eblake@redhat.com>

	maint: update AUTHORS with recent contributors
	git shortlog $(git log -1 --format=%H AUTHORS).. | grep -v "^ "

	then add missing entries to AUTHORS.

	* AUTHORS: Update.

2010-05-25  Alex Williamson  <alex.williamson@redhat.com>

	qemu: Release bus address on PCI host device remove

	qemu: avoid corrupting guest info struct on host device PCI hot add
	The device path doesn't make use of guestAddr, so the memcpy corrupts
	the guest info struct.

2010-05-25  Daniel P. Berrange  <berrange@redhat.com>

	Query block allocation extent from QEMU monitor
	The virDomainGetBlockInfo API allows query physical block
	extent and allocated block extent. These are normally the
	same value unless storing a special format like qcow2
	inside a block device. In this scenario we can query QEMU
	to get the actual allocated extent.

	Since last time:

	 - Return fatal error in text monitor
	 - Only invoke monitor command for block devices
	 - Fix error handling JSON code

	* src/qemu/qemu_driver.c: Fill in block aloction extent when VM
	  is running
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  API to query the highest block extent via info blockstats

2010-05-25  Jim Meyering  <jim@meyering.net>

	lxcSetSchedulerParameters: reverse order of tests; diagnose a failure
	* src/lxc/lxc_driver.c (lxcSetSchedulerParameters): Ensure that
	"->field" is "cpu_shares" before possibly giving a diagnostic about
	a type for a "cpu_shares" value.
	Also, virCgroupSetCpuShares could fail without evoking a diagnostic.
	Add one.

2010-05-25  Chris Lalancette  <clalance@redhat.com>

	Don't overwrite virDomainAssignDef errors.

2010-05-24  Cole Robinson  <crobinso@redhat.com>

	storage: Combine some duplicate code
	Volume detection in the scsi backend was duplicating code already
	present in storage_backend.c. Let's drop the duplicate code.

	Also, change the shared function name to be less generic, and remove
	some error squashing in the other call site.

	storage: mpath: Clean up some error handling
	We were squashing error messages in a few cases. Recode to follow common
	ret = -1 convention.

	v2: Handle more error squashing issues further up in MakeNewVol and
	    CreateVols. Use ret = -1 convention in MakeVols.

2010-05-24  Jiri Denemark  <jdenemar@redhat.com>

	Remove dead code after refactoring qemudDomainStart
	The event is already generated and sent by qemudDomainObjStart, no need
	to do anything about here.

2010-05-23  Jim Meyering  <meyering@redhat.com>

	libvirtd: start each diagnostic with "argv0: "
	Some diagnostics had a hard-coded "libvirtd: " prefix, some used
	"error: " and some used "argv[0]: ".  Always use "argv[0]: ".
	* daemon/libvirtd.c (argv0): New global.
	(main): Set it.
	(version, usage): Remove argv0 parameter.  Use global; update callers.
	(daemonForkIntoBackground): Use argv0:, not error:.
	(qemudWritePidFile): Start each diagnostic with argv0:.
	Suggested by Eric Blake.

	libvirtd: mark strings for translation, including --help output
	* daemon/libvirtd.c (daemonForkIntoBackground, main): Mark strings
	for translation.
	(usage): Rework --help so that it is translatable, replacing
	each embedded, configuration-dependent, macro with an `%s'.

	libvirtd: don't ignore virInitialize failure
	* daemon/libvirtd.c (main): Diagnose virInitialize failure
	and exit nonzero.

2010-05-22  Eric Blake  <eblake@redhat.com>

	build: fix cppi warnings
	* src/util/bitmap.h (includes): Placate cppi.

	build: force init scripts to rebuild on changed --prefix
	Otherwise, './configure --prefix=/foo && make &&
	 ./configure --prefix=/bar && make' leaves the wrong files
	in libvirtd.init (/foo instead of /bar).

	* daemon/Makefile.am (libvirtd.init): Add dependency on
	config.status.  Reported by Cole Robinson.

2010-05-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	build: Distribute the whole tests/qemuhelpdata directory
	Instead of distributing the individual files.

	Now it's less error prone and consistent with the rest of
	the data directories in the tests directory.

2010-05-22  Cole Robinson  <crobinso@redhat.com>

	.gitignore: Add libvirt-guests.init

2010-05-22  Jim Fehlig  <jfehlig@novell.com>

	Fix race in finding available vnc port
	The qemu driver contains a subtle race in the logic to find next
	available vnc port.  Currently it iterates through all available ports
	and returns the first for which bind(2) succeeds.  However it is possible
	that a previously issued port has not yet been bound by qemu, resulting
	in the same port used for a subsequent domain.

	This patch addresses the race by using a simple bitmap to "reserve" the
	ports allocated by libvirt.

	V2:
	  - Put port bitmap in struct qemud_driver
	  - Initialize bitmap in qemudStartup

	V3:
	  - Check for failure of virBitmapGetBit
	  - Additional check for port != -1 before calling virbitmapClearBit

	V4:
	  - Check for failure of virBitmap{Set,Clear}Bit

	Add defines for QEMU_VNC_PORT_{MIN,MAX} and use them

	Add simple bitmap operations to utils
	V2:
	  - Move bitmap impl to src/util/bitmap.[ch]
	  - Use CHAR_BIT instead of explicit '8'
	  - Use size_t instead of unsigned int
	  - Fix calculation of bitmap size in virBitmapAlloc
	  - Ensure bit is within range of map in the set, clear, and get
	    operations
	  - Use bool in virBitmapGetBit
	  - Add virBitmapFree to free-like funcs in cfg.mk

	V3:
	  - Check for overflow in virBitmapAlloc
	  - Fix copy and paste bug in virBitmapAlloc
	  - Use size_t in prototypes
	  - Add ATTRIBUTE_NONNULL in prototypes where appropriate
	    and remove NULL check from impl

	V4:
	  - Add ATTRIBUTE_RETURN_CHECK in prototypes where appropriate.

2010-05-22  Cole Robinson  <crobinso@redhat.com>

	daemon: Export SDL audio environment variables
	/etc/sysconfig/libvirtd has a few environment variables for configuring
	libvirt SDL audio. The libvirtd process doesn't see these, however, because
	they are never exported. Let's export the variables after sourcing the
	sysconfig script.

	There is another problem here that the commented out values in the
	sysconfig script are not neccessarily the actual defaults, we are qemus
	mercy here. Not sure how to solve that.

2010-05-21  Chris Lalancette  <clalance@redhat.com>

	Remove isValidIfname.
	We shouldn't be checking validity in domain_conf, since
	it can be used by multiple different hosts and hypervisors.
	Remove the check completely.

2010-05-21  Jiri Denemark  <jdenemar@redhat.com>

	Init script for handling guests on shutdown/boot
	Example output during shutdown:

	Running guests on default URI: console, rhel6-1, rhel5-64
	Running guests on lxc:/// URI: lxc-shell
	Running guests on xen:/// URI: error: no hypervisor driver available for xen:///
	error: failed to connect to the hypervisor
	Running guests on vbox+tcp://orkuz/system URI: no running guests.
	Suspending guests on default URI...
	Suspending console: done
	Suspending rhel6-1: done
	Suspending rhel5-64: done
	Suspending guests on lxc:/// URI...
	Suspending lxc-shell: error: Failed to save domain 9cba8bfb-56f4-6589-2d12-8a58c886dd3b state
	error: this function is not supported by the hypervisor: virDomainManagedSave

	Note, the "Suspending $guest: " shows progress during the suspend phase
	if domjobinfo gives meaningful output.

	Example output during boot:

	Resuming guests on default URI...
	Resuming guest rhel6-1: done
	Resuming guest rhel5-64: done
	Resuming guest console: done
	Resuming guests on lxc:/// URI...
	Resuming guest lxc-shell: already active

	Configuration used for generating the examples above:
	URIS='default lxc:/// xen:/// vbox+tcp://orkuz/system'

	The script uses /var/lib/libvirt/libvirt-guests files to note all active
	guest it should try to resume on next boot. It's content looks like:

	default 7f8b9d93-30e1-f0b9-47a7-cb408482654b 085b4c95-5da2-e8e1-712f-6ea6a4156af2 fb4d8360-5305-df3a-2da1-07d682891b8c
	lxc:/// 9cba8bfb-56f4-6589-2d12-8a58c886dd3b

	Autostart domains using virDomainObjStart

	Refactor qemudDomainStart
	We need a common internal function for starting managed domains to be
	used during autostart. This patch factors out relevant code from
	qemudDomainStart into qemudDomainObjStart and makes it use the
	refactored code for domain restore instead of calling qemudDomainRestore
	API directly.

	Factor out def assignment to existing domain from virDomainAssignDef
	We need to be able to assign new def to an existing virDomainObj which
	is already locked. This patch factors out the relevant code from
	virDomainAssignDef into virDomainObjAssignDef.

	Refactor qemudDomainRestore
	We need to be able to restore a domain which we already locked and
	started a job for it without undoing these steps. This patch factors
	out internals of qemudDomainRestore into separate functions which work
	for locked objects.

2010-05-21  Jim Meyering  <meyering@redhat.com>

	maint: update po/POTFILES.in
	* po/POTFILES.in: Add 3 files.

	maint: enforce policy wrt VIR_DEBUG and VIR_DEBUG0
	* cfg.mk (sc_prohibit_gettext_markup): Just like VIR_WARN*.

	maint: don't mark VIR_DEBUG or VIR_DEBUG0 diagnostics for translation
	Run this command:
	  git grep -l VIR_DEBUG|xargs perl -pi -e \
	    's/(VIR_DEBUG0?)\s*\(_\((".*?")\)/$1($2/'

	maint: enforce policy wrt VIR_ERROR and VIR_ERROR0
	* cfg.mk (msg_gen_function): Add VIR_ERROR and VIR_ERROR0,
	so that sc_libvirt_unmarked_diagnostics will check them, too.

	maint: change "" in err ? err->message : "" to _("unknown error"), ...
	These changes avoid false-positive syntax-check failure,
	and also make the resulting diagnostics more comprehensible.

	maint: more of same, but manual: convert VIR_ERROR("%s" to VIR_ERROR0(

	maint: VIR_ERROR/VIR_ERROR0: mark up the remaining ones manually
	Handle concatenated strings manually.

	maint: mark translatable string args of VIR_ERROR
	Run this:
	  git grep -l 'VIR_ERROR\s*("'|xargs perl -pi -e \
	    's/(VIR_ERROR)\s*\((".*?"),/$1(_($2),/'

	maint: mark translatable string args of VIR_ERROR0
	Run this:
	  git grep -l 'VIR_ERROR0\s*("'|xargs perl -pi -e \
	    's/(VIR_ERROR0)\s*\((".*?")\)/$1(_($2))/'

	maint: use VIR_ERROR0 rather than VIR_ERROR with a bare "%s"
	Change VIR_ERROR("%s", "..."
	to     VIR_ERROR0("..."

	and

	Change VIR_ERROR("%s", _("...")
	to     VIR_ERROR0(_("...")

	Use this command:
	  git grep -E -l 'VIR_ERROR\("%s", (_\()?"'|xargs perl -pi -e \
	  's/VIR_ERROR\("%s", (_\()?"/VIR_ERROR0($1"/'

2010-05-21  Chris Wright  <chrisw@redhat.com>

	qemu driver: fix version check typos
	* src/qemu/qemu_conf.c (qemudParseHelpStr): Fix errors that made
	it impossible to diagnose invalid minor and micro version number
	components.

2010-05-21  Cole Robinson  <crobinso@redhat.com>

	daemon: A few initscript corrections
	Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=565238

	- Avahi service is called 'avahi-daemon'
	- chkconfig descriptions must use \ for line continuations

	qemu: Use ShutdownVMDaemon for all startup cleanup paths
	The current cleanup: in StartVMDaemon path is a poor duplication.
	qemuShutdownVMDaemon can handle teardown for inactive VMs, so let's use it.

	v2: Remove old abort: label, only use cleanup:

2010-05-21  Chris Lalancette  <clalance@redhat.com>

	Domain snapshot RNG and tests.

	Fix up the python bindings for snapshotting.
	This involved a few fixes.  To start with,
	an virDomainSnapshot object is really tied to a
	domain, not a connection, so we have to generate
	a slightly different object so that we can get
	at self._dom for the object.

	Next, we had to "dummy" up an override piece of
	XML with a bogus argument that the function doesn't
	actually take.  That's so that the generator places
	virDomainRevertToSnapshot underneath the correct
	class (namely, the virDomain class).

	Finally, we had to hand-implement the
	virDomainRevertToSnapshot implementation, ignoring the
	bogus pointer we are being passed.

	With all of this in place, I was able to successfully
	take a snapshot and revert to it using only the
	Python bindings.

2010-05-21  Jim Meyering  <meyering@redhat.com>

	qemu_conf.c: also recognize new first line of qemu -help output
	* src/qemu/qemu_conf.c (QEMU_VERSION_STR_1, QEMU_VERSION_STR_2):
	Define these instead of...
	(QEMU_VERSION_STR): ... this.  Remove definition.
	(qemudParseHelpStr): Check first for the new, shorter prefix,
	"QEMU emulator version", and then for the old one,
	"QEMU PC emulator version" when trying to parse the version number.
	Based on a patch by Chris Wright.

	lxc_controller.c: don't ignore failed "accept"
	* src/lxc/lxc_controller.c (ignorable_epoll_accept_errno): New function.
	(lxcControllerMain): Handle a failed accept carefully:
	most errno values indicate legitimate failure and must be fatal.
	However, ignore a special case: that in which an incoming client quits
	between the poll() indicating its presence, and our accept() which
	is trying to process it.

2010-05-20  Cole Robinson  <crobinso@redhat.com>

	qemu: Don't deny ShutdownVMDaemon for non-running VMs
	Clients that require this already seem to do so. Calling this function
	with pid < 1 also should not cause problems.

	qemu: Remove explicit VNC XML cleanup
	This only exists for a certain cleanup path in StartVMDaemon, but is
	unneeded since domain_conf.c handles this for us automatically.

	qemu: Properly cleanup in security startup error path
	Everything after hostdev setup needs to jump to cleanup on error.

2010-05-20  Jim Meyering  <meyering@redhat.com>

	libvirtd: don't ignore virInitialize failure
	* daemon/libvirtd.c (main): Diagnose virInitialize failure
	and exit nonzero.

2010-05-20  Alex Williamson  <alex.williamson@redhat.com>

	Rename qemuBuildCommandLine tapfds -> vmfds.
	There doesn't seem to be anything specific to tap devices for this
	array of file descriptors which need to stay open of the guest to use.
	Rename then for others to make use of.

2010-05-20  Jim Meyering  <meyering@redhat.com>

	maint: prohibit newline at end of diagnostic
	* cfg.mk (sc_prohibit_newline_at_end_of_diagnostic): New rule.
	Idea proposed by Jiri Denemark.

	maint: remove unwanted newline at end of diagnostic
	* src/xen/xend_internal.c (xenDaemonDomainDefineXML): Remove \n.
	* src/network/bridge_driver.c (networkAddMasqueradingIptablesRules):
	Likewise.

	qemudDomainMigrateFinish2: handle a case of virDomainSaveStatus failure
	* src/qemu/qemu_driver.c (qemudDomainMigrateFinish2): Don't ignore
	virDomainSaveStatus failure.
	* src/conf/domain_conf.h (virDomainSaveStatus): Use
	ATTRIBUTE_RETURN_CHECK, so this doesn't happen again.

2010-05-20  Eric Blake  <eblake@redhat.com>

	docs: distribute more coding convention documentation
	These files may be useful for anyone making modifications to
	source files in a tarball distribution.

	* src/Makefile.am (EXTRA_DIST): Add THREADS.txt.
	* daemon/Makefile.am (EXTRA_DIST): Add THREADING.txt.

	build: distribute missing file
	Commit f30ccb2458829 was incomplete.

	* .gitignore: Ignore intermediate directory during failed 'make
	distcheck'.
	* tests/Makefile.am (qemuhelpdata): Distribute new file.

2010-05-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Make esxVI_*_CastFromAnyType dynamically dispatched
	This will be used in the ESX storage driver in order to handle
	the DatastoreInfo type and inheriting types properly.

	esx: Allow esxVI_X_DynamicCast to be called successfully on X objects
	This semantic will be used in the ESX storage driver.

2010-05-20  Jim Meyering  <meyering@redhat.com>

	tests: the remote_protocol check also accommodates older pdwtags
	This test was failing on systems using pdwtags from dwarves-1.3.
	Reported by Matthias Bolte.
	Two-pronged fix:
	  - use --verbose to work also with dwarves-1.3; adapt regular
	    expressions to handle now-varying separators
	  - require a minimum number of post-split clauses, in order to
	    skip upon any future format change.
	    Currently there are 318; if there are 300 or fewer,
	    give a warning similar to when pdwtags is missing.
	* src/Makefile.am (remote_protocol-structs): Use pdwtags' --verbose
	option to make 1.3 emit member sizes and offsets.
	Consistently output WARNING messages to stderr.

2010-05-19  Jim Meyering  <meyering@redhat.com>

	initialize "meta" in virStorageFileGetMetadata, not in each caller
	Do not require each caller of virStorageFileGetMetadata and
	virStorageFileGetMetadataFromFD to first clear the storage of the
	"meta" buffer.  Instead, initialize that storage in
	virStorageFileGetMetadataFromFD.
	* src/util/storage_file.c (virStorageFileGetMetadataFromFD): Clear
	"meta" here, not before each of the following callers.
	* src/qemu/qemu_driver.c (qemuSetupDiskCgroup): Don't clear "meta" here.
	(qemuTeardownDiskCgroup): Likewise.
	* src/qemu/qemu_security_dac.c (qemuSecurityDACSetSecurityImageLabel):
	Likewise.
	* src/security/security_selinux.c (SELinuxSetSecurityImageLabel):
	Likewise.
	* src/security/virt-aa-helper.c (get_files): Likewise.

	(qemu*DiskCgroup): avoid dead code
	* src/qemu/qemu_driver.c (qemuTeardownDiskCgroup): Remove
	bogus empty-body while-loop.
	(qemuSetupDiskCgroup): Likewise.

	maint: more VIR_WARN corrections: now manually
	* po/POTFILES.in: Remove src/util/logging.c and src/util/uuid.c.
	* src/phyp/phyp_driver.c (phypUUIDTable_ReadFile): Correct more
	VIR_WARN uses, now manually.
	(phypUUIDTable_Init, phypUUIDTable_Pull): Likewise.

	maint: use VIR_WARN0("...") rather than VIR_WARN("%s", "...")
	Run this command:
	  git grep -l 'VIR_WARN("%s", "'|xargs perl -pi -e \
	    's/VIR_WARN\("%s", "/VIR_WARN0("/'
	* src/phyp/phyp_driver.c (phypDomainGetInfo): Perform the above.
	(phypDomainCreateAndStart, phypUUIDTable_ReadFile): Likewise.

	maint: enforce no-markup policy wrt VIR_WARN-like macros
	* cfg.mk (sc_prohibit_gettext_markup): New rule, to enforce
	this policy.  Contrary to most diagnostic-emitting functions,
	where we require _(...) markup, here, we require that _() *not*
	be used for certain functions (or function-like macros).

	maint: remove _(...) from VIR_WARN arg manually
	* src/util/uuid.c (virUUIDGenerate): Remove _(...) manually.

	maint: don't mark VIR_WARN or VIR_WARN0 diagnostics for translation
	Approximately 60 messages were marked.  Since these diagnostics are
	intended solely for developers and maintainers, encouraging translation
	is deemed to be counterproductive:
	http://thread.gmane.org/gmane.comp.emulators.libvirt/25050/focus=25052

	Run this command:
	  git grep -l VIR_WARN|xargs perl -pi -e \
	    's/(VIR_WARN0?)\s*\(_\((".*?")\)/$1($2/'

	note a typo: VIR_MIGRATE_TUNNELLED should be VIR_MIGRATE_TUNNELED,
	so that searches for properly spelled "TUNNELED" turn up
	the surprising spelling of this public symbol.
	* include/libvirt/libvirt.h.in: Add a comment.

2010-05-19  Jiri Denemark  <jdenemar@redhat.com>

	Add support for SSE4.1 and SSE4.2 CPU features

	Fix potential NULL dereference in remoteDomainMigratePrepare2

2010-05-19  Jim Meyering  <meyering@redhat.com>

	do not ignore qemuMonitorAddDrive failure; make uses identical
	There were three very similar uses of qemuMonitorAddDrive.
	This change makes the three 17-line sequences identical.
	* src/qemu/qemu_driver.c (qemudDomainAttachPciDiskDevice): Detect
	failure.  Add VIR_WARN and braces.
	(qemudDomainAttachSCSIDisk): Add VIR_WARN and braces.
	(qemudDomainAttachUsbMassstorageDevice): Likewise.

	ebtablesAddRemoveRule, iptablesAddRemoveRule: don't skip va_end
	* src/util/ebtables.c (ebtablesAddRemoveRule): Don't skip
	va_end(args) on an error path.
	* src/util/iptables.c (iptablesAddRemoveRule): Identical change.

	qemudDomainRestore: handle a case of virDomainSaveStatus failure
	* src/qemu/qemu_driver.c (qemudDomainRestore): Don't ignore
	virDomainSaveStatus failure.

	python: don't ignore virInitialize failure in module initialization
	* python/libvirt-override.c (initlibvirtmod): Upon virInitialize
	failure, skip the Py_InitModule call.

	tests: do not ignore virInitialize failure
	* tests/nodeinfotest.c (mymain): Do not ignore virInitialize failure.
	Most other callers of virInitialize test for failure.

	qemuMonitorTextMigrate: avoid leak on OOM-error path
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextMigrate): Also
	free "safedest" buffer when failing.

	virNWFilterDefParseXML: avoid leak on error paths
	* src/conf/nwfilter_conf.c (virNWFilterDefParseXML): Also free "ret"
	via cleanup.

	linuxNodeInfoCPUPopulate: avoid used-uninitialized via a test
	* tests/nodeinfotest.c (linuxTestCompareFiles): Don't use
	nodeinfo->member uninitialized.  linuxNodeInfoCPUPopulate requires
	that some of its nodeinfo members (including threads) be initialized
	upon input.  The nodeinfotest.c program lacked the initialization,
	while the only other use (nodeGetInfo) did perform it.
	It's not trivial to move the initialization into the function,
	since nodeGetInfo sets at least one member after clearing the
	buffer but before calling linuxNodeInfoCPUPopulate.

	virDomainNetDefParseXML: avoid leak upon multiple "filterref"
	* src/conf/domain_conf.c (virDomainNetDefParseXML): Don't leak
	memory when parsing two or more "filterref" elements.

2010-05-18  Jim Meyering  <meyering@redhat.com>

	ebiptablesWriteToTempFile: don't close a negative file descriptor
	* src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesWriteToTempFile):
	Skip the close if "fd" is negative.

2010-05-18  Daniel P. Berrange  <berrange@redhat.com>

	Protect against NULL pointer flaws in monitor usage
	History has shown that there are frequent bugs in the QEMU driver
	code leading to the monitor being invoked with a NULL pointer.
	Although the QEMU driver code should always report an error in
	this case before invoking the monitor, as a safety net put in a
	generic check in the monitor code entry points.

	* src/qemu/qemu_monitor.c: Safety net to check for NULL monitor
	  object

	Fix multiple potential NULL pointer references in monitor usage
	Any method which intends to invoke a monitor command must have
	a check for virDomainObjIsActive() before using the monitor to
	ensure that priv->mon != NULL.

	There is one subtle edge case in this though. If a method invokes
	multiple monitor commands, and calls qemuDomainObjExitMonitor()
	in between two of these commands then there is no guarentee that
	priv->mon != NULL anymore. This is because the QEMU process may
	exit or die at any time, and because qemuDomainObjEnterMonitor()
	releases the lock on virDomainObj, it is possible for the background
	thread to close the monitor handle and thus qemuDomainObjExitMonitor
	will release the last reference allowing priv->mon to become NULL.

	This affects several methods, most notably migration but also some
	hotplug methods. This patch takes a variety of approaches to solve
	the problem, depending on the particular usage scenario. Generally
	though it suffices to add an extra virDomainObjIsActive() check
	if qemuDomainObjExitMonitor() was called during the method.

	* src/qemu/qemu_driver.c: Fix multiple potential NULL pointer flaws
	  in usage of the monitor

2010-05-18  Jim Meyering  <meyering@redhat.com>

	maint: add more free-like functions to the list and deal with fallout
	* cfg.mk (useless_free_options): Add many vir*Free* function names,
	and then remove the useless if-before-free tests exposed by running
	make syntax-check.
	* src/conf/interface_conf.c (virInterfaceDefFree): Remove useless "if".
	(virInterfaceAssignDef): Likewise.
	* src/conf/network_conf.c (virNetworkAssignDef): Likewise.
	* src/conf/storage_conf.c (virStoragePoolObjAssignDef): Likewise.
	* src/node_device/node_device_hal.c (dev_create): Likewise.
	* src/security/virt-aa-helper.c (vahDeinit): Likewise.
	* src/test/test_driver.c (testNodeDeviceCreateXML): Likewise.
	* src/util/conf.c (virConfSetValue): Likewise.

	maint: add virCgroupFree to the list of free-like functions
	This makes the useless-if-before-free test in maint.mk spot
	uses of virCgroupFree just like it does for free and the other
	listed functions.
	* cfg.mk (useless_free_options): Add virCgroupFree.
	Prompted by suggestion from Eric Blake.

	qemudDomainSetVcpus: avoid NULL-deref on failed uuid look-up
	* src/qemu/qemu_driver.c (qemudDomainSetVcpus): Upon look-up failure,
	i.e., vm==NULL, goto cleanup, rather than to "endjob", superficially
	since the latter would dereference vm, but more fundamentally because
	we certainly don't want to call qemuDomainObjEndJob before we've
	even attempted qemuDomainObjBeginJob.

	lxcFreezeContainer: avoid test-after-deref of never-NULL pointer
	* src/lxc/lxc_driver.c (lxcFreezeContainer): Remove test-after-deref.
	Correct indentation in expression.

2010-05-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add CIFS to the list of network file systems
	ESX supports NFS and CIFS. The ESX storage driver will reflect this.

	Add VIR_STORAGE_POOL_INACCESSIBLE to denote inaccessible storage pools
	This status will be used by the ESX storage driver.

	For example a running NFS pool is inaccessible when the NFS server is
	currently unreachable.

2010-05-18  Eric Blake  <eblake@redhat.com>

	qemu_conf: fix flag value
	(gdb) p/x QEMUD_CMD_FLAG_VNET_HOST
	$7 = 0xffffffff80000000

	Oops - that meant we were incorrectly setting QEMU_CMD_FLAG_RTC_TD_HACK
	for qemu-kvm-0.12.3 (and probably botching a few other settings as well).

	Fixes Red Hat BZ#592070

	* src/qemu/qemu_conf.h (QEMUD_CMD_FLAG_VNET_HOST): Avoid sign
	extension.
	* tests/qemuhelpdata/qemu-kvm-0.12.3: New file.
	* tests/qemuhelptest.c (mymain): Add another case.

2010-05-18  Cole Robinson  <crobinso@redhat.com>

	qemu: Clarify a couple error messages
	A fedora translator filed:

	https://bugzilla.redhat.com/show_bug.cgi?id=580816

	Pointing out these two error messages as unclear: "write save" sounds
	like a typo without context, and lack of a colon made the second message
	difficult to parse.

2010-05-18  Eric Blake  <eblake@redhat.com>

	virFileResolveLink: fix return value
	virFileResolveLink was returning a positive value on error,
	thus confusing callers that assumed failure was < 0.  The
	confusion is further evidenced by callers that would have
	ended up calling virReportSystemError with a negative value
	instead of a valid errno.

	Fixes Red Hat BZ #591363.

	* src/util/util.c (virFileResolveLink): Live up to documentation.
	* src/qemu/qemu_security_dac.c
	(qemuSecurityDACRestoreSecurityFileLabel): Adjust callers.
	* src/security/security_selinux.c
	(SELinuxRestoreSecurityFileLabel): Likewise.
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskDeleteVol): Likewise.

2010-05-18  Cole Robinson  <crobinso@redhat.com>

	tests: Skip daemon-conf test if dir exceeds UNIX_PATH_MAX
	The max path length for unix sockets is pretty small (108, see man 7 unix).
	If 'make check' is run from a directory that exceeds this, one of the tests
	will fail, and in such a way that requires manually editting the test to
	determine why.

	There are certainly other ways to handle this, but I've chosen just to skip
	the offending test if we will exceed the length limitation.

	v2: Drop bashism, use test infrastructure to warn and skip

	pci: Give an explicit error if device not found
	v2: Use intended F_OK. Drop devdir param, just check dev->path for device
	existence.

	v3: Use virReportSystemError, include dev->path in error message.

2010-05-18  Eric Blake  <eblake@redhat.com>

	build: fix cygwin build, correctly this time
	Fix the cygwin regression introduced in commit 48445ccff, but
	without repeating the fresh build regression of commit
	2d550542e.

	* src/Makefile.am (libvirt_test_la_LIBADD): Split out subset of
	locally-built libraries...
	(libvirt_test_la_BUILT_LIBADD): ...into new variable.
	(libvirt_test_la_DEPENDENCIES): Depend only on the subset that
	automake would have given us for free if we didn't have to add our
	own extra file.

2010-05-18  Jim Meyering  <meyering@redhat.com>

	umlAutostartDomain: avoid NULL-deref upon virGetLastError failure
	* src/uml/uml_driver.c (umlAutostartDomain): Handle a NULL return
	from virGetLastError.

2010-05-17  Eric Blake  <eblake@redhat.com>

	build: fix up some compiler flags
	Matthias noted that the line:
	virt_aa_helper_LDFLAGS = $(WARN_CFLAGS)
	looks inconsistent, so I did an audit.

	Currently, the set of compiler warning flags passed to gcc as $CC are
	equally permitted as the set of linker flags passed to gcc as $LD, so
	there was no problem with that usage.  But if we ever get in a
	situation where $CC and $LD treat particular flags differently, using
	the right variable form will make it easier.

	In the process, I spotted a couple of typos that were omitting useful
	flags, as well as specifying a -l under the wrong variable.

	* acinclude.m4 (LIBVIRT_COMPILE_WARNINGS): Define WARN_LDFLAGS as
	an alias for WARN_CFLAGS.
	* tools/Makefile.am (virsh_LDFLAGS): Use more canonical spelling.
	* proxy/Makefile.am (libvirt_proxy_LDFLAGS): Likewise. Move
	library...
	(libvirt_proxy_LDADD): ...here.
	* src/Makefile.am (virt_aa_helper_LDFLAGS): Use more canonical
	spelling of WARN_LDFLAGS.
	(libvirt_parthelper_LDFLAGS, libvirt_lxc_LDFLAGS): Likewise.  Use
	correct spelling of COVERAGE_LDFLAGS.
	Reported by Matthias Bolte.

2010-05-17  Jim Meyering  <meyering@redhat.com>

	build: avoid compile failure on linux kernels older than 2.6.19
	* configure.ac: Check for <linux/magic.h>.
	* src/util/storage_file.c: Include <linux/magic.h> only if present.
	Linux kernels prior to 2.6.19 lacked it.
	[__linux__] (NFS_SUPER_MAGIC): Define if not already defined.

	x86ModelHasFeature: avoid NULL-dereference for unmatched CPU "feature"
	* src/cpu/cpu_x86.c (x86ModelHasFeature): Do not dereference the pointer
	returned by x86cpuidFind without first ensuring it is non-NULL.

2010-05-17  Cole Robinson  <crobinso@redhat.com>

	qemu: Report cmdline output if VM dies early
	qemuReadLogOutput early VM death detection is racy and won't always work.
	Startup then errors when connecting to the VM monitor. This won't report
	the emulator cmdline output which is typically the most useful diagnostic.

	Check if the VM has died at the very end of the monitor connection step,
	and if so, report the cmdline output.

	See also: https://bugzilla.redhat.com/show_bug.cgi?id=581381

	qemu: Fix previous commit, use comparision in if()

2010-05-17  Jim Meyering  <meyering@redhat.com>

	qemu_driver: avoid NULL dereference
	* src/qemu/qemu_driver.c (qemudDomainStart): After setting vm to NULL,
	goto cleanup, rather than dereferencing the NULL pointer.

2010-05-17  Daniel P. Berrange  <berrange@redhat.com>

	Remove debugging fprintf() calls
	* src/qemu/qemu_driver.c: Remove debugging fprintf() calls
	  accidentally left in code

2010-05-15  Jim Meyering  <meyering@redhat.com>

	qemudDomainSetVcpus: avoid NULL-deref
	* src/qemu/qemu_driver.c (qemudDomainSetVcpus): Avoid NULL-deref
	upon unknown UUID.  Call qemuDomainObjBeginJob(vm) only after
	ensuring that vm != NULL, not before.  This potential NULL-deref
	was introduced by commit 2c555d87b0041e0d1ec4742386d2161d1b2f0600.

2010-05-15  Eric Blake  <eblake@redhat.com>

	Revert "build: fix cygwin build"
	This reverts commit 2d550542ee729c1d9a4d92de344892650817b213.

	The patch worked for incremental builds, but broke fresh
	builds, because it interfered with automake's automatic
	dependency generation.  Until I figure out how to make
	automake do what we want, I'd rather leave cygwin broken
	but fresh Linux builds working.

	build: fix cygwin build
	make[3]: *** No rule to make target `-lxml2', needed by `libvirt.la'.  Stop.

	Due to treating the wrong string as a dependency.

	* src/Makefile.am (libvirt_la_DEPENDENCIES): Depend only on
	locally-built file, not on strings that might resolve as '-lxml2'.

2010-05-15  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Add missing driver lock in qemu driver
	This adds a missing driver lock in the qemu driver to protect
	the list of domains.

2010-05-15  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Fix a misuse of virAsprintf in qemudDomainMemoryPeek
	The code specifies driver->cacheDir as the format string,
	but it usually doesn't contain '%s', so the subsequent
	argument, "/qemu.mem.XXXXXX", is always ignored.

	The patch fixes the misuse.

2010-05-14  Daniel P. Berrange  <berrange@redhat.com>

	Make domain save work when dynamic_ownership=0
	Setting dynamic_ownership=0 in /etc/libvirt/qemu.conf prevents
	libvirt's DAC security driver from setting uid/gid on disk
	files when starting/stopping QEMU, allowing the admin to manage
	this manually. As a side effect it also stopped setting of
	uid/gid when saving guests to a file, which completely breaks
	save when QEMU is running non-root. Thus saved state labelling
	code must ignore the dynamic_ownership parameter

	* src/qemu/qemu_security_dac.c: Ignore dynamic_ownership=0 when
	  doing save/restore image labelling

	Don't reset user/group/security label on shared filesystems during migrate
	When QEMU runs with its disk on NFS, and as a non-root user, the
	disk is chownd to that non-root user. When migration completes
	the last step is shutting down the QEMU on the source host. THis
	normally resets user/group/security label. This is bad when the
	VM was just migrated because the file is still in use on the dest
	host. It is thus neccessary to skip the reset step for any files
	found to be on a shared filesystem

	* src/libvirt_private.syms: Export virStorageFileIsSharedFS
	* src/util/storage_file.c, src/util/storage_file.h: Add a new
	  method virStorageFileIsSharedFS() to determine if a file is
	  on a shared filesystem (NFS, GFS, OCFS2, etc)
	* src/qemu/qemu_driver.c: Tell security driver not to reset
	  disk labels on migration completion
	* src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c,
	  src/security/security_selinux.c, src/security/security_driver.h,
	  src/security/security_apparmor.c: Add ability to skip disk
	  restore step for files on shared filesystems.

	Fix handling of disk backing stores with cgroups
	The cgroups ACL code was only allowing the primary disk image.
	It is possible to chain images together, so we need to search
	for backing stores and add them to the ACL too. Since the ACL
	only handles block devices, we ignore the EINVAL we get from
	plain files. In addition it was missing code to teardown the
	cgroup when hot-unplugging a disk

	* src/qemu/qemu_driver.c: Allow backing stores in cgroup ACLs
	  and add missing teardown code in unplug path

	Fix possible crash in handling IO Error event
	If the IO error event does not include a reason, then there
	is a possible crash dispatching the event

	* src/conf/domain_event.c: Missing check for a NULL reason before
	  strduping allows for a crash

	Add support for NIC hotplug using netdev_add in QEMU
	QEMU is gaining a new monitor command netdev_add for hotplugging
	NICs using the netdev backend code. We already support this on
	the command this, though it is disabled. This adds support for
	hotplug too, also to remain disabled until 0.13 QEMU is released

	* src/qemu/qemu_driver.c: Support netdev hotplug for NICs
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  support for netdev_add and netdev_remove commands

2010-05-13  Eric Blake  <eblake@redhat.com>

	datatypes: fix comment typo
	* src/datatypes.c: Use correct word.

2010-05-12  Jiri Denemark  <jdenemar@redhat.com>

	Fix monitor ref counting when adding event handle
	When closing a monitor using qemuMonitorClose(), we are aware of
	the possibility the monitor is still being used somewhere:

	    /* NB: ordinarily one might immediately set mon->watch to -1
	     * and mon->fd to -1, but there may be a callback active
	     * that is still relying on these fields being valid. So
	     * we merely close them, but not clear their values and
	     * use this explicit 'closed' flag to track this state */

	but since we call virEventAddHandle() on that monitor without increasing
	its ref counter, the monitor is still freed which makes possible users
	of it quite unhappy. The unhappiness can lead to a hang if qemuMonitorIO
	tries to lock mutex which no longer exists.

	Remove watches before calling REMOTE_PROC_CLOSE
	First calling REMOTE_PROC_CLOSE and then removing watches might lead to
	a hang as HANGUP event can be triggered before the watches are actually
	removed but after virConnectPtr is already freed. As a result of that
	remoteDomainEventFired() would try to lock uninitialized mutex, which
	would hang for ever.

2010-05-12  Jim Meyering  <meyering@redhat.com>

	tests: use GPLv2+, not GPLv3
	* tests/cpuset: Change from GPLv3 to GPLv2+
	* tests/read-bufsiz: Likewise.
	* tests/read-non-seekable: Likewise.
	* tests/start: Likewise.
	* tests/undefine: Likewise.
	* tests/vcpupin: Likewise.
	* tests/virsh-all: Likewise.
	* tests/virsh-schedinfo: Likewise.
	* tests/virsh-synopsis: Likewise.

2010-05-12  Eric Blake  <eblake@redhat.com>

	libvirt_proxy: link with -lpthread if needed
	Continuation of earlier patches to fix LIB_PTHREAD, only
	triggered by ./configure --with-xen-proxy (a la autobuild.sh).

	* proxy/Makefile.am (libvirt_proxy_LDADD): Add LIB_PTHREAD.

2010-05-12  Cole Robinson  <crobinso@redhat.com>

	node_device: udev: Fix PCI product/vendor swappage
	Product and vendor values were swapped in the XML, which made virt-manager
	PCI device listing kinda useless.

2010-05-12  Eric Blake  <eblake@redhat.com>

	build: update gnulib
	* .gnulib: Update to latest.
	* bootstrap.conf (gnulib_modules): Import netdb.
	* src/esx/esx_util.c (AI_ADDRCONFIG): Rely on gnulib.
	* src/remote/remote_driver.c (AI_ADDRCONFIG): Likewise.
	* tools/virsh.c (WEXITSTATUS, O_SYNC): Likewise.

	build: allow older gettext
	* bootstrap.conf (gnulib_modules): Use gettext-h, not gettext,
	since the latter drags in a depedency on gettext 0.18.
	Suggested by Bruno Haible.

2010-05-12  Jim Meyering  <meyering@redhat.com>

	tests: correct PATH in new test, for when running manually
	* tests/virsh-schedinfo: This test sets PATH internally, just in
	case you're running it manually.  Normally, the PATH setting from
	tests/Makefile.am's TESTS_ENVIRONMENT is sufficient.  Prepend the
	correct directory, and take advantage of the PATH setting in one
	more case.

2010-05-11  Daniel P. Berrange  <berrange@redhat.com>

	Add env variable for debugging gnutls usage
	Allow debugging of GNUTLS interactions by setting

	  LIBVIRT_GNUTLS_DEBUG=10 LIBVIRT_DEBUG=1 virsh

	* src/remote/remote_driver.c: Use LIBVIRT_GNUTLS_DEBUG to
	  enable gnutls debugging

2010-05-11  Jim Meyering  <meyering@redhat.com>

	tests: adjust copyrights on scripts: s/FSF/Red Hat/
	* tests/cpuset: Change copyright holder from FSF to Red Hat, Inc.
	* tests/read-bufsiz: Likewise.
	* tests/read-non-seekable: Likewise.
	* tests/start: Likewise.
	* tests/undefine: Likewise.
	* tests/vcpupin: Likewise.
	* tests/virsh-all: Likewise.
	* tests/virsh-synopsis: Likewise.

	virsh: schedinfo --set invalid=value would simply ignore the option
	For example, virsh -c test:///default schedinfo 1 --set P=k would
	mistakenly exit successfully, giving no indication that it had failed
	to set the scheduling parameter "P".
	* tools/virsh.c (cmdSchedinfo): Diagnose an invalid --set j=k option,
	rather than silently ignoring it.
	* tests/virsh-schedinfo: New test for the above.
	* tests/Makefile.am (test_scripts): Add it.
	Reported by Jintao Yang in http://bugzilla.redhat.com/586632

	virsh: fix a typo in a diagnostic
	* tools/virsh.c (cmdSchedInfoUpdate): Fix typo in a diagnostic:
	s/an long long/a long long/.  One in a comment, too.

2010-05-11  Eric Blake  <eblake@redhat.com>

	delMacvtap: typo fix
	* src/util/macvtap.c (delMacvtap): Fix documentation.

	maint: allow VPATH use of remote_protocol-structs
	* src/Makefile.am (remote_protocol-structs): Ensure file lives in srcdir.

	docs/Makefile.am: remove unnecessary subshells
	* docs/Makefile.am (ChangeLog.html.in, %.html.tmp, %.html)
	(html/index.html, $(devhelphtml)): Avoid spurious subshells.

	maint: avoid spurious output if program not present
	Some shells warn about missing programs before redirection;
	the idiomatic way to silence them is to run the program check
	inside a subshell, with the redirections outside the subshell.
	But a subshell is only needed in places where it is reasonable
	to expect the use of such a noisy shell in the first place.

	* src/Makefile.am (remote_protocol-structs): Use subshell, for
	FreeBSD 8.0 /bin/sh.
	* cfg.mk (sc_preprocessor_indentation): Avoid subshell, since the
	only users running cfg.mk can be assumed to have decent tools.

	storage_encryption: silence clang warning
	For printf("%*s",foo,bar), clang complains if foo is not int:

	warning: field width should have type 'int', but argument has
	type 'unsigned int' [-Wformat]

	* src/conf/storage_encryption_conf.c
	(virStorageEncryptionSecretFormat, virStorageEncryptionFormat):
	Use correct type.
	* src/conf/storage_encryption_conf.h (virStorageEncryptionFormat):
	Likewise.

2010-05-08  Jim Meyering  <meyering@redhat.com>

	help avoid accidental remote_protocol.x changes
	Now, if you update remote_protocol.x without also updating
	remote_protocol-structs to match, then "make check" will fail.
	* src/Makefile.am (remote_protocol-structs): Extract list of
	structs and member names from remote_protocol.o.
	(check-local): Depend on it.
	* src/remote_protocol-structs: New file.

2010-05-08  Eric Blake  <eblake@redhat.com>

	mingw32-libvirt.spec: bring up to date
	Right now, mingw32-portablexdr is not available in Fedora, but is
	present in fedora-mingw.git.  With that package, plus
	redhat-rpm-config and this patch, it is once again possible to build
	mingw32-libvirt from a Fedora 12 host.

	* mingw32-libvirt.spec.in (__debug_install_post): Override.
	(%files): Mention recent additions.

2010-05-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	Manually revert "Fix pthread related link error for virt-aa-helper"
	This reverts commit b5b8a6db69ba16a8225962bf7659b6ff6756bc18.

	That commit was not necessary. The problem is fixed by commit
	0e9b3a269be9ce821615aba4aece87c4451d43ac, but I didn't rebuild
	it properly after pulling in the commit and didn't notice it.

2010-05-08  Ersek Laszlo  <lacos@caesar.elte.hu>

	Fix a typo in docs

2010-05-08  Eric Blake  <eblake@redhat.com>

	build: use LIBADD, not LDFLAGS, for adding libraries
	Per automake, LDFLAGS is used early in the line, and LIBADD
	(libraries) or LDADD (programs) is used late.  On platforms like
	cygwin, without lazy linking, this order matters.  Therefore, libtool
	commands, -L, and similar should be in LDFLAGS, but -l should be in
	L*ADD.

	* src/Makefile.am (*_LDFLAGS): Move libraries...
	(*_LIBADD): ...to their LIBADD counterpart.

	maint: whitespace cleanups
	* src/Makefile.am: Fix some space-tab issues.

2010-05-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix pthread related link error for virt-aa-helper
	Link virt-aa-helper explicitly with pthread. This is at least
	required on Ubuntu 10.04.

	qemu: Fix warning about a non-literal format string

2010-05-07  Jim Meyering  <meyering@redhat.com>

	avoid link error in tests using libvirt_util; due to pthread_sigmask
	* src/Makefile.am (libvirt_util_la_LDFLAGS): Add $(LIB_PTHREAD),
	required, now that we're using gnulib's pthread module.

2010-05-07  Matthew Booth  <mbooth@redhat.com>

	Remove unused nwfilter field from struct remote_error
	Change 965466c1 added a new field to struct remote_error, which broke
	the RPC protocol. Fortunately the new field is unused, so this change
	simply removes it again.

	* src/remote/remote_protocol.(c|h|x): Remove remote_nwfilter from struct
	  remote_error

2010-05-07  Wolfgang Mauerer  <wolfgang.mauerer@siemens.com>

	Implement SCSI disk unplugging
	With the introduction of the generic qemu device model, unplugging
	SCSI disks works like a charm, so support it in libvirt.

	* src/qemu/qemu_driver.c: Add qemudDomainDetachSCSIDiskDevice() to do the
	  unplugging, extend qemudDomainDetachDeviceAdd().

2010-05-07  Eric Blake  <eblake@redhat.com>

	qemu: use better types
	* src/qemu/qemu_driver.c (qemudFindDisk): Mark parameter const.
	(qemudShrinkDisks): Mark parameter unsigned.

2010-05-07  Wolfgang Mauerer  <wolfgang.mauerer@siemens.com>

	Refactor disk unplugging
	We can reuse some of the code for other purposes.

2010-05-07  Eric Blake  <eblake@redhat.com>

	build: simplify checks for sched.h
	* configure.ac: Remove redundant checks.

	build: update gnulib
	81 patches to gnulib, picks up several new syntax checks.

	* .gnulib: Update to latest.
	* .x-sc_prohibit_always_true_header_tests: New file.
	* bootstrap.conf (gnulib_modules): Add sched.
	* src/util/processinfo.c (includes): <sched.h> is now guaranteed.
	* src/network/bridge_driver.c (includes): Drop useless
	<strings.h>.
	* src/openvz/openvz_conf.c (includes): Likewise.
	* src/openvz/openvz_driver.c (includes): Likewise.
	* src/phyp/phyp_driver.c (includes): Likewise.
	* src/qemu/qemu_driver.c (includes): Likewise.
	* src/uml/uml_driver.c (includes): Likewise.

	build: drop more redundant configure checks
	* configure.ac (AC_CHECK_FUNCS_ONCE, AC_SYS_LARGEFILE): Rely on
	gnulib for strtok_r and large file support.
	(AC_OBJEXT): Drop call now done by AC_PROG_CC.
	(m4_foreach_w): Drop macro guaranteed by gnulib.
	(AC_C_CONST): Drop call declared obsolete by autoconf.

	build: use gnulib's sys/wait.h
	* configure.ac: Drop sys/wait.h check.
	* src/libvirt.c (includes): Use header unconditionally.
	* src/remote/remote_driver.c (includes): Likewise.
	* src/storage/storage_backend.c (includes): Likewise.
	* src/util/ebtables.c (includes): Likewise.
	* src/util/hooks.c (includes): Likewise.
	* src/util/iptables.c (includes): Likewise.
	* src/util/util.c (includes): Likewise.

	build: use gnulib's uname
	* bootstrap.conf (gnulib_modules): Add uname.
	* configure.ac: Drop uname and sys/utsname.h checks.
	* src/nodeinfo.c (nodeGetInfo): Use uname unconditionally.

	build: rely on gnulib's pthread module
	Gnulib can guarantee that pthread.h exists, but for now, it is a dummy
	header with no support for most pthread_* functions.  Modify our
	use of pthread to use function checks, rather than header checks,
	to determine how much pthread support is present.

	* bootstrap.conf (gnulib_modules): Add pthread.
	* configure.ac: Drop all pthread.h checks.  Optimize function
	checks.  Add check for pthread functions.
	* src/Makefile.am (libvirt_lxc_LDADD): Ensure proper link.
	* src/remote/remote_driver.c (remoteIOEventLoop): Depend on
	pthread_sigmask, now that gnulib guarantees pthread.h.
	* src/util/util.c (virFork): Likewise.
	* src/util/threads.c (threads-pthread.c): Depend on
	pthread_mutexattr_init, as a witness of full pthread support.
	* src/util/threads.h (threads-pthread.h): Likewise.

2010-05-06  Eric Blake  <eblake@redhat.com>

	build: silence a clang false positive
	* src/qemu/qemu_monitor.c (qemuMonitorIOWriteWithFD): Work around
	recent clang shortcoming in analysis.

2010-05-06  Stefan Berger  <stefanb@us.ibm.com>

	rpmbuild: add ebtables & ip(6)tables dependency for rpm
	Add ebtables,iptables & iptables-ipv6 dependency to rpm.

	Changes from V1 to V2:
	  -passing --without-libpcap to configure script, if libpcap is not to be used

2010-05-05  Eric Blake  <eblake@redhat.com>

	util: fix va_start usage bug
	Detected by clang.  POSIX requires that the second argument to
	va_start be the name of the last variable; and in some implementations,
	passing *path instead of path would dereference bogus memory instead
	of pulling arguments off the stack.

	* src/util/util.c (virBuildPathInternal): Use correct argument to
	va_start.

2010-05-05  Kenneth Nagin  <NAGIN@il.ibm.com>

	qemu: live migration with non-shared storage for kvm
	Support for live migration between hosts that do not share storage was
	added to qemu-kvm release 0.12.1.
	It supports two flags:
	-b migration without shared storage with full disk copy
	-i migration without shared storage with incremental copy (same base image
	shared between source and destination).

	I tested the live migration without shared storage (both flags) for native
	and p2p with and without tunnelling.  I also verified that the fix doesn't
	affect normal migration with shared storage.

2010-05-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	configure.ac: Avoid uname, which breaks cross-compilation
	When cross-compiling on Linux, configure will misdetect the target as
	Linux because it uses uname instead of relying on the $host variable.
	This results in including libvirt_linux.syms into libvirt.syms and
	therefore trying to export undefined symbols.

	Replace uname checks with $host checks to fix this.

2010-05-04  Jiri Denemark  <jdenemar@redhat.com>

	Don't wipe generated iface target in active domains
	Wipe generated interface target only when reading configuration of
	inactive domains.

2010-05-04  Daniel Veillard  <veillard@redhat.com>

	Various fixes for the spec file
	This includes various things:
	 - fix the Requires: libvirt-client to use %{name} to allow easy
	   renaming
	 - when building ESX support one need libcurl-devel
	 - remove Makefile[.in] from xml/nwfilter in the docs, as this breaks
	   parallel install ation of i686 and x86_64 packages
	 - don't include nwfilter config files if not building with the daemon
	all relatively trivial which is why I packed them together
	* libvirt.spec.in: fix various small bugs

2010-05-04  Jim Meyering  <meyering@redhat.com>

	docs: hacking: explain why using curly braces well is important
	* docs/hacking.html.in: Use the "curly braces" section from coreutils'
	HACKING, adapting for libvirt's different formatting style.
	* HACKING: Sync from the above, still mostly manually.

2010-05-04  Jiri Denemark  <jdenemar@redhat.com>

	lxc: Check domain is active/inactive as required by operation
	Report VIR_ERR_OPERATION_INVALID when operation which requires running
	domain is called on inactive domain and vice versa.

	lxc: Make SetMemory work for active domains only

	lxc: Use virDomainFindByUUID for domain lookup
	Consistently use virDomainFindByUUID instead of virDomainFindByID and
	virDomainFindByName and report VIR_ERR_NO_DOMAIN when domain cannot be
	found.

2010-05-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	mingw: Fix two undefined symbols
	Add an empty body for virCondWaitUntil and move virPipeReadUntilEOF
	out of the '#ifndef WIN32' block, because it compiles fine with MinGW
	in combination with gnulib.

2010-05-04  Eric Blake  <eblake@redhat.com>

	build: avoid compiler warning
	Necessary on cygwin, where uid_t and gid_t are 4-byte long rather
	than int, causing gcc -Wformat warnings.

	* src/util/util.c (virFileOperationNoFork, virDirCreateNoFork)
	(virFileOperation, virDirCreate, virGetUserEnt): Cast uid_t and
	gid_t before passing to printf.
	* .gitignore: Ignore Windows executables.

2010-05-04  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: skip some interfaces on filter update
	When a filter is updated, only those interfaces must have their old
	rules cleared that either reference the filter directly or indirectly
	through another filter. Remember between the different steps of the
	instantiation of the filters which interfaces must be skipped. I am
	using a hash map to remember the names of the interfaces and store a
	bogus pointer to ~0 into it that need not be freed.

	pass info where request stems from to have rules applied
	For the decision on whether to instantiate the rules, the check for a
	pending IP address learn request is not sufficient since then only the
	thread could instantiate the rules. So, a boolean needs to be passed
	when the thread instantiates the filter rules late and the IP address
	learn request is still pending in order to override the check for the
	pending learn request. If the rules are to be updated while the thread
	is active, this will not be done immediately but the thread will do that
	later on.

2010-05-04  Eric Blake  <eblake@redhat.com>

	build: prefer WIN32 over __MINGW32__ checks
	WIN32 is always defined when __MINGW32__ is defined, but the
	converse is not true.  WIN32 is more generic, if someone were
	to ever attempt porting to a microsoft compiler.  This does
	not affect Cygwin, which intentionally does not define WIN32.

	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Use more
	generic flag macro.
	* src/storage/storage_backend.c
	(virStorageBackendUpdateVolTargetInfoFD)
	(virStorageBackendRunProgRegex): Likewise.
	* tools/console.h (vshRunConsole): Likewise.

2010-05-04  Ryota Ozaki  <ozaki.ryota@gmail.com>

	cgroup: Fix possible memory leak in virCgroupMakeGroup
	* src/util/cgroup.c: free temporal path string before breaking loop

2010-05-04  Eric Blake  <eblake@redhat.com>

	dnsmasqReload: avoid mingw link failure
	* src/util/dnsmasq.c (dnsmasqReload): Mingw lacks kill, but is not
	running a dnsmasq daemon either.

2010-05-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	mingw: Fix symbol export
	In commit 98fb83ce25f46e0236706fa6e0943032d921935f I changed the
	version script handling. But it seems that I didn't test this properly
	and broke it. The .def file is passed to the compiler directly, but it
	should get passed to the linker instead.

	Set VERSION_SCRIPT_FLAGS to -Wl, to pass the .def file correctly to
	the linker.

	This fixes the undefined symbol errors while linking virsh.

	dnsmasq.c: Fix OOM error reporting
	Also do some indentation clean up.

2010-05-03  Laine Stump  <laine@laine.org>

	Fix memory leaks in cmdInterfaceEdit and cmdNWFilterEdit.
	This applies a fix to thos functions similar to that made to cmdEdit
	in 270895063d1cf86ab42fa220a8d090c24d58dbc0, thus fnixing a memory
	leak - if tmp is unlinked and NULLed early in the function, the memory
	used by tmp is never freed. Since we will always unlink tmp prior to
	freeing its memory at the end of the function, just remove the earlier
	code and let cleanup: do the cleanup.

2010-05-03  Ryota Ozaki  <ozaki.ryota@gmail.com>

	lxc: Fix failure on starting a domain with multiple interfaces
	[Error message]
	error: Failed to start domain lxc_test1
	error: internal error Failed to create veth device pair: 512

	The reason of the failure is that lxc driver unexpectedly re-uses
	an auto-assigned veth name and tries to create the created veth
	again. The failure will happen when a domain has multiple network
	interfaces and the names of those are not specified in XML.

	The patch fixes the problem by resetting buffers of veth names
	in every iteration of creating veth.

	* src/lxc/lxc_driver.c: prevent re-using auto-assigned veth name
	  Reported by Kumar L Srikanth-B22348.

2010-05-01  Eric Blake  <eblake@redhat.com>

	autobuild.sh: provide default prefix
	Without this patch and with a clean environment, ./autobuild.sh
	tried to use ./configure --prefix=/, and fails.

	* autobuild.sh (AUTOBUILD_INSTALL_ROOT): Provide sensible
	default.  Suggested by Daniel P. Berrange.

2010-05-01  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.8.1
	* configure.ac docs/news.html.in libvirt.spec.in: updates for release
	* po/*.po*: updated localizations and regenerated

2010-05-01  Cole Robinson  <crobinso@redhat.com>

	domain: Fix PCI address decimal parsing regression
	<hostdev> address parsing previously attempted to detect the number
	base: currently it is hardcoded to base 16, which can break PCI
	assignment via virt-manager. Revert to the previous behavior.

	* src/conf/domain_conf.c: virDomainDevicePCIAddressParseXML, switch to
	  virStrToLong_ui(bus, NULL, 0, ...) to autodetect base

2010-04-30  Daniel P. Berrange  <berrange@redhat.com>

	Add support for another explicit IO error event
	This introduces a new event type

	   VIR_DOMAIN_EVENT_ID_IO_ERROR_REASON

	This event is the same as the previous VIR_DOMAIN_ID_IO_ERROR
	event, but also includes a string describing the cause of
	the event.

	Thus there is a new callback definition for this event type

	typedef void (*virConnectDomainEventIOErrorReasonCallback)(virConnectPtr conn,
	                                                           virDomainPtr dom,
	                                                           const char *srcPath,
	                                                           const char *devAlias,
	                                                           int action,
	                                                           const char *reason,
	                                                           void *opaque);

	This is currently wired up to the QEMU block IO error events

	* daemon/remote.c: Dispatch IO error events to client
	* examples/domain-events/events-c/event-test.c: Watch for
	  IO error events
	* include/libvirt/libvirt.h.in: Define new IO error event ID
	  and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle IO error events
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for block IO errors and emit a libvirt IO error event
	* src/remote/remote_driver.c: Receive and dispatch IO error
	  events to application
	* src/remote/remote_protocol.x: Wire protocol definition for
	  IO error events
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for BLOCK_IO_ERROR event
	  from QEMU monitor

2010-04-30  Jiri Denemark  <jdenemar@redhat.com>

	Report all errors in SELinuxRestoreSecurityFileLabel

2010-04-30  Stefan Berger  <stefanb@us.ibm.com>

	Prevent updates while IP address learn thread is running
	Prevent updating and tearing down of filter while the IP
	address learning thread is running and has its own filtering
	rules applied.

	Syncronize the teardown of rules with the thread
	Introduce a function to notify the IP address learning
	thread to terminate and thus release the lock on the interface.
	Notify the thread before grabbing the lock on the interface
	and tearing down the rules. This prevents a 'virsh destroy' to
	tear down the rules that the IP address learning thread has
	applied.

	Clean all tables before applying 'basic' rules
	The functions invoked by the IP address learning thread
	that apply some basic filtering rules did not clean up
	any previous filtering rules that may still be there
	(due to a libvirt restart for example). With the
	patch below all the rules are cleaned up first.

	Also, I am introducing a function to drop all traffic
	in case the IP address learning thread could not apply
	the rules.

2010-04-30  Daniel Veillard  <veillard@redhat.com>

	MAke virFileHasSuffix case insensitive
	* src/util/util.c: as it's used for checking things like .iso suffixes

2010-04-30  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Also pick IP address from a DHCP ACK message
	The local DHCP server on virtbr0 sends DHCP ACK messages when a VM is
	started and requests an IP address while the initial DHCP lease on the
	VM's MAC address hasn't expired. So, also pick the IP address of the VM
	if that type of message is seen.
	Thanks to Gerhard Stenzel for providing a test case for this.

	Changes from V1 to V2:
	- cleanup: replacing DHCP option numbers through constants

2010-04-30  Dustin Kirkland  <kirkland@canonical.com>

	Fix virt-pki-validate's determination of CN
	Ubuntu's gntls package generates an Issuer line that looks like this:
	        Issuer: C=US,ST=NY,L=Rochester,O=example.com,CN=example.com CA,EMAIL=hostmaster@example.com

	While Red Hat's looks like this
	Issuer: CN=Red Hat Emerging Technologies

	Note the leading whitespace, and the additional fields in the former.

	This patch updates the regular expression to:
	 * trim leading characters before "Issuer:"
	 * trim anything between Issuer: and CN=
	 * trim anything after the next ,

	I've tested this against the certool output of both RH and Ubuntu
	generated certs.

2010-04-30  Jim Meyering  <meyering@redhat.com>

	qemudDomainSaveFlag: remove dead store
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Remove dead store to "rc".

2010-04-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix detection of disk in IO events
	When using -device syntax, the IO event will have a different
	prefix, 'drive-' that needs to be skipped over before matching
	against the libvirt disk alias

	* src/qemu/qemu_driver.c: Skip QEMU_DRIVE_HOST_PREFIX in IO event

	Implement python binding for virDomainGetBlockInfo
	This binds the virDomainGetBlockInfo API to python's blockInfo
	method on the domain object

	>>> c = libvirt.openReadOnly('qemu:///session')
	>>> d = c.lookupByName('demo')
	>>> f = d.blockInfo("/dev/loop0", 0)
	>>> print f
	[1048576000L, 104857600L, 104857600L]

	* python/libvirt-override-api.xml: Define override signature
	* python/generator.py: Skip C impl generator for virDomainGetBlockInfo
	* python/libvirt-override.c: Manual impl of virDomainGetBlockInfo

	Add new domblkinfo command to virsh
	  virsh # domblkinfo demoguest /dev/hda2
	  Capacity:       1048576000
	  Allocation:     104857600
	  Physical:       104857600

	* tools/virsh.c: Implement domblkinfo command mapping to the
	  new virDomainGetBlockInfo API

	Implement virDomainGetBlockInfo in QEMU driver
	* src/qemu/qemu_driver.c: Implementation of virDomainGetBlockInfo
	* src/util/storage_file.h: Add DEV_BSIZE
	* src/storage/storage_backend.c: Remove DEV_BSIZE

	Remote protocol impl for virDomainGetBlockInfo
	* daemon/remote.c: Server side dispatcher
	* daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h,
	  daemon/remote_dispatch_ret.h, daemon/remote_dispatch_table.h: Update
	  with new API
	* src/remote/remote_driver.c: Client side dispatcher
	* src/remote/remote_protocol.c, src/remote/remote_protocol.h: Update
	* src/remote/remote_protocol.x: Define new wire protocol

	Internal driver API infrastructure for virDomainGetBlockInfo
	This defines the internal driver API and stubs out each driver

	* src/driver.h: Define virDrvDomainGetBlockInfo signature
	* src/libvirt.c, src/libvirt_public.syms: Glue public API to drivers
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_driver.c, src/phyp/phyp_driver.c,
	  src/test/test_driver.c, src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/xen/xen_driver.c, src/xenapi/xenapi_driver.c: Stub out driver

	Add virDomainGetBlockInfo API to query disk sizing
	Some applications need to be able to query a guest's disk info,
	even for paths not managed by the storage pool APIs. This adds
	a very simple API to get this information, modelled on the
	virStorageVolGetInfo API, but with an extra field 'physical'.
	Normally 'physical' and 'allocation' will be identical, but
	in the case of a qcow2-like file stored inside a block device
	'physical' will give the block device size, while 'allocation'
	will give the qcow2 image size

	* include/libvirt/libvirt.h.in: Define virDomainGetBlockInfo

2010-04-29  Chris Lalancette  <clalance@redhat.com>

	Fix a virsh edit memory leak
	When running virsh edit, we are unlinking and setting
	the tmp variable to NULL before going to the end of the
	function, meaning that we never free tmp.  Since the
	exit to the function will always unlink and free tmp,
	just remove this bit of code and let it get done at the
	end.

	Fix a qemuDomainPCIAddressSetFree memory leak
	qemuDomainPCIAddressSetFree was freeing up the hash
	table for the pci addresses, but not freeing up the addr
	structure.  Looking over the callers of this function, it
	seems like they expect it to also free up the structure,
	so do that here.

	Fix a memory leak in the node_device_udev code
	We were over-writing a pointer without freeing it in
	case of a disk device, leading to a memory leak.

	Fix build on Ubuntu.
	When building on Ubuntu with make -j3 (or more), it would always
	fail when trying to build virt-aa-helper.  I'm not an expert in
	automake by any means, but I think the entry for virt-aa-helper
	is mis-using LDADD; it shouldn't be putting direct paths to
	libvirt_conf.la and libvirt_util.la, but instead referencing those
	names.  With this patch in place, I'm able to successfully build
	on Ubuntu 9.04 with make -j3.

	Report better error if qemuSnapshotIsAllowed failed.

2010-04-29  Daniel P. Berrange  <berrange@redhat.com>

	Remove unused goto label from qemudDomainCreate
	The previous commit changes a goto from 'endjob' to 'cleanup',
	leaving the endjob label unused. Remove it to avoid compile
	warning.

	* src/qemu/qemu_driver.c: Remove 'endjob' label

2010-04-29  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: python bindings for nwfilter
	I have primarily followed the pattern of the 'secret' driver to provide
	support for the missing python bindings for the network filter API.

2010-04-29  Jim Meyering  <meyering@redhat.com>

	qemuDomainSnapshotCreateXML: avoid NULL dereferences
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): When setting
	"vm" to NULL, jump over vm-dereferencing code to "cleanup".
	(qemuDomainRevertToSnapshot): Likewise.

	qemudDomainCreate: correct a slightly misdirected goto
	* src/qemu/qemu_driver.c (qemudDomainCreate): Goto cleanup,
	not "endjob", since we know "vm" is already NULL.  No semantic change.

2010-04-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	cygwin/mingw: Fix version script handling
	Let configure detect ld instead of hardcoding /usr/bin/ld, because
	MinGW may have ld in /bin.

	Only use a .def file to export symbols on MinGW. Cygwin's ld supports
	the normal .syms file used on Linux.

2010-04-28  Eric Blake  <eblake@redhat.com>

	build: fix autogen rule for VPATH build
	* cfg.mk (gnulib_srcdir): Override maint.mk default.
	(_update_required): Run in correct directory.

2010-04-28  Daniel Veillard  <veillard@redhat.com>

	Move dnsmasq host file to a separate directory
	use /var/lib/libvirt/dnsmasq since /var/lib/libvirt/network is
	unreadable by the dnsmasq binary

	* src/network/bridge_driver.c: update DNSMASQ_STATE_DIR
	* src/Makefile.am: create it on make install
	* libvirt.spec.in: take the new directory into account

2010-04-28  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: allow to mix filterrefs and rules in the schema
	So far the references to other filters needed to appear before filtering
	rules. With the below patch they can now appear in any order.

	Also I forgot to add a couple of 'rarp's.

2010-04-28  Daniel P. Berrange  <berrange@redhat.com>

	Fix handling of security driver restore failures in QEMU domain save
	In cases where the security driver failed to restore a label after a
	guest has saved, we mistakenly jumped to the error cleanup paths.
	This is not good, because the operation has in fact completed and
	cannot be rolled back completely. Label restore is non-critical, so
	just log the problem instead. Also add a missing restore call in
	the error cleanup path

	* src/qemu/qemu_driver.c: Fix handling of security driver
	  restore failures in QEMU domain save

	Fix QEMU domain save to block devices with cgroups enabled
	When cgroups is enabled, access to block devices is likely to be
	restricted to a whitelist. Prior to saving a guest to a block device,
	it is necessary to add the block device to the whitelist. This is
	not required upon restore, since QEMU reads from stdin

	* src/qemu/qemu_driver.c: Add block device to cgroups whitelist
	  if neccessary during domain save.

	Fix QEMU save/restore with block devices
	The save process was relying on use of the shell >> append
	operator to ensure the save data was placed after the libvirt
	header + XML. This doesn't work for block devices though.
	Replace this code with use of 'dd' and its 'seek' parameter.
	This means that we need to pad the header + XML out to a
	multiple of dd block size (in this case we choose 512).

	The qemuMonitorMigateToCommand() monitor API is used for both
	save/coredump, and migration via UNIX socket. We can't simply
	switch this to use 'dd' since this causes problems with the
	migration usage. Thus, create a dedicated qemuMonitorMigateToFile
	which can accept an filename + offset, and remove the filename
	from the current qemuMonitorMigateToCommand() API

	* src/qemu/qemu_driver.c: Switch to qemuMonitorMigateToFile
	  for save and core dump
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Create
	  a new qemuMonitorMigateToFile, separate from the existing
	  qemuMonitorMigateToCommand to allow handling file offsets

	Avoid create/unlink with block devs used for QEMU save
	It is possible to use block devices with domain save/restore. Upon
	failure QEMU unlinks the path being saved to. This isn't good when
	it is a block device !

	* src/qemu/qemu_driver.c: Don't unlink block devices if save fails

	Fix crash when cleaning up from failed save attempt
	If a transient QEMU crashes during save attempt, then the virDomainPtr
	object may be freed. If a persistent QEMU crashes during save, then
	the 'priv->mon' field is no longer valid since it will be inactive.

	* src/qemu/qemu_driver.c: Fix two crashes when QEMU exits
	  during a save attempt

2010-04-28  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: let qemu's after-migration packet pass
	Qemu currently sends an Ethernet packet with protocol id 0x835 once a VM
	was successfully migrated. The content of the packet looks like a
	gratuitous RARP, just with the wrong protocol ID, which should be
	0x8035. I wrote some filters to let either one of the packets pass and
	am adapting the clean-traffic sample filter to use it. I am also
	doing some changes on the existing ARP filter which was lacking a
	test for source MAC address.

2010-04-28  Chris Lalancette  <clalance@redhat.com>

	Fix up the error message if we can't parse the snapshot XML.

2010-04-28  Klaus Ethgen  <Klaus@Ethgen.de>

	The base used for conversion of USB values should be 16 not 10.

2010-04-27  Chris Lalancette  <clalance@redhat.com>

	Fix up the locking in the snapshot code.
	In particular I was forgetting to take the qemuMonitorPrivatePtr
	lock (via qemuDomainObjBeginJob), which would cause problems
	if two users tried to access the same domain at the same time.
	This patch also fixes a problem where I was forgetting to remove
	a transient domain from the list of domains.

	Thanks to Stephen Shaw for pointing out the problem and testing
	out the initial patch.

2010-04-27  Daniel Veillard  <veillard@redhat.com>

	cleanup the download section of the documentation
	Just removing reverences to the deprecated CVS server and the old git
	on et.redhat.com

2010-04-27  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: add support for RAPR protocol
	This patch adds support for the RARP protocol. This may be needed due to
	qemu sending out a RARP packet (at least that's what it seems to want to
	do even though the protocol id is wrong) when migration finishes and
	we'd need a rule to let the packets pass.

	Unfortunately my installation of ebtables does not understand -p RARP
	and also seems to otherwise depend on strings in /etc/ethertype
	translated to protocol identifiers. Therefore I need to pass -p 0x8035
	for RARP. To generally get rid of the dependency of that file I switch
	all so far supported protocols to use their protocol identifier in the
	-p parameter rather than the string.

	I am also extending the schema and added a test case.

	changes from v1 to v2:
	- added test case into patch

2010-04-27  Jiri Denemark  <jdenemar@redhat.com>

	Ignore qemu STOP event when stopping CPUs
	With JSON qemu monitor, we get a STOP event from qemu whenever qemu
	stops guests CPUs. The downside of it is that vm->state is changed to
	PAUSED and a new generic paused event is send to applications. However,
	when we ask qemu to stop the CPUs we are not really interested in qemu
	event and we usually want to issue a more specific event.

	By setting vm->status to PAUSED before actually sending the request to
	qemu (and resetting it back if the request fails) we can ignore the
	event since the event handler does nothing when the guest is already
	paused. This solution is quite hacky but unfortunately it's the best
	solution which I was able to come up with and it doesn't introduce a
	race condition.

	Fix build with DEBUG_RAW_IO=1

2010-04-27  David Allan  <dallan@redhat.com>

	Fix indentation for storage conf XML
	* virStorageEncryptionFormat is called from both
	  virDomainDiskDefFormat and virStorageVolTargetDefFormat.  The proper
	  indentation in the generated XML depends on the caller.  My earlier
	  patch to fix the incorrect indentation for the domain XML broke the
	  indentation for the storage XML.  This patch adopts Laine's
	  suggestion of requring the caller of virStorageEncryptionFormat to
	  provide an unsigned int with the number of spaces the output should
	  be indented.  The patch modifies both callers to provide the
	  additional argument.

	* Add a regression test for the domain XML

	* src/conf/domain_conf.c src/conf/storage_conf.c
	  src/conf/storage_encryption_conf.c src/conf/storage_encryption_conf.h:
	  change the indentation code
	* tests/qemuxml2xmltest.c
	  tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk.args
	  tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk.xml: add a regression test

2010-04-27  Daniel Veillard  <veillard@redhat.com>

	Don't try to build qemu and lxc on non-Linux platforms
	as their drivers requires linux only headers

2010-04-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	cygwin: Handle differences in the XDR implementation
	Cygwin's XDR implementation defines xdr_u_int64_t instead of
	xdr_uint64_t and lacks IXDR_PUT_INT32/IXDR_GET_INT32.

	Alter the IXDR_GET_LONG regex in rpcgen_fix.pl so it doesn't destroy
	the #define IXDR_GET_INT32 IXDR_GET_LONG in remote_protocol.x.

	Also fix the remote_protocol.h regex in rpcgen_fix.pl.

	Cygwin's GCC doesn't like this .sa_handler initialization for some reason

	linux/if.h header is not available on non-Linux platforms

2010-04-27  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: enable hex number inputs in filter XML
	With this patch I want to enable hex number inputs in the filter XML. A
	number that was entered as hex is also printed as hex unless a string
	representing the meaning can be found.

	I am also extending the schema and adding a test case. A problem with
	the DSCP value is fixed on the way as well.

	Changes from V1 to V2:

	- using asHex boolean in all printf type of functions to select the
	output format in hex or decimal format

2010-04-26  Satoru SATOH  <satoru.satoh@gmail.com>

	Starts dnsmasq from libvirtd with --dhcp-hostsfile option
	This patch makes libvirtd start the dnsmasq daemon with a
	--dhcp-hostsfile option instead of --dhcp-host options for each
	'//ip/dhcp/host' entries defined in network xml file.

	the dnsmasq host file is stored into /var/lib/libvirt/network

	* src/network/bridge_driver.c: define the directory for the hostfiles
	  and save/delete them to be used by dnsmasq

	Add build support for dnsmasq module
	* po/POTFILES.in: the new module contains translatable strings
	* src/Makefile.am: include the files in the utils set
	* src/libvirt_private.syms: exports the symbols internally

	Add dnsmasq module files
	It implements an idea to save dhcp hosts' macaddr vs. ipaddr mappings to
	static file and make dnsmasq loading it with "--dhcp-hostsfile" option,
	originally suggested by Dan, and can address the problem that too
	many "--dhcp-host" args hitting ARG_MAX limit

	* src/util/dnsmasq.h src/util/dnsmasq.c: adds the 2 new files

2010-04-26  Daniel Veillard  <veillard@redhat.com>

	Fix make dist missing ESX generated files
	new method generated files are missing from dist tarball.

2010-04-24  Chris Lalancette  <clalance@redhat.com>

	Fix memory leak in virsh snapshot-list.
	We were forgetting to release the memory allocated by
	virDomainSnapshotListNames.  Free the memory properly.

	Fix printing of pathnames on error in qemuDomainSnapshotLoad.
	While doing some testing of the snapshot code I noticed that
	if qemuDomainSnapshotLoad failed, it would print a NULL as
	part of the error.  That's not desirable, so leave the
	full_path variable around until after we are done printing
	errors.

	Fix virDomainSnapshotObjFree memory leak.
	We were freeing the virDomainSnapshotDefPtr, but not
	the virDomainSnapshotObjPtr in virDomainSnapshotObjFree.

	Make virDomainSnapshotObjListDeinit static.

	Fix a memory leak in the snapshot code in libvirtd.
	While running libvirtd under valgrind and doing some
	snapshot testing I noticed that we would always leak a
	connection reference.  The problem was actually that we
	were leaking a domain reference in the libvirtd remote
	snapshot code, which was in turn causing a leaked
	connection reference.  Fix the situation by explicitly
	taking and dropping a domain reference where we need it.

2010-04-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	cygwin: Check explicitly for getmntent_r
	Cygwin has mntent.h but lacks getmntent_r. Update preprocessor
	checks to catch this combination.

	Some NWFilter symbols are conditional and have to be exported conditional

	xen: Fix inside_daemon beeing unused when libvirtd is disabled
	The defined __sun is there, because inside_daemon is used in xenUnifiedOpen
	if __sun is defined.

	Disable stateful OpenNebula driver if libvirtd is disabled
	Also move the equivalent checks for LXC and UML before their header
	checks. This way configure doesn't check for the headers when the driver
	gets disabled anyway.

	Improve configure error message about missing Linux headers

2010-04-24  Eric Blake  <eblake@redhat.com>

	build: fix typo in previous commit
	* configure.ac: Avoid syntax error.

	build: don't include winsock2.h on cygwin
	Under cygwin, winsock2.h is intentionally incompatible with,
	<sys/socket.h>, and checking for existence is wrong.

	Under mingw, HAVE_WINSOCK2_H is defined on our behalf by
	gnulib, in a way that does not interfere with cygwin.

	* configure.ac: Drop unnecessary header check.
	Reported by Matthias Bolte.

2010-04-24  Luiz Capitulino  <lcapitulino@redhat.com>

	QEmu JSON drop timestamp from command object
	It's not needed and is currently ignored, but this is a bug.

	It will get fixed soon and QMP will return an error for keys
	it doesn't know about, this will break libvirt.

	* src/qemu/qemu_monitor_json.c: remove qemuMonitorJSONCommandAddTimestamp()
	  and the place where it's invoked in qemuMonitorJSONMakeCommand()

2010-04-23  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: extend schema + add testcase w/ connlimit-above
	I am extending the schema with the recently added connlimit-above
	attribute and adding a test case for it to the test suite.

2010-04-23  Marco Bozzolan  <redshift@gmx.com>

	maint: update AUTHORS
	* AUTHORS: Use preferred name.

2010-04-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix crash in nwfilter driver check
	The nwfilterDriverActive() could de-reference a NULL pointer
	if it hadn't be started at the point it was called. It was
	also not thread safe, since it lacked locking around data
	accesses.

	* src/nwfilter/nwfilter_driver.c: Fix locking & NULL checks
	  in nwfilterDriverActive()

2010-04-23  Eric Blake  <eblake@redhat.com>

	addrToString: give better error message
	The user probably doesn't care what the gai error numbers are, as
	much as what the failed conversion IP address was.

	* src/remote/remote_driver.c (addrToString): Mention which address
	could not be converted.
	* daemon/remote.c (addrToString): Likewise.

	maint: update AUTHORS with recent contributors
	git shortlog $(git log -1 --format=%H AUTHORS).. | grep -v "^ "

	then add missing entries to AUTHORS.

	* AUTHORS: Update.

2010-04-23  Spencer Shimko  <sshimko@tresys.com>

	qemu: fix security context references in DAC code
	* The error messages coming from qemu's DAC support contain strings
	  from the original SELinux security driver code.  This just removes
	  references to "security context" and other SELinux-isms from the DAC
	  code.

2010-04-23  Stefan Berger  <stefanb@us.ibm.com>

	Changes from V1 to V2:  - using INT_BUFSIZE_BOUND() to determine the length of the buffersize for printing and integer into
	 - not explicitly initializing static var threadsTerminate to false
	anymore, since that's done automatically

	Changes after V2:
	  - removed while looks in case of OOM error
	  - removed on ifaceDown() call
	  - preceding one ifaceDown() call with an ifaceCheck() call

	Since the name of an interface can be the same between stops and starts
	of different VMs I have to switch the IP address learning thread to use
	the index of the interface to determine whether an interface is still
	available or not - in the case of macvtap the thread needs to listen for
	traffic on the physical interface, thus having to time out periodically
	to check whether the VM's macvtap device is still there as an indication
	that the VM is still alive. Previously the following sequence of 2 VMs
	with macvtap device

	virsh start testvm1; virsh destroy testvm1 ; virsh start testvm2

	would not terminate the thread upon testvm1's destroy since the name of
	the interface on the host could be the same (i.e, macvtap0) on testvm1
	and testvm2, thus it was easily race-able. The thread would then
	determine the IP address parameter for testvm2 but apply the rule set
	for testvm1. :-(
	I am also introducing a lock for the interface (by name) that the thread
	must hold while it listens for the traffic and releases when it
	terminates upon VM termination or 0.5 second thereafter. Thus, the new
	thread for a newly started VM with the same interface name will not
	start while the old one still holds the lock. The only other code that I
	see that also needs to grab the lock to serialize operation is the one
	that tears down the firewall that were established on behalf of an
	interface.

	I am moving the code applying the 'basic' firewall rules during the IP
	address learning phase inside the thread but won't start the thread
	unless it is ensured that the firewall driver has the ability to apply
	the 'basic' firewall rules.

2010-04-23  David Allan  <dallan@redhat.com>

	Properly indent encryption tags
	* Fix for the bug reported at:

	https://bugzilla.redhat.com/show_bug.cgi?id=573908

2010-04-23  Jiri Denemark  <jdenemar@redhat.com>

	Fix locking in qemudDomainCoreDump
	The hang fix in d376b7d63ec1ef24ba4c812d58b9a414ddb561f8 was incomplete
	since it left quite a few {Enter,Exit}Monitor calls which require driver
	to be unlocked. Since the driver is locked throughout the whole
	function, {Enter,Exit}MonitorWithDriver need to be used instead to
	ensure driver is not locked when issuing monitor commands.

	Poll for migration end every 50ms instead of 50us
	The comment in qemuDomainWaitForMigrationComplete says we are polling
	every 50ms but the code sleeps only for 50us. This was already discussed
	during review but apparently forgotten when the series was pushed.

2010-04-23  Spencer Shimko  <sshimko@tresys.com>

	configure.ac SELinux fixes
	* Fix a logic error in configure.ac that prevented --with-selinux=no
	  from being used with --with-secdriver-selinux=no.

	* Fix some strings to clarify the difference between --with-selinux
	  and --with-secdriver-selinux.

2010-04-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU text monitor command error checking
	The text monitor code was checking for a '\n' prefix on several
	places. Previously this would work, but since the monitor code
	re-write the '\n' is already stripped off, so mustn't be checked
	for.

	* src/qemu/qemu_monitor_text.c: Fix monitor error checking

	Fix CPU hotplug command names
	Probably as a result of a merge error, the CPU hotplug command
	names were completely wrong.

	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_text.c: Fix
	  the CPU hotplug command names

	Fix printing of event detail in python events demo program
	The events demo program is slightly misleading printing

	  myDomainEventCallback1 EVENT: Domain f14i686(-1) Added

	which is not distinguishing Add vs Update events. It should have
	been doing

	  myDomainEventCallback1 EVENT: Domain f14i686(-1) Defined Updated

	* examples/domain-events/events-python/event-test.py: Fully print
	  event detail info string

2010-04-22  Dustin Kirkland  <kirkland@canonical.com>

	portability fixes to tools/virt-pki-validate.in
	A few fixes will help make tools/virt-pki-validate.in useful on Debian
	and Ubuntu.  And one fix should be useful to everyone (see #3).

	 1) note our gnutls-bin package (in addition to your gnutls-utils
	package) in the no-certtool error text

	 2) fix a bashism, == should be = in the case where /bin/sh is a symlink
	to dash

	 3) $(SYSCONFDIR) cannot evaluate; set a single shell SYSCONFDIR
	variable to the autoconf @SYSCONFDIR@ value, and use $SYSCONFDIR
	everywhere

	Bug report:
	 * https://bugs.edge.launchpad.net/ubuntu/+source/libvirt/+bug/562266

2010-04-22  Eric Blake  <eblake@redhat.com>

	maint: enforce whitespace on shell scripts
	Noticed because virt-pki-validate was very inconsistent on
	using tabs vs. 8 spaces, sometimes mixing both paradigms on
	a single line.

	'git diff -b' shows significant changes only in cfg.mk.

	* cfg.mk (sc_TAB_in_indentation): Add a few files.
	* daemon/libvirtd.init.in: Avoid tabs.
	* tools/virt-pki-validate.in: Likewise.

	testutilsqemu: avoid uninitialized variable
	* tests/testutilsqemu.c (testQemuCapsInit): Initialize variables.

2010-04-22  Jiri Denemark  <jdenemar@redhat.com>

	Fake host CPU for qemu tests

	Use configured CPU model if possible
	Adds ability to provide a preferred CPU model for CPUID data decoding.
	Such model would be considered as the best possible model (if it's
	supported by hypervisor) regardless on number of features which have to
	be added or removed for describing required CPU.

	Support removing features when converting data to CPU
	So far, when CPUID data were converted into CPU model and features, the
	features can only be added to the model. As a result, when a guest asked
	for something like "qemu64,-svm" it would get a qemu32 plus a bunch of
	additional features instead.

	This patch adds support for removing feature from the base model.
	Selection algorithm remains the same: the best CPU model is the model
	which requires lowest number of features to be added/removed from it.

	Move MIN macro to util.h so that others can use it

	Deal with CPU models in []
	Qemu committed a patch which list some CPU names in [] when asked for
	supported CPUs (qemu -cpu ?). Yet, it needs such CPUs to be passed
	without those square braces. When probing for supported CPU models, we
	can just strip the square braces and pretend we have never seen them.

	Fix initial VCPU pinning in qemu driver
	First, inital VCPU pinning is set correctly but then it is reset by
	assigning qemu process to a new cgroup (which contains all CPUs). It's
	easily fixed by swapping these two actions.

2010-04-22  Eric Blake  <eblake@redhat.com>

	maint: ignore 'make syntax-check' failure files
	* .gitignore: Add exemption.
	* cfg.mk (local-checks-to-skip): Ignore a test to silence a skip
	warning.

2010-04-22  Chris Lalancette  <clalance@redhat.com>

	Make avahi startup more robust.
	If the hostname of the current virtualization machine
	could not be resolved, then libvirtd would fail to
	start.  However, for disconnected operation (on a laptop,
	for instance) the hostname may very legitimately not
	be resolvable.  This patch makes it so that if we can't
	resolve the hostname, avahi doesn't fail, it just uses
	a less useful MDNS string.

2010-04-22  Guido Günther  <agx@sigxcpu.org>

	Ignore empty type attribute in driver element of virtual disks
	Fixes http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578347

2010-04-22  Eric Blake  <eblake@redhat.com>

	build: fix preprocessor indentation
	* src/esx/esx_vi.h: Placate cppi.

2010-04-21  Chris Wong  <wongc-redhat@hoku.net>

	esx: Don't treat an empty root snapshot list as error
	An empty root snapshot list was considered as error condition. Creating a
	new snapshot would fail if the domain didn't have snapshots yet, because
	the snapshot-create function tries to lookup the list of existing snapshots
	in order to verify that the snapshot name is unique. This fails if the
	domain doesn't have snapshots yet.

	Removing the NULL check from esxVI_LookupRootSnapshotTreeList fixes this.

2010-04-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Gather some XML generation macros in esx_vi.h

	esx: Fix FindByIp response handling
	FindByIp may return nothing if there is no host or virtual machine
	with the given IP address. Handle that case properly.

	esx: Fix virtualHW.version generation
	The supported virtualHW.version doesn't depend on the API version,
	but on the product version.

2010-04-21  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: add support for connlimit match
	This patch adds support for the connlimit match in iptables that is used
	to limit the number of outgoing directions.

	Extend fwall-drv interface and call functions via interface
	I am moving some of the eb/iptables related functions into the interface
	of the firewall driver and am making them only accessible via the driver's
	interface. Otherwise exsiting code is adapted where needed. I am adding one
	new function to the interface that checks whether the 'basic' rules can be
	applied,  which will then be used by a subsequent patch.

2010-04-21  Eric Blake  <eblake@redhat.com>

	build: avoid compiler warning
	According to GCC, ATTRIBUTE_UNUSED means that an attribute _might_
	be unused, not _must_ be unused.  Therefore, it is easier to
	blindly mark a variable, than to try and do preprocessor limiting
	of when we know it is unused.

	* src/remote/remote_driver.c (remoteAuthenticate): Mark attribute
	as potentially unused.
	Reported by Gustovo Morozowski.

2010-04-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	Explicitly set virStoragePoolTypeInfo FS and NETFS defaults
	No semantic change, the now explicitly set default are all zero and
	that's what GCC sets unspecified struct members to.

	esx: Add support for the VMXNET 2 (Enhanced) NIC model
	Add a test case and document it.

	Mark in_open parameter of remoteAuthenticate as unused when it's unused
	Otherwise compiling with -Werror will fail.

2010-04-20  Philipp Hahn  <hahn@univention.de>

	Install nwfilter xml files from source directory.
	During an out-of-tree build, the current working directory is the build
	directory. Since the FILTERS are static and not modified or
	auto-generated during the build process, they need to be explicitly
	fetched from the source directory during install.

	Prefix the files with $(srcdir), which gets expanded to the absolute or
	relative path to the source directory, even when duing out-of-tree
	builds.

	Don't ship generated python/libvirt.? files.
	libvirt.c and libvirt.h are auto-generated files. Mentioning their names
	in *_SOURCES includes them in the distribution. During an out-of-tree
	build these shipped files are included instead of the auto-generated
	version, potentially breaking the build (as it happend in 0.8.0, because
	the shipped libvirt.h was missing the declaration for
	'libvirt_virDomainUpdateDeviceFlags')

	Use the nodist_*_SOURCES automake variable instead.

2010-04-20  Daniel P. Berrange  <berrange@redhat.com>

	Fixup python binding for virDomainSnapshot APIs
	The generator code was totally wrong for the virDomainSnapshot
	APIs, not generating the wrapper class, and giving methods the
	wrong names

	* generator.py: Set metadata for virDomainSnapshot type & APIs
	* libvirt-override-api.xml, libvirt-override.c: Hand-code the
	  virDomainSnapshotListNames glue layer

2010-04-19  Daniel P. Berrange  <berrange@redhat.com>

	Fix network hotplug to use device_add in QEMU
	The initial boot of VMs uses -device for NICs where available. The
	corresponding monitor command is device_add, but the network hotplug
	code was still using device_del by mistake.

	* src/qemu/qemu_driver.c: Use device_add for NIC hotplug where
	  available

	Fix error reporting for getfd + host_net_add in QEMU
	If either of the getfd or host_net_add monitor commands return
	any text, this indicates an error condition. Don't ignore this!

	* src/qemu/qemu_monitor_text.c: Report errors for getfd and
	  host_net_add

	Fix device_del in JSON mode for QEMU
	The 'device_del' command expects a parameter called 'id' but we
	were passing 'config'.

	* src/qemu/qemu_monitor_json.c: Fix device_del command parameter

2010-04-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	nwfilter: Free nwfilter hash of virConnectPtr
	And close the driver on connection close.

2010-04-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	Replace printf with logging macros

2010-04-17  Jiri Denemark  <jdenemar@redhat.com>

	Mark internal.h for translation

2010-04-16  Jiri Denemark  <jdenemar@redhat.com>

	Use virCheckFlags for APIs added in 0.8.0

	Introduce virCheckFlags for consistent flags checking
	The idea is that every API implementation in driver which has flags
	parameter should first call virCheckFlags() macro to check the function
	was called with supported flags:

	    virCheckFlags(VIR_SUPPORTED_FLAG_1 |
	                  VIR_SUPPORTED_FLAG_2 |
	                  VIR_ANOTHER_SUPPORTED_FLAG, -1);

	The error massage which is printed when unsupported flags are passed
	looks like:

	    invalid argument in virFooBar: unsupported flags (0x2)

	Where the unsupported flags part only prints those flags which were
	passed but are not supported rather than all flags passed.

2010-04-16  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Clear all state tracking from a drop rule
	Don't use state-matching in a drop rule.

2010-04-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Replace scanf with STRSKIP and strtok_r
	This also fixes a portability problem with the %a format modifier.
	%a is not portable and made esxDomainDumpXML fail at runtime in
	MinGW builds.

	Update to latest gnulib to get strtok_r relaxed to LGPLv2+
	strtok_r will be used in the ESX driver to replace scanf-based code.

	MinGW lacks strtok_r, so we need gnulib to provide it, but until now
	strtok_r was licensed LGPL3.

	esx: Add nwfilter driver stub
	This stops libvirt trying to connect to a non-existing libvirtd on the
	ESX server in order to find a nwfilter driver.

2010-04-16  Eric Blake  <eblake@redhat.com>

	remote: react to failures on wakeupFD
	* src/remote/remote_driver.c (remoteIO, remoteIOEventLoop): Report
	failures on pipe used for wakeup.
	Reported by Chris Lalancette.

	util: ensure safe{read,write,zero} return is checked
	Based on a warning from coverity.  The safe* functions
	guarantee complete transactions on success, but don't guarantee
	freedom from failure.

	* src/util/util.h (saferead, safewrite, safezero): Add
	ATTRIBUTE_RETURN_CHECK.
	* src/remote/remote_driver.c (remoteIO, remoteIOEventLoop): Ignore
	some failures.
	(remoteIOReadBuffer): Adjust error messages on read failure.
	* daemon/event.c (virEventHandleWakeup): Ignore read failure.

	maint: another preprocessor fix
	Regression introduced in commit 62170b995.

	* src/util/memory.h: Placate cppi, and fit 80 columns.

2010-04-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix CDROM media change for QEMU when using -device syntax
	Disk devices in QEMU have two parts, the guest device and the host
	backend driver. Historically these two parts have had the same
	"unique" name. With the switch to using -device though, they now
	have separate names. Thus when changing CDROM media, for guests
	using -device syntax, we need to prepend the QEMU_DRIVE_HOST_PREFIX
	constant

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Add helper function
	  qemuDeviceDriveHostAlias() for building a host backend alias
	* src/qemu/qemu_driver.c: Use qemuDeviceDriveHostAlias() to determine
	  the host backend alias for performing eject/change commands in the
	  monitor

	Update QEMU device_add command in JSON mode
	The device_add command was added in JSON mode in a way I didn't
	expect. Instead of passing the normal device string to the JSON
	command:

	    { "execute": "device_add", "arguments": { "device": "ne2k_pci,id=nic.1,netdev=net.1" } }

	We need to split up the device string into a full JSON object

	    { "execute": "device_add", "arguments": { "driver": "ne2k_pci", "id": "nic.1", "netdev": "net.1" } }

	* src/qemu/qemu_conf.h, src/qemu/qemu_conf.c: Rename the
	  qemuCommandLineParseKeywords method to qemuParseKeywords
	  and export it to monitor
	* src/qemu/qemu_monitor_json.c: Split up device string into
	  a JSON object for device_add command

	Rename parameter in qemuMonitorDeviceDel
	The parameter for the qemuMonitorDeviceDel() is a device alias,
	not a device config string. Rename the parameter reflect this
	and avoid confusion to readers.

	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
	  Rename devicestr to devalias in qemuMonitorDeviceDel()

	Remove code from JSON monitor for commands that won't be ported
	The QEMU developers have stated that they will not be porting
	the commands 'pci_add', 'pci_del', 'usb_add', 'usb_del' to the
	JSON mode monitor, since they're obsoleted by 'device_add'
	and 'device_del'. libvirt has (untested) code that would have
	supported those commands in theory, but since we already use
	device_add/del where available, there's no need to keep the
	legacy stuff anymore.

	The text mode monitor keeps support for all commands for sake
	of historical compatability.

	* src/qemu/qemu_monitor_json.c: Remove 'pci_add', 'pci_del',
	  'usb_add', 'usb_del' commands

	Run test suite as part of RPM build process
	To ensure that patches in the RPM don't break any functionality
	it is neccessary to run the test suites during build. It currently
	has 3 tests disabled

	 - daemon-conf: this is totally broken, since it relies on
	   being able to resolve the 'libvirt' group & being able to
	   resolve hostnames at daemon startup. This isn't possible
	   in a mock build root
	 - seclabeltest: fails to initialize selinux in the mock
	   build root. Possibly fixable
	 - nodeinfotest: broken on s390 + ppc - this is a real bug

	* libvirt.spec.in: Add a %check section, with 3 tests
	   temporarily disabled

	Fix QEMU memory stats JSON mode
	The QEMU driver is mistakenly calling directly into the text
	mode monitor for the domain memory stats query.

	* src/qemu/qemu_driver.c: Replace qemuMonitorTextGetMemoryStats with
	  qemuMonitorGetMemoryStats
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add the new
	  wrapper for qemuMonitorGetMemoryStats
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h: Add
	  qemuMonitorJSONGetMemoryStats implementation

	Fix QEMU command building errors to reflect unsupported configuration
	Instead of reporting VIR_ERR_INTERNAL_ERROR use the more specific
	VIR_ERR_CONFIG_UNSUPPORTED

	* src/qemu/qemu_conf.c: Report VIR_ERR_CONFIG_UNSUPPORTED for
	  unsupported video adapters

2010-04-15  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: fix tear down order and consolidate functions
	To avoid race-conditions, the tear down of a filter has to happen before
	the tap interface disappears and another tap interface with the same
	name can re-appear. This patch tries to fix this. In one place, where
	communication with the qemu monitor may fail, I am only tearing the
	filters down after knowing that the function did not fail.

	I am also moving the tear down functions into an include file for other
	drivers to reuse.

	Trivial fix: Add braces to for statement to avoid crashes
	I am adding braces around the for statement that are now needed to due the
	new sa_assert immediately following the for statement.

2010-04-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix close_used_without_including_unistd_h error
	Triggered by gnulib when compiling with MinGW.

	Fix apibuild.py warnings about missing ':'

2010-04-14  David Allan  <dallan@redhat.com>

	Implement variable length structure allocator
	* This patch implements a memory allocator to obtain memory for
	  structures whose last member is a variable length array.  C99 refers
	  to these variable length objects as structs containing flexible
	  array members.
	* Fixed macro parentheses per Eric Blake

2010-04-15  Jim Meyering  <meyering@redhat.com>

	qemudDomainAttachSCSIDisk: avoid FP NULL-ptr-deref from clang
	* src/util/conf.c (virConfParseValue): Add an sa_assert.

	xend_internal.c: assure clang that we do not dereference NULL
	* src/xen/xend_internal.c (xend_parse_sexp_desc_char): Add three
	uses of sa_assert, each preceding a strchr(value,... to assure
	clang that "value" is non-NULL.

	qemudDomainAttachSCSIDisk: avoid FP NULL-ptr-deref from clang
	* src/qemu/qemu_driver.c (qemudDomainAttachSCSIDisk):
	Initialize "cont" to NULL, so clang knows it's set.
	Add an sa_assert so it knows it's non-NULL when dereferenced.

	virGetHostnameLocalhost: avoid FP NULL-ptr-deref from clang
	* src/util/util.c (virGetHostnameLocalhost): Add an sa_assert
	to tell clang it's ok to dereference "info" after a non-failing
	getaddrinfo call.

	nwfilter_ebiptables_driver.c: avoid NULL dereference
	* src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesApplyNewRules):
	Don't dereference a NULL or uninitialized pointer when given
	an empty list of rules.  Add an sa_assert(inst) in each loop to
	tell clang that the uses of "inst[i]" are valid.

	build: set STATIC_ANALYSIS when running via clang or coverity
	* configure.ac (STATIC_ANALYSIS): Define when run via clang's
	scan-build or coverity-prevent's cov-build.
	Use the CLANG_CC and COVERITY_BUILD_COMMAND envvars as witnesses.

	sa_assert: assert-like macro, enabled only for use with static analyzers
	Among some here, there is a strong aversion to the use of "assert", yet
	some others think it is essential (when applied judiciously) even --
	perhaps "especially" -- at the heart of libraries and core hypervisor-
	related code.
	Here is a compromise that lets us make assertions about the code (e.g.,
	to tell static analyzers about invariants) without even a hint of risk
	of an abort.
	* src/internal.h [STATIC_ANALYSIS]: Include <assert.h>.
	(sa_assert): Define.  A no-op most of the time, but equivalent
	to classical assert when STATIC_ANALYSIS is nonzero.

2010-04-15  Eric Blake  <eblake@redhat.com>

	build: fix recent 'make syntax-check' failure
	* src/esx/esx_vi_methods.h: Placate cppi.

	virt-aa-helper-test: avoid non-portable echo -n
	* tests/virt-aa-helper-test (testme): Use printf instead.

2010-04-14  Jim Meyering  <meyering@redhat.com>

	schematestutils.sh: improve shell portability: avoid "echo -e"
	* tests/schematestutils.sh: Use printf rather than echo -e.

	virStorageBackendFileSystemMount: prefer strdup over virAsprintf
	* src/storage/storage_backend_fs.c (virStorageBackendFileSystemMount):
	Use virAsprintf only when needed.  In this case, strdup works fine.

	virStorageBackendFileSystemMount: placate clang
	* src/storage/storage_backend_fs.c (virStorageBackendFileSystemMount):
	Clang was not smart enough, and mistakenly reported that "options"
	could be used uninitialized.  Initialize it.

2010-04-14  Laine Stump  <laine@laine.org>

	Implement forgotten backend of virInterfaceIsActive()
	Somehow the backend of this function was never implemented in
	libvirt's netcf driver, and nobody noticed until now. (The required
	netcf function was already in place, so nothing needs to change
	there.)
	* src/interface/netcf_driver.c: add in the backend function, and point
	                                to it from the table of driver functions.

2010-04-14  Jim Meyering  <meyering@redhat.com>

	openvzGetProcessInfo: address clang-detected low-probability flaw
	* src/openvz/openvz_driver.c (openvzGetProcessInfo): Reorganize
	so that unexpected /proc/vz/vestat content cannot make us use
	uninitialized variables.  Without this change, an input line with
	a matching "readvps", but fewer than 4 numbers would result in our
	using at least "systime" uninitialized.

	vshCommandRun: avoid used-uninitialized timing-related report from clang
	* tools/virsh.c (vshCommandRun): Test only the initial value of
	ctl->timing, so that static analyzers don't have to consider that
	it might be changed by cmd->def->handler.

2010-04-14  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: use virFindFileInPath for needed CLI tools
	I am getting rid of determining the path to necessary CLI tools at
	compile time. Instead, now the firewall driver has an initialization
	function that uses virFindFileInPath() to determine the path to
	necessary CLI tools and a shutdown function to free allocated memory.
	The rest of the patch mostly deals with availability of the CLI tools
	and to not call certain code blocks if a tool is not available and that
	strings now have to be built slightly differently.

2010-04-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Extend esx_vi_generator.py to cover methods too
	Generate almost all SOAP method mapping code.

	Update the driver code to use the complete paramater list of some methods
	that had parameters skipped before.

	Improve the ESX_VI__METHOD marco to do automatic output deserialization
	based on output occurrence. Also incorporate automatic _this binding and
	output pointer check.

2010-04-14  Jim Meyering  <meyering@redhat.com>

	esxVMX_GatherSCSIControllers: avoid NULL dereference
	* src/esx/esx_vmx.c (esxVMX_GatherSCSIControllers): Do not dereference
	a NULL disk->driverName.  We already detect this condition in another
	case.  Check for it here, too.

2010-04-14  Chris Lalancette  <clalance@redhat.com>

	Fix build of openvz on RHEL-5.
	When building libvirt on RHEL-5, I saw this error:

	cc1: warnings being treated as errors
	openvz/openvz_conf.c: In function 'openvzGetVPSUUID':
	openvz/openvz_conf.c:835: warning: 'saveptr' may be used uninitialized in this function
	make[3]: *** [libvirt_driver_openvz_la-openvz_conf.lo] Error 1

	gcc in RHEL-5 gets upset about this usage of strtok_r (even though
	it is perfectly valid).  Just set *saveptr to NULL at the
	start to quiet it down.

	Fix up formatting of remote protocol stuff.

	Fix messsage -> message.

	Fix up a debug typo.

	Remove some debugging leftovers.

2010-04-13  Stefan Berger  <stefanb@us.ibm.com>

	Consolidate interface related functions in interface.c
	Changes from v1 to v2:
	- changed function name prefixes to 'iface' from previous 'Iface'

	- Further to make make syntax-check pass:
	 - indentation fix in interface.h
	 - added entry to POTFILES.in

	I am consolidating network interface related functions used in nwfilter
	and macvtap code in utils/interface.c. All function names are prefixed
	with 'Iface'. The following functions are now available through
	interface.h:

	int ifaceCtrl(const char *name, bool up);
	int ifaceUp(const char *name);
	int ifaceDown(const char *name);

	int ifaceCheck(bool reportError, const char *ifname,
	               const unsigned char *macaddr, int ifindex);

	int ifaceGetIndex(bool reportError, const char *ifname, int *ifindex);

	I added 'int ifindex' as parameter to ifaceCheck to the original
	function and modified the code accordingly.

2010-04-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix nodeinfotest on NUMA machines
	The nodeinfotest was reliant on the host NUMA topology, but all
	the test data files assumed 1 single NUMA node. This test thus
	failed on any NUMA machine with > 1 node

	* tests/nodeinfotest.c: Hardcode 1 single numa node

2010-04-13  Eric Blake  <eblake@redhat.com>

	build: include usleep gnulib module
	Without this module, attempts to sleep for 1 or more seconds
	on mingw instead become a no-delay no-op.

	* bootstrap.conf (gnulib_modules): Add usleep.

2010-04-13  Daniel Berteaud  <daniel@firewall-services.com>

	Fix spec file for builds without lxc
	* libvirt.spec.in: fix a cut and paste error

2010-04-13  Eric Blake  <eblake@redhat.com>

	build: fix syntax-check problems
	* .x-sc_prohibit_gettext_noop: Add new exemption.
	* .x-sc_prohibit_test_minus_ao: Likewise.
	* Makefile.am (EXTRA_DIST): Distribute new files.
	* .gitignore: Ignore built file.

2010-04-13  Stefan Berger  <stefanb@us.ibm.com>

	add nwfilter functions to virsh man page
	With Eric Blake's spelling corrections applied.

	Unfortunately after the 0.8.0 release, but here's a beginning of the
	documentation of the nwfilter functionality.

2010-04-13  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.8.0
	* configure.ac docs/news.html.in libvirt.spec.in src/libvirt_public.syms:
	  updates for release of 0.8.0
	* po/*.po po/libvirt.pot: updated a lar set of localizations, and merge
	  the messages

	Add documentation for synchronous hooks
	* docs/sitemap.html.in: add in navigation under
	  Documentation/Deployment/Hooks
	* docs/hooks.html.in: new doc describing current support for 0.8.0

2010-04-12  Chris Lalancette  <clalance@redhat.com>

	Rename virsh "revert-to-snapshot" to "snapshot-revert"

2010-04-12  Luiz Capitulino  <lcapitulino@redhat.com>

	Small fixes to virsh man page
	* tools/virsh.pod: add two missing 's' and section about 'dominfo' is
	  duplicated

2010-04-12  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Fix memory leak on daemon init and shutdown
	This patch fixes a memory leak on daemon init and shutdown. The module
	was initialized twice and not shut down.

2010-04-10  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Process DHCP option to determine whether packet is a DHCP_OFFER
	I mistakenly took the op field in the DHCP message as the DHCP_OFFER
	type. Rather than basing the decision to read the VM's IP address on
	that field, process the appended DHCP options where option 53 indicates
	the actual type of the packet. I am also reading the broadcast address
	of the VM, but don't use it so far.

2010-04-09  David Allan  <dallan@redhat.com>

	Add enospace option to qemu disk error policy
	* Dan Kenigsberg requested explicit support for the qemu default disk error policy which is enospace

2010-04-09  Daniel P. Berrange  <berrange@redhat.com>

	More event callback fixes
	In a couple of cases typos meant we were firing the wrong type
	of event. In the python code my previous commit accidentally
	missed some chunks of the code.

	* python/libvirt-override-virConnect.py: Add missing python glue
	  accidentally left out of previous commit
	* src/conf/domain_event.c, src/qemu/qemu_monitor_json.c: Fix typos
	  in event name / method name to invoke

2010-04-09  Stefan Berger  <stefanb@us.ibm.com>

	Undoing 2nd application of the patch...

	Fix error in nwfilter test driver
	Trivial fix for the c&p error in the nwfilter test driver.

	Fix error in nwfilter test driver
	Trivial fix for the c&p error in the nwfilter test driver.

2010-04-09  Daniel Veillard  <veillard@redhat.com>

	Fix some cppi prepocessor indentation issues
	* src/conf/nwfilter_conf.c src/util/hooks.c: added spaces to avoid
	  "make syntax-check" failures

2010-04-09  Ryan Harper  <ryanh@us.ibm.com>

	qemu: catch cdrom change error
	Currently when we attempt to change the cdrom in a qemu VM the monitor
	doesn't generate an error if the target filename doesn't exist.  I've
	submitted a patch[1] for this.  This patch is the libvirt qemu-driver
	side which catches the error message from the monitor and reportes the
	error to libvirt.  This means that virsh attach-disk cdrom commands
	won't appear to succeed when qemu change command actually failed.

	* src/qemu/qemu_monitor_text.c: in qemuMonitorTextChangeMedia() look
	  for failure to access the new data

2010-04-09  redshift  <redshift@gmx.com>

	Avoid using multicast addresses for Ethernet MAC examples
	* docs/formatdomain.html.in: use '00:11:22:33:44:55' instead of
	  '11:22:33:44:55:66'

2010-04-09  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: More XML parser test cases
	This patch adds a couple more nwfilter test cases for the XML parser tests.

2010-04-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	Cleanup the msg_gen_function list in cfg.mk
	Remove symbols that don't exist anymore (e.g. ERROR0) or aren't
	message generating functions (e.g. VIR_FREE) or are now reported
	as unmarked because the grep command is different, but that should
	not be marked at all (e.g. DEBUG0).

	Also don't restrict one of the grep lines in the
	libvirt_unmarked_diagnostics rule to match exactly one space
	between function name and opening parenthesis.

	remote: Replace some virRaiseError with remoteError

	remote: Remove virConnectPtr from error/errorf
	Also unify error/errorf to remoteError and update cfg.mk accordingly.

	Remove undefined symbols from symbols file

	esx: Add domain snapshot support
	Fix invalid code generating in esx_vi_generator.py regarding deep copy
	types that contain enum properties.

	Add strptime and timegm to bootstrap.conf. Both are used to convert a
	xsd:dateTime to calendar time.

	Add a testcase of the xsd:dateTime conversion.

	Generate libvirt.def from libvirt.syms
	The MinGW linker needs the libvirt.def file.

2010-04-08  Jiri Denemark  <jdenemar@redhat.com>

	Fix unterminated B<...> in virsh man page

2010-04-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix up python bindings for new event callbacks
	The generator was disabled for the new event callbacks, since they
	need to be hand written. This patch  adds the C and python glue to
	expose the new APIs in the python binding. The python example
	program is extended to demonstrate of the code

	* python/libvirt-override.c: Registration and dispatch of events
	   at the C layer
	* python/libvirt-override-virConnect.py: Python glue for events
	* examples/domain-events/events-python/event-test.py: Demo use
	  of new event callbacks

	Add missing nwfilter_learnipaddr.c to POTFILES.in
	* po/POTFILES.in: Add src/nwfilter/nwfilter_learnipaddr.c

	Fix Win32 portability problems
	The network filter / snapshot / hooks code introduced some
	non-portable pices that broke the win32 build

	* configure.ac: Check for net/ethernet.h required by nwfile config
	   parsing code
	* src/conf/nwfilter_conf.c: Define ethernet protocol  constants
	  if net/ethernet.h is missing
	* src/util/hooks.c: Disable hooks build on Win32 since it lacks
	  fork/exec/pipe
	* src/util/threads-win32.c: Fix unchecked return value
	* tools/virsh.c: Disable SIGPIPE on Win32 since it doesn't exist.
	  Fix non-portable strftime() formats

2010-04-08  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: fix for directionality of ICMP traffic
	Changes from V1 to V2 of this patch
	- I had reversed the logic thinking that icmp type 0 is a echo
	request,but it's reply -- needed to reverse the logic
	- Found that ebtables takes the --ip-tos argument only as a hex number

	This patch enables the skipping of some of the ICMP traffic rules on the
	iptables level under certain circumstances so that the following filter
	properly enables unidirectional pings:

	<filter name='testcase'>
	    <uuid>d6b1a2af-def6-2898-9f8d-4a74e3c39558</uuid>
	    <!-- allow incoming ICMP Echo Request -->
	    <rule action='accept' direction='in' priority='500'>
	        <icmp type='8'/>
	    </rule>
	    <!-- allow outgoing ICMP Echo Reply -->
	    <rule action='accept' direction='out' priority='500'>
	        <icmp type='0'/>
	    </rule>
	    <!-- drop all other ICMP traffic -->
	    <rule action='drop' direction='inout' priority='600'>
	        <icmp/>
	    </rule>
	</filter>

2010-04-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Allow 'lsisas1068' as SCSI controller type
	Extend tests to cover all SCSI controller types and document the
	new type.

	The lsisas1068 SCSI controller type was added in ESX 4.0. The VMX
	parser reports an error when this controller type is present. This
	makes virsh dumpxml fail for every domain that uses this controller
	type.

	This patch fixes this and adds lsisas1068 to the list of accepted
	SCSI controller types.

	Reported by Jonathan Kelley.

	esx: Report an error for invalid arguments in esxList(Defined)Domains

2010-04-08  Diego Elio Pettenò  <flameeyes@gmail.com>

	Avoid searching for windres when not building for Windows
	Just checking for a windres tool might hit even on Linux systems when
	building for Linux (e.g.: when using Gentoo and having built binutils
	with multitarget support), and will then fail to link properly at the
	end of the build.

	* configure.ac: Avoid searching for windres on non windows target

2010-04-08  Stefan Berger  <stefanb@us.ibm.com>

	Executable does not belong into repository.
	Removing the tests/nwfilterxml2xmltest executable that got in with a previous patch.

	nwfilter: Support for learning a VM's IP address
	This patch implements support for learning a VM's IP address. It uses
	the pcap library to listen on the VM's backend network interface (tap)
	or the physical ethernet device (macvtap) and tries to capture packets
	with source or destination MAC address of the VM and learn from DHCP
	Offers, ARP traffic, or first-sent IPv4 packet what the IP address of
	the VM's interface is. This then allows to instantiate the network
	traffic filtering rules without the user having to provide the IP
	parameter somewhere in the filter description or in the interface
	description as a parameter. This only supports to detect the parameter
	IP, which is for the assumed single IPv4 address of a VM. There is not
	support for interfaces that may have multiple  IP addresses (IP
	aliasing) or IPv6 that may then require more than one valid IP address
	to be detected. A VM can have multiple independent interfaces that each
	uses a different IP address and in that case it will be attempted to
	detect each one of the address independently.

	So, when for example an interface description in the domain XML has
	looked like this up to now:

	    <interface type='bridge'>
	      <source bridge='mybridge'/>
	      <model type='virtio'/>
	      <filterref filter='clean-traffic'>
	        <parameter name='IP' value='10.2.3.4'/>
	      </filterref>
	    </interface>

	you may omit the IP parameter:

	    <interface type='bridge'>
	      <source bridge='mybridge'/>
	      <model type='virtio'/>
	      <filterref filter='clean-traffic'/>
	    </interface>

	Internally I am walking the 'tree' of a VM's referenced network filters
	and determine with the given variables which variables are missing. Now,
	the above IP parameter may be missing and this causes a libvirt-internal
	thread to be started that uses the pcap library's API to listen to the
	backend interface  (in case of macvtap to the physical interface) in an
	attempt to determine the missing IP parameter. If the backend interface
	disappears the thread terminates assuming the VM was brought down. In
	case of a macvtap device a timeout is being used to wait for packets
	from the given VM (filtering by VM's interface MAC address). If the VM's
	macvtap device disappeared the thread also terminates. In all other
	cases it tries to determine the IP address of the VM and will then apply
	the rules late on the given interface, which would have happened
	immediately if the IP parameter had been explicitly given. In case an
	error happens while the firewall rules are applied, the VM's backend
	interface is 'down'ed preventing it to communicate. Reasons for failure
	for applying the network firewall rules may that an ebtables/iptables
	command failes or OOM errors. Essentially the same failure reasons may
	occur as when the firewall rules are applied immediately on VM start,
	except that due to the late application of the filtering rules the VM
	now is already running and cannot be hindered anymore from starting.
	Bringing down the whole VM would probably be considered too drastic.
	While a VM's IP address is attempted to be determined only limited
	updates to network filters are allowed. In particular it is prevented
	that filters are modified in such a way that they would introduce new
	variables.

	A caveat: The algorithm does not know which one is the appropriate IP
	address of a VM. If the VM spoofs an IP address in its first ARP traffic
	or IPv4 packets its filtering rules will be instantiated for this IP
	address, thus 'locking' it to the found IP address. So, it's still
	'safer' to explicitly provide the IP address of a VM's interface in the
	filter description if it is known beforehand.

	* configure.ac: detect libpcap
	* libvirt.spec.in: require libpcap[-devel] if qemu is built
	* src/internal.h: add the new ATTRIBUTE_PACKED define
	* src/Makefile.am src/libvirt_private.syms: add the new modules and symbols
	* src/nwfilter/nwfilter_learnipaddr.[ch]: new module being added
	* src/nwfilter/nwfilter_driver.c src/conf/nwfilter_conf.[ch]
	  src/nwfilter/nwfilter_ebiptables_driver.[ch]
	  src/nwfilter/nwfilter_gentech_driver.[ch]: plu the new functionality in
	* tests/nwfilterxml2xmltest: extend testing

2010-04-08  Jim Meyering  <meyering@redhat.com>

	xenXMDomainDefineXML: remove dead store and useless/leaky virGetDomain
	* src/xen/xm_internal.c (xenXMDomainDefineXML): Remove useless and
	leak-inducing call to virGetDomain, as well as decl of now-unused local.

	createRawFileOpHook: avoid dead stores
	* src/storage/storage_backend.c (createRawFileOpHook): Remove dead
	stores and declaration of each stored-to variable.

	qemudDomainGetSecurityLabel: avoid dead store to "type"
	* src/qemu/qemu_driver.c (qemudDomainGetSecurityLabel): Remove store
	and declaration.

2010-04-08  Jiri Denemark  <jdenemar@redhat.com>

	Fix CPU comparison for x86 arch
	When comparing a CPU to host CPU, the result would be
	VIR_CPU_COMPARE_SUPERSET (or even VIR_CPU_COMPARE_INCOMPATIBLE if strict
	match was required) even though the two CPUs were identical.

	Cleanup x86Compute()
	No change in semantics.

	Properly advertise cpuselection guest capability
	There's no sense in advertising cpuselection capability when host CPU
	is not properly detected and advertised in host capabilities.

	Don't ignore guest CPU selection when unsupported by HV
	When qemu libvirt driver doesn't support guest CPU selection with given
	qemu binary, guests requiring specific CPU should fail to start instead
	of being silently supplied with a default CPU.

	Document all options of virsh dumpxml

2010-04-08  Jim Meyering  <meyering@redhat.com>

	qemuDomainSnapshotLoad: avoid dead store
	* src/qemu/qemu_driver.c (qemuDomainSnapshotLoad): Remove dead store
	into "snap", as well as its declaration.

2010-04-07  Eric Blake  <eblake@redhat.com>

	maint: s/initialis/initializ/
	git grep found 12 of the former but 100 of the latter in src/.

	* src/remote/remote_driver.c (initialise_gnutls): Rename...
	(initialize_gnutls): ...to this.
	(doRemoteOpen): Adjust caller.
	* src/xen/xen_driver.c (xenUnifiedOpen): Adjust output string.
	* src/util/network.c: Adjust comments.
	Suggested by Matthias Bolte.

2010-04-07  Jim Meyering  <meyering@redhat.com>

	domain_event.c: don't deref NULL on an OOM error path
	* src/conf/domain_event.c (virDomainEventGraphicsNewFromDom):
	Return NULL when handling out-of-memory error, rather than
	falling through with ev=NULL and then assigning to ev->member.
	(virDomainEventGraphicsNewFromObj): Likewise.

2010-04-07  Stefan Berger  <stefanb@us.ibm.com>

	nwfiler: fix due to non-symmetric src mac address match in iptables
	The attached patch fixes a problem due to the mac match in iptables only
	supporting --mac-source and no --mac-destination, thus it not being
	symmetric. Therefore a rule like this one

	<rule action='drop' direction='out'>
	  <all match='no' srcmacaddr='$MAC'/>
	</rule>

	should only have the MAC match on traffic leaving the VM and not test
	for the same source MAC address on traffic that the VM receives.

2010-04-07  Jim Meyering  <meyering@redhat.com>

	qemu_driver.c: don't close an arbitrary file descriptor
	* src/qemu/qemu_driver.c (qemudStartVMDaemon): Initialize "logfile"
	to ensure that we don't use it uninitialized -- thus closing an
	arbitrary file descriptor -- in the cleanup block.

2010-04-07  Daniel Veillard  <veillard@redhat.com>

	Fix a typo in comment

2010-04-07  Jamie Strandboge  <jamie@ubuntu.com>

	Update of the apparmore regression tests
	* tests/virt-aa-helper-test: test augmented with hostdev and sdl display
	  checks

	Improve the apparmor example
	* examples/apparmor/libvirt-qemu examples/apparmor/usr.sbin.libvirtd
	  examples/apparmor/usr.lib.libvirt.virt-aa-helper: Update the examples

	Improve virt-aa-helper to handle SDL graphics and cleanups
	* src/security/virt-aa-helper.c: add support for SDL devices and 3
	  code cleanups

	Adjust virt-aa-helper to handle pci devices
	* src/security/virt-aa-helper.c: adjust virt-aa-helper to handle pci
	  devices. Update valid_path() to have an override array to check against,
	  and add "/sys/devices/pci" to it. Then rename file_iterate_cb() to
	  file_iterate_hostdev_cb() and create file_iterate_pci_cb() based on it

	Add backingstore support to apparmor
	adjust virt-aa-helper to handle backing store
	* src/security/virt-aa-helper.c: look for backing store metadata
	  for disk definitions.

	Add VIR_DOMAIN_XML_INACTIVE flag when parsing domain XML
	To avoid an error when hitting the <seclabel...> definition
	* src/security/virt-aa-helper.c: add VIR_DOMAIN_XML_INACTIVE flag
	  to virDomainDefParseString

	virt-aa-helper should not fail if profile was removed
	Don't exit with error if the user unloaded the profile outside of
	 libvirt
	* src/security/virt-aa-helper.c: check the exit error from apparmor_parser
	  before exiting with a failure

	Do nor clear caps when invoking virt-aa-helper
	The calls to virExec() in security_apparmor.c when
	invoking virt-aa-helper use VIR_EXEC_CLEAR_CAPS. When compiled without
	libcap-ng, this is not a problem (it's effectively a no-op) but with
	libcap-ng this causes MAC_ADMIN to be cleared. MAC_ADMIN is needed by
	virt-aa-helper to manipulate apparmor profiles and without it VMs will
	not start[1]. This patch calls virExec with the default VIR_EXEC_NONE
	instead.
	* src/security/security_apparmor.c: fallback to VIR_EXEC_NONE flags for
	  virExec of virt_aa_helper

2010-04-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix 'avialable' typo
	Reported by Paul Jenner

2010-04-07  Eric Blake  <eblake@redhat.com>

	build: avoid autogen on 'make clean'
	Tested by running 'git submodule foreach git pull origin master' and
	'git add .gnulib', then seeing that 'make clean' skips autogen
	although 'make' properly runs it.

	* cfg.mk (_clean_requested): New check, to speed up 'make clean'
	even if gnulib submodule is outdated.
	Suggested by Daniel P. Berrange.

2010-04-07  Stefan Berger  <stefanb@us.ibm.com>

	Fix for nwfilter: Add filter schema for nwfilter XML, extend domain XML schema
	Fixing the regular expressions for variables where the first letter must be a $.

2010-04-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	macvtap: Remove virConnectPtr from ReportError
	Also rename ReportError to macvtapError.

	phyp: Remove virConnectPtr from PHYP_ERROR

2010-04-07  Jim Meyering  <meyering@redhat.com>

	virterror.c: avoid erroneous case "fall-through"
	* src/util/virterror.c (virErrorMsg): Insert missing "break;"

2010-04-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Mark error messages for translation
	Also define ESX_ERROR and ESX_VI_ERROR in a central place, instead of
	defining them in each source file.

	Add ESX_ERROR and ESX_VI_ERROR to the msg_gen_function list in cfg.mk.

	Update po/POTFILES.in accordingly.

	vbox: Mark all error messages for translation
	Add vboxError to the msg_gen_function list in cfg.mk.

2010-04-06  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Add filter schema for nwfilter XML, extend domain XML schema
	This patch adds a relaxng nwfilter schema along with a test that
	verifies all the test output XML against the schema. The input XMLs
	contain a lot of intentional out-of-range values that make them fail the
	schema verification, so I am not verifying against those.

	nwfilter: Fix instantiated layer 2 rules for 'inout' direction
	With Eric Blake's suggestions applied.

	The following rule for direction 'in'

	<rule direction='in' action='drop'>
	  <mac srcmacaddr='1:2:3:4:5:6'/>
	</rule>

	drops all traffic from the given mac address.
	The following rule for direction 'out'

	<rule direction='out' action='drop'>
	  <mac dstmacaddr='1:2:3:4:5:6'/>
	</rule>

	drops all traffic to the given mac address.
	The following rule in direction 'inout'

	<rule direction='inout' action='drop'>
	  <mac srcmacaddr='1:2:3:4:5:6'/>
	</rule>

	now drops all traffic from and to the given MAC address.
	So far it would have dropped traffic from the given MAC address
	and outgoing traffic with the given source MAC address, which is not useful
	since the packets will always have the VM's MAC address as source
	MAC address. The attached patch fixes this.

	This is the last bug I currently know of and want to fix.

2010-04-06  Eric Blake  <eblake@redhat.com>

	virsh: improve documentation
	Document several missing commands.  There's more work that could be
	done, but incremental improvements is better than no patch at all.

	* tools/virsh.pod (autostart, connect): Improve grammar.
	(create): Improve example.
	(domjobabort, domjobinfo, domxml-from-native, domxml-to-native):
	Document.
	(storage pool commands): New section.

2010-04-06  Chris Lalancette  <clalance@redhat.com>

	Clarify an error message in setmem.

	Fix up comments for isEncrypted, isSecure, domainIsActive, and domainIsPersistent.

	Document snapshot virsh commands in the man page.

	Better error reporting in virsh.
	When hitting failures in virsh, a common idiom is
	to jump to a cleanup label, free some resources, and
	then return a FALSE error code to vshCommandRun.
	In theory, vshCommandRun is then supposed to print
	out the last error.  The problem is that many of
	the cleanup paths have library calls to free resources,
	and all of those library calls clear out the last error.
	This is leading to situations where no error is being
	reported at all.

	This patch remedies the situation somewhat by
	printing out the errors inside the command methods
	themselves when we know it will go through a cleanup
	path that will lose the error.

	Website documentation for the snapshot XML.

	Increase the number of available VNC ports.
	When starting up qemu VNC autoport guests, we were
	only looking through ports 5900 to 6000, meaning we
	were limited to 100 total clients.  Increase that
	limit to 65535 (the last available port), so we can
	have up to 59635 VNC autoport guests.

2010-04-06  Stefan Berger  <stefanb@us.ibm.com>

	This patch fixes some compilation issues for the RHEL5 build. I am also removing the IPV6 constant where it appears in the wrong place.

2010-04-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix compiler warning about unused conn parameter
	This only affects builds without NUMA support.

	openvz: Remove virConnectPtr from openvzError
	Also remove unused enum values OPENVZ_WARN and OPENVZ_ERR.

	one: Remove virConnectPtr from oneError

	uml: Remove virConnectPtr from umlReportError

	Remove virConnectPtr from eventReportError

	Remove virConnectPtr from virLibConnError

	xen: Remove virConnectPtr from xenUnifiedError

	Remove virConnectPtr from nodeReportError

	netcf: Remove virConnectPtr from interfaceReportError

	xen: Remove virConnectPtr from virXenInotifyError

	xen: Remove virConnectPtr from virXenStoreError

	xen: Remove virConnectPtr from virXenError/virXenErrorFunc

	xen: Remove virConnectPtr from virXMError

	xen: Remove virConnectPtr from virXendError

	proxy: Remove virConnectPtr from virProxyError

	vbox: Remove virConnectPtr from vboxError

	test: Remove virConnectPtr from testError

	Remove unnecessary trailing \n in log messages

	Fix compiler warning about non-literal format string

2010-04-06  Stefan Berger  <stefanb@us.ibm.com>

	This patch removes the virConnectPtr parameter from all functions where it's not necessary starting out with removing it as a parameter to the error reporting function.

2010-04-05  Chris Lalancette  <clalance@redhat.com>

	Snapshot virsh implementation.

2010-04-05  Jiri Denemark  <jdenemar@redhat.com>

	Snapshots for VBox

2010-04-05  Chris Lalancette  <clalance@redhat.com>

	Snapshot QEMU driver.

	Only assign newDef when we have a new def.
	While playing around with def/newDef with the qemu code,
	I noticed that newDef was *always* getting set to a value,
	even when I didn't redefine the domain.  I think the problem
	is the virDomainLoadConfig is always doing virDomainAssignDef
	regardless of whether the domain already exists in the hashtable.
	In turn, virDomainAssignDef is assigning the definition (which
	is actually a duplicate) to newDef.  Fix this so that newDef stays
	NULL until we actually have a new def.

	Snapshot internal methods.

	Snapshot API framework.

2010-04-05  David Allan  <dallan@redhat.com>

	Clarified error message
	* Since the file pattern matches RNG schemas as well as C sources, the error message should mention both.

2010-04-05  Laine Stump  <laine@laine.org>

	Eliminate compiler warning about non-const format string

2010-04-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	xenapi: Add managedsave entries to the driver struct
	Commit 15c647a91e8c5bcfcb02ac4e755160c5c99a2a1e added the new
	managedsave entries to all driver structs except the XenAPI one.

2010-04-04  Stefan Berger  <stefanb@us.ibm.com>

	Get rid of the regular expressions when evaluating variable names and values. Rather use the strspn() function. Along with this cleanup the initialization function for the code that used the regular expression can also be removed.

2010-04-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	nwfilter: Fix random index in virNWFilterRuleDefDetailsFormat
	An uninitialized int value was used to index an array. This can
	result in a segfault in nwfilterxml2xmltest.

	xenapi: Fix uninitialized variable warning

2010-04-04  Daniel Veillard  <veillard@redhat.com>

	Add a managedsave command to virsh
	This command implements the managed save operation

	* tools/virsh.c: new command
	* tools/virsh.pod: documentation

	Implement managed save operations for qemu driver
	The images are saved in /var/lib/libvirt/qemu/save/
	and named $domainname.save . The directory is created appropriately
	at daemon startup. When a domain is started while a saved image is
	available, libvirt will try to load this saved image, and start the
	domain as usual in case of failure. In any case the saved image is
	discarded once the domain is created.

	* src/qemu/qemu_conf.h: adds an extra save path to the driver config
	* src/qemu/qemu_driver.c: implement the 3 new operations and handling
	  of the image directory

	Implement remote protocol for managed save
	* src/remote/remote_protocol.x src/remote/remote_protocol.h
	  src/remote/remote_protocol.c src/remote/remote_driver.c: add the entry
	  points in the remote driver
	* daemon/remote.c daemon/remote_dispatch_args.h
	  daemon/remote_dispatch_prototypes.h daemon/remote_dispatch_table.h:
	  and implement the daemon counterpart

	Add managed save API entry points
	virDomainManagedSave() is to be run on a running domain. Once the call
	complete, as in virDomainSave() the domain is stopped upon completion,
	but there is no restore counterpart as any order to start the domain
	from the API would load the state from the managed file, similary if
	the domain is autostarted when libvirtd starts.
	Once a domain has restarted his managed save image is destroyed,
	basically managed save image can only exist for a stopped domain,
	for a running domain that would be by definition outdated data.

	* include/libvirt/libvirt.h.in src/libvirt.c src/libvirt_public.syms:
	  adds the new entry points virDomainManagedSave(),
	  virDomainHasManagedSaveImage() and virDomainManagedSaveRemove()
	* src/driver.h src/esx/esx_driver.c src/lxc/lxc_driver.c
	  src/opennebula/one_driver.c  src/openvz/openvz_driver.c
	  src/phyp/phyp_driver.c src/qemu/qemu_driver.c src/vbox/vbox_tmpl.c
	  src/remote/remote_driver.c src/test/test_driver.c src/uml/uml_driver.c
	  src/xen/xen_driver.c: add corresponding new internal drivers entry
	  points

2010-04-03  Eric Blake  <eblake@redhat.com>

	build: improve check for out-of-date .gnulib submodule
	git reset --hard 96e5a2d4d5b13bf2cc887562dc11d146b78d5950
	./autogen.sh
	make -s
	git pull
	make -s    <-- expecting auto-bootstrap here, doesn't happen

	Use git diff to expose whether the submodule has untracked changes,
	which are typical on an incremental pull if .gnulib was updated but
	the user did not manually run 'git submodule update'.

	After this patch is applied, I encountered a new problem when
	following the reproducing pattern.  Basically, the change to .gnulib
	between libvirt's commit 96e5a2d4 and this patch introduced a change
	to sys_ioctl.in.h, but gnulib (intentionally) does not make the
	replacement headers depend on Makefile changes.  Therefore, I ended up
	with the generated replacement header being broken:
	gnulib/lib/sys/ioctl.h complained about a use of @.  But that seems
	like something that should be fixed upstream in gnulib's bootstrap
	script (that is, when doing a gnulib update, all files created from
	.in.h file should probably be deleted).  Without the benefit of that
	proposed gnulib fix, I worked around the problem by manually removing
	the stale gnulib/lib/sys/ioctl.h.

	* autogen.sh (t): Also run bootstrap if the gnulib submodule needs
	to be updated.
	* cfg.mk (_autogen): Likewise.
	Reported by Matthias Bolte.

2010-04-03  Stefan Berger  <stefanb@us.ibm.com>

	Use the virStrToLong_ui() function rather than the virStrToLong_i() where possible.

	The attached patch optimizes the validation of the name of an interface.

	This patch adds a couple of test cases for the XML parsing test suite covering various filterable protocols. For each test case an input XML and an output XML is provided checking the input XML after parsing and converting back into XML against the exepcted output XML.

	The following issues are fixed in the patch below:
	- ebtables requires that some of the command line parameters are passed as hex numbers; so have those attributes call a function that prints 16 and 8 bit integers as hex nunbers.

	- ip6tables requires '--icmpv6-type' rather than '--icmp-type'

	- ebtables complains about protocol identifiers lower than 0x600, so already discard anything lower than 0x600 in the parser

	- make the protocol entry types more readable using a #define for its entries

	- continue parsing a filtering rule even if a faulty entry is encountered; return an error value at the end and let the caller decide what to do with the rule's object

	- fix an error message

2010-04-03  Eric Blake  <eblake@redhat.com>

	build: import latest gnulib
	A lot of syntax check rules have to be rewritten, but the
	result is easier to maintain.  I tested each syntax rule
	by intentionally introducing a temporary violation of the rule.
	Additionally, some false positives for unmarked_diagnostics
	crept in, and an improved copyright_format test caught some bugs.

	* .gnulib: Update to latest.
	* cfg.mk (sc_prohibit_test_minus_ao): Delete, it was moved into
	gnulib's maint.mk.
	(sc_avoid_write, sc_prohibit_strcmp_and_strncmp)
	(sc_prohibit_asprintf, sc_prohibit_strncpy, sc_prohibit_readlink)
	(sc_prohibit_gethostname, sc_prohibit_gettext_noop)
	(sc_prohibit_VIR_ERR_NO_MEMORY, sc_prohibit_nonreentrant)
	(sc_prohibit_ctype_h, sc_TAB_in_indentation)
	(sc_avoid_ctype_macros)
	(sc_prohibit_virBufferAdd_with_string_literal)
	(sc_prohibit_gethostby, sc_copyright_format): Rewrite in terms of
	new maint.mk macros.
	(sc_libvirt_unmarked_diagnostics): Fix whitespace.
	* .x-sc_unmarked_diagnostics: New file.
	* tests/object-locking.ml: Fix copyright.
	* tools/virt-pki-validate.in: Likewise.
	* tools/virt-xml-validate.in: Likewise.

2010-04-02  Chris Lalancette  <clalance@redhat.com>

	Add a missing break statement to nwfilter errors.

	Make virDomainLoadConfig static.

2010-04-02  Jiri Denemark  <jdenemar@redhat.com>

	VBox: Fix use of uninitialized value

2010-04-02  Laine Stump  <laine@laine.org>

	Changes to clock timer XML to match final design.
	The clock timer XML is being updated in the following ways (based on
	further off-list discussion that was missed during the initial
	implementation):

	1) 'wallclock' is changed to 'track', and the possible values are 'boot'
	 (corresponds to old 'host'), 'guest', and 'wall'.

	2) 'mode' has an additional value 'smpsafe'

	3) when tickpolicy='catchup', there can be an optional sub-element of
	   timer called 'catchup':

	   <catchup threshold=123 slew=120 limit=10000/>

	Those three values are all longs, always optional, and if they are present,
	they are positive. Internally, 0 indicates "unspecified".

	* docs/schemas/domain.rng: updated RNG definition to account for changes

	* src/conf/domain_conf.h: change the C struct and enums to match changes.

	* src/conf/domain_conf.c: timer parse and format functions changed to
	                          handle the new selections and new element.

	* src/libvirt_private.syms: *TimerWallclock* changes to *TimerTrack*

	* src/qemu/qemu_conf.c: again, account for Wallclock --> Track change.

	Allow domain disk images on root-squash NFS to coexist with security driver.
	(suggested by Daniel Berrange, tested by Dan Kenigsberg)

	virStorageFileGetMetadata will fail for disk images that are stored on
	a root-squash NFS share that isn't world-readable.
	SELinuxSetSecurityImageLabel is called during the startup of every
	domain (as long as security_driver != "none"), and it will propogate
	the error from virStorageFileGetMetadata, causing the domain startup
	to fail. This is, however, a common scenario when qemu is run as a
	non-root user and the disk image is stored on NFS.

	Ignoring this failure (which doesn't matter in this case, since the
	next thing done by SELinuxSetSecurityImageLabel - setting the file
	context - will also fail (and that function already ignores failures
	due to root-squash NFS) will allow us to continue bringing up the
	domain. The result is that we don't need to disable the entire
	security driver just because a domain's disk image is stored on
	root-squashed NFS.

	Eliminate compile warnings in nwfilter error log calls

2010-04-02  Chris Lalancette  <clalance@redhat.com>

	Don't use virFileReadLimFD in qemuDomainRestore.
	virFileReadLimFD is a poor fit for reading the header
	of the restore file.  The problem is that virFileReadLimFD
	returns an error when there is more data after the amount
	you ask to read, but that is *expected* in this case.

	This patch is essentially a revert of
	1a4d5c9543641c444dccd682f6256ee3faf22a80, but I don't think
	that commit does what it says anyway.  It purports to prevent
	an unwarranted OOM error, but since virFileReadLimFD will
	allocate memory up to the maximum anyway, the upper limit
	on the total amount of memory allocated is the same for either
	the old version or the new version.  Since the old saferead
	actually works and virFileReadLimFD does not, revert to
	using saferead.

2010-04-01  Jim Fehlig  <jfehlig@novell.com>

	Only parse 'CPU XML' in virCPUDefParseXML()
	Received report of user crashing libvirtd with

	virsh capabilities > capabilities.xml
	virsh cpu-compare capabilities.xml

	While user has been informed about proper usage of cpu-compare,
	segfaulting libvirt should be avoided.

	Do not parse CPU definition in virCPUDefParseXML() if XML is not
	a 'cpu' node.

2010-04-01  Daniel P. Berrange  <berrange@redhat.com>

	Keep build quiet for generated file
	Adds $(AM_V_GEN) to many more manual makefile.am rules that
	were generating files

	Keep track of guest paused state after disk IO / watchdog events
	When a watchdog/IO error occurs, one of the possible actions that
	QEMU might take is to pause the guest. In this scenario libvirt
	needs to update its internal state for the VM, and emit a
	lifecycle event:

	  VIR_DOMAIN_EVENT_SUSPENDED

	with a detail being one of:

	  VIR_DOMAIN_EVENT_SUSPENDED_IOERROR
	  VIR_DOMAIN_EVENT_SUSPENDED_WATCHDOG

	To future proof against possible QEMU support for multiple monitor
	consoles, this patch also hooks into the 'STOPPED' event in QEMU
	and emits a generic VIR_DOMAIN_EVENT_SUSPENDED_PAUSED event

	* include/libvirt/libvirt.h.in: Add VIR_DOMAIN_EVENT_SUSPENDED_IOERROR
	* src/qemu/qemu_driver.c: Update VM state to paused when IO error
	  or watchdog events occurrs
	* src/qemu/qemu_monitor_json.c: Fix typo in disk IO event name

2010-04-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	Replace sscanf in PCI device address parsing
	This also fixes a problem with MinGW's GCC on Windows. GCC complains
	about the L modifier being unknown.

	Parsing in pciIterDevices is stricter now and doesn't accept trailing
	characters after the actual <domain>:<bus>:<slot>.<function> sequence
	anymore.

	Parsing in pciWaitForDeviceCleanup is also stricter now and expects
	the <start>-<end> : <domain>:<bus>:<slot>.<function> sequence to be
	terminated by \n.

	Change domain from unsigned long long to unsigned int in
	pciWaitForDeviceCleanup, because everywhere else domain is handled as
	unsigned int too.

	xen: Use virStrToLong_i instead of sscanf for XenD port parsing
	Parsing is stricter now and doesn't accept trailing characters
	after the actual value anymore.

	xenapi: Use virStrToLong_i instead of sscanf for CPU map parsing
	Parsing is stricter now and doesn't accept trailing characters
	after the actual value anymore.

	openvz: Use strtok_r instead of sscanf for VPS UUID parsing
	Also free 2k stack space.

	xen: Use virParseMacAddr instead of sscanf
	This also fixes a bug in xenXMDomainConfigParse where uninitialized
	memory would be used as MAC address if sscanf fails.

	vbox: Replace atoi with virStrToLong_i
	Parsing is stricter now and doesn't accept trailing characters
	after the actual value or non-number strings anymore. atoi just
	returns 0 in case it cannot parse a number from the given string.
	Now an error is reported for such a string.

	cgroup: Replace sscanf with virStrToLong_ll
	The switch from %lli to %lld in virCgroupGetValueI64 is intended,
	as virCgroupGetValueU64 uses base 10 too, and virCgroupSetValueI64
	uses %lld to format the number to string.

	Parsing is stricter now and doesn't accept trailing characters
	after the actual value anymore.

	Refactor major.minor.micro version parsing into a function
	virParseVersionString uses virStrToLong_ui instead of sscanf.

	This also fixes a bug in the UML driver, that always returned 0
	as version number.

	Introduce STRSKIP to check if a string has a certain prefix and
	to skip this prefix.

	Replace sscanf in nwfilter rule parsing
	Parsing is stricter now and doesn't accept trailing characters
	after the actual value anymore.

	Replace sscanf in legacy device address parsing
	Parsing is stricter now and doesn't accept trailing characters
	after the actual <domain>:<bus>:<slot> sequence anymore.

2010-04-01  Stefan Berger  <stefanb@us.ibm.com>

	While writing a couple of test cases for the nwfilter's XML parser I found some cases where the output ended up not looking as expected. So the following changes are in the patch below:
	- if the protocol ID in the MAC header is an integer, just write it into
	the datastructure without trying to find a corresponding string for it
	and if none is found failing
	- when writing the protocol ID as string, simply write it as integer if
	no corresponding string can be found
	- same changes for arpOpcode parsing and printing
	- same changes for protocol ID in an IP packet
	- DSCP value needs to be written into the data structure
	- IP protocol version number is redundant at this level, so remove it
	- parse the protocol ID found inside an IP packet not only as string but
	also as uint8
	- arrange the display of the src and destination masks to be shown after
	the src and destination ip address respectively in the XML
	- the existing libvirt IP address parser accepts for example '25' as an
	IP address. I want this to be parsed as a CIDR type netmask. So try to
	parse it as an integer first (CIDR netmask) and if that doesn't work as
	a dotted IP address style netmask.
	- instantiation of rules with MAC masks didn't work because they weren't
	printed into a buffer, yet.

	ESX test case needs '/' in interface name
	To fix an ESX test case, valid interface names need '/' as valid letter.

2010-04-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix linker errors in proxy
	domain_conf.c:494: undefined reference to 'virNWFilterHashTableFree'
	domain_conf.c:5107: undefined reference to 'virNWFilterFormatParamAttributes'

	Add missing source to the proxy and disable XML parsing code in
	nwfilter_params.c for a proxy build.

2010-04-01  Eric Blake  <eblake@redhat.com>

	build: more fallout from test -a
	* cfg.mk (sc_prohibit_test_minus_ao): Also check for [.
	* docs/Makefile.am (%.html, html/index.html): Avoid non-portable
	test usage.
	* libvirt.spec.in (%post): Likewise.
	* tools/virt-pki-validate.in (servercert.pem): Likewise.
	* configure.ac (LOGNAME): Use test, not [, in files processed by
	autoconf.
	Detected by Matthias Bolte.

2010-04-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix apibuild.py warning about virNWFilterLookupByUUIDString
	The function name was written with capital I in the Filter part.

	website: Add archive link for libvirt-users list

2010-03-31  Eric Blake  <eblake@redhat.com>

	maint: remove redundant tests after virStrToLong
	virStrToLong* guarantees (via strtol) that the end pointer will be set
	to the point at which parsing stopped (even on failure, this point is
	the start of the input string).

	* src/esx/esx_driver.c (esxGetVersion): Remove pointless
	conditional.
	* src/qemu/qemu_conf.c (qemuParseCommandLinePCI)
	(qemuParseCommandLineUSB, qemuParseCommandLineSmp): Likewise.
	* src/qemu/qemu_monitor_text.c
	(qemuMonitorTextGetMigrationStatus): Likewise.

	maint: update AUTHORS
	* AUTHORS: Add recent contributors.

2010-03-31  Paolo Smiraglia  <paolo.smiraglia@gmail.com>

	virConnectGetLibVersion: Avoid error message on success.
	* src/libvirt.c (virConnectGetLibVersion): Don't emit error on
	success.

2010-03-31  Eric Blake  <eblake@redhat.com>

	virsh: add 'exit' as an alias for 'quit'
	Call me lazy: some shells use exit (e.g. sh), others use quit (e.g. ftp),
	but I never remember which.  So it's faster to write a patch to make
	virsh take both than it is to take a 50-50 guess, and get it wrong
	in half of my attempts.

	* tools/virsh.c (commands): Add 'exit'.
	* tools/virsh.pod: Document it.

2010-03-31  Jim Meyering  <meyering@redhat.com>

	maint: fix cpp indentation syntax-check failure
	* src/esx/esx_vi_types.h: Filter through cppi.

	maint: mark xenapiSessionErrorHandler messages for translation
	* cfg.mk (msg_gen_function): Add xenapiSessionErrorHandler.
	* po/POTFILES.in: Add src/xenapi/xenapi_driver.c
	* src/xenapi/xenapi_driver.c: Mark strings for translation.
	* src/xenapi/xenapi_utils.c (xenapiUtil_ParseQuery):

2010-03-31  Stefan Berger  <stefanb@us.ibm.com>

	Blank out invalid interface names with escaped letters etc.
	Check that interface names only contain valid characters. Blank them out
	otherwise.
	Valid characters in this code are currently a-z,A-Z,0-9, '-' and '_'.

2010-03-31  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add virt-aa-helper and secaatest to .gitignore

	esx: Remove redundant semicolons

	esx: Generate most SOAP mapping and improve inheritance handling
	The Python script generates the mappings based on the type descriptions
	in the esx_vi_generator.input file.

	This also improves the inheritance handling and allows to get rid of the
	ugly, inflexible, and error prone _base/_super approach. Now every struct
	that represents a SOAP type contains a _type member, that allows to
	recreate C++-like dynamic dispatch for "method" calls in C.

2010-03-31  Daniel Veillard  <veillard@redhat.com>

	Distribute nwfilter xml files and add them to rpm
	* examples/xml/nwfilter/Makefile.am: add all xml to the distribution
	* libvirt.spec.in: reference them from the rpm spec file to have them
	  available in the main libvirt package

	Make sure nwfilter headers are part of distribution
	* src/Makefile.am: adds a few missing header files in the associated
	  file variables, it's needed otherwise the missing headers breaks
	  compilation from a distribution tarball

2010-03-31  Eric Blake  <eblake@redhat.com>

	maint: show which compiler warning triggered
	* acinclude.m4 (LIBVIRT_COMPILE_WARNINGS): Add
	-fdiagnostics-show-option.

	build: automate the rerun of autogen.sh
	Automate the reuse of autogen.sh, rather than just erroring out.

	* cfg.mk (_update_required): Run autogen.sh, rather than just
	warning about it.
	(_autogen): New target.

2010-03-30  Stefan Berger  <stefanb@us.ibm.com>

	A cosmetic change that makes the entries in the int-2-string maps look more readable. Add some missing entries: ipv6 and icmpv6.

	Use libvirt's existing ipv6/ipv4 parser/printer rather than self-written ones
	This patch changes the network filtering code to use libvirt's existing
	IPv4 and IPv6 address parsers/printers rather than my self-written ones.

	I am introducing a new function in network.c that counts the number of
	bits in a netmask and ensures that the given address is indeed a netmask,
	return -1 on error or values of 0-32 for IPv4 addresses and 0-128 for
	IPv6 addresses. I then based the function checking for valid netmask
	on invoking this function.

	Add ip6tables support for IPv6 filtering
	This patch adds IPv6 filtering support for the following protocols:
	- tcp-ipv6
	- udp-ipv6
	- udplite-ipv6
	- esp-ipv6
	- ah-ipv6
	- sctp-ipv6
	- all-ipv6
	- icmpv6

	Many of the IPv4 data structure could be re-used for IPv6 support.
	Since ip6tables also supports pretty much the same command line parameters
	as iptables does, also much of the code could be re-used and now
	command lines are invoked with the ip(6)tables tool parameter passed
	through the functions as a parameter.

	Remove driver dependency from nwfilter_conf.c
	This patch removes the driver dependency from nwfilter_conf.c and moves
	a callback function calling into the driver into
	nwfilter_gentech_driver.c and passes a pointer to that callback function
	upon initialization of nwfilter_conf.c.

	Add support for so-far missing protocols for iptables filtering
	This patch adds filtering support for the so-far missing protocols 'ah',
	'esp' and 'udplite'.

2010-03-30  Daniel Veillard  <veillard@redhat.com>

	Fix daemon hook script initialization
	* daemon/libvirtd.c: we should error out only if virHookInitialize()
	  return value is negative

2010-03-30  Laine Stump  <laine@laine.org>

	Implement the qemu-kvm backend of clock timer elements
	Since the timers are defined to cover all possible config cases for
	several different hypervisors, many of these possibilities generate an
	error on qemu. Here is what is currently supported:

	RTC: If the -rtc commandline option is available, allow setting
	"clock=host"
	     or "clock=vm" based on the rtc timer clock='host|guest' value. Also
	     add "driftfix=slew" if the tickpolicy is 'catchup', or add nothing
	if
	     tickpolicy is 'delay'. (Other tickpolicies will raise an error).

	     If -rtc isn't available, but -rtc-td-hack is, add that option
	     if the tickpolicy is 'catchup', add -rtc-td-hack, if it is 'delay'
	     add nothing, and if it's anything else, raise an error.

	PIT: If -no-kvm-pit-reinjection is available, and tickpolicy is
	     'delay', add that option. if tickpolicy is 'catchup', do
	     nothing. Anything else --> raise an error.

	     If -no-kvm-pit-reinjection *isn't* available, but -tdf is, when
	     tickpolicy is 'catchup' add -tdf. If it's 'delay', do
	     nothing. Anything else --> raise an error.

	     If neither of those commandline options is available, and
	     tickpolicy is anything other than 'delay' (or unspecified), raise
	     an error.

	HPET: If -no-hpet flag is available and present='no', add -no-hpet.
	      If -no-hpet is not available, and present='yes', raise an error.
	      If present is unspecified, the default is to do whatever this
	      particular qemu does by default, so don't raise an error.

	All other timer types are unsupported by QEMU, so they will raise an
	error.

	* src/qemu/qemu_conf.c: extend qemuBuildClockArgStr() to generate the
	  command line arguments for the new options

	Add flags to indicate presence of timekeeping-related qemu options
	* src/qemu/qemu_conf.h: define 4 new flags
	* src/qemu/qemu_conf.c: check the help text of qemu for presence of
	                        features indicated by each flag.
	* tests/qemuhelptest.c: add appropriate flags into the masks for each test

	Add timer element to domain schema
	timers are sub-elements of clocks. A clock can have zero or more
	instances of timer. Within the timer, only the name attribute is
	required; all other attributes are optional.

	A simpler representation of a timer element is:

	  <timer name='platform|pit|rtc|hpet|tsc'
	         wallclock='host|guest'
	         tickpolicy='delay|catchup|merge|discard'
	         frequency='123'
	         mode='auto|native|emulate|paravirt'
	         present='yes|no'/>

	frequency is a ulong. All other attributes are simple enums.

	Implement XML parser/formatter for "timer" subelement of domain clock
	This extension is described in

	http://www.redhat.com/archives/libvir-list/2010-March/msg00304.html

	Currently all attributes are optional, except name.

	* src/conf/domain_conf.h: add data definition for virDomainTimerDef
	  and add a list of them to virDomainClockDef
	* src/conf/domain_conf.c: XML parser and formatter for a timer inside a clock
	* src/libvirt_private.syms: add new Timer enum helper functions to symbols

2010-03-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU cpu affinity at startup to include all threads
	The QEMU cpu affinity is used in NUMA scenarios to ensure that
	guest memory is allocated from a specific node. Normally memory
	is allocate on demand in vCPU threads, but when using hugepages
	the initial thread leader allocates memory upfront. libvirt was
	not setting affinity of the thread leader, or I/O threads. This
	patch changes the code to set the process affinity in between
	the fork()/exec() of QEMU. This ensures that every single QEMU
	thread gets the affinity

	* src/qemu/qemu_driver.c: Set affinity on entire QEMU process
	  at startup

2010-03-30  Daniel Veillard  <veillard@redhat.com>

	Updating the commiters list
	Laine Stump, Stefan Berger, Eric Blake now have commit rights !

2010-03-30  Eric Blake  <eblake@redhat.com>

	virsh: support VISUAL, and allow metacharacters in EDITOR
	Common Unix practice is to prefer VISUAL over EDITOR, particularly if
	the editor of choice spawns a new window.  Thus, it is also common to
	see settings like EDITOR='emacs -nw', with the expectation that the
	shell will parse this as an argument to 'emacs' and not try to invoke
	a file containing a space.

	If a user puts junk in EDITOR, they deserve what they get (much more
	than virsh will misbehave); furthermore, sudo scrubs EDITOR by
	default.  So the blind use of metacharacters in EDITOR should not be
	considered too much of a security issue.

	* tools/virsh.c (editFile): Prefer VISUAL over EDITOR.  Don't
	reject shell metacharacters in EDITOR.
	* tools/virsh.pod (edit, net-edit, ENVIRONMENT): Document VISUAL.
	Fixes https://bugzilla.redhat.com/show_bug.cgi?id=487738.

	virsh: improve man page
	* tools/virsh.pod: (DESCRIPTION): Improve grammar.  Mention other drivers.
	(ENVIRONMENT): Document EDITOR.
	(COPYRIGHT): Bump.

2010-03-30  Stefan Berger  <stefanb@us.ibm.com>

	Add dummy nwfilter driver to test driver
	This patch adds a dummy nwfilter driver to the test driver so that the
	int-overflow test passes without modifications.

	Fix "make check" run requesting authentication
	This patch fixes the 'make check' runs for me which, under certain
	circumstances and login configurations, did invoke popups requesting
	authentication. I removed the parameter conn from being passed into the
	error reporting function.

	* src/conf/nwfilter_conf.h src/conf/nwfilter_conf.c: remove conn from
	  error reporting parameters.

2010-03-30  Daniel Veillard  <veillard@redhat.com>

	Fix a merge error leftover

	Add script hook support to the LXC driver
	Right now this implements only 2 basic hooks:
	- before the lxc control process is being launched
	- after the lxc control process is terminated
	the XML description of the domain is passed to the hook script stdin
	/etc/libvirt/hook/lxc

	* src/lxc/lxc_driver.c: implement synchronous script hooks for LXC
	  at domain startup and end

	Add script hook support to the QEmu driver
	Right now this implements only 2 basic hooks:
	- before the qemu process is being launched
	- after the qemu process is terminated
	the XML description of the domain is passed to the hook script stdin
	/etc/libvirt/hook/qemu

	* src/qemu/qemu_driver.c: implement synchronous script hooks for QEmu
	  at domain startup and end

	Add the script hook support to the libvirt daemon
	It supports 3 kind of probing times, at daemon startup, when the
	daemon reloads its drivers on SIGHUP and when the daemon exits

	* daemon/libvirtd.c: daemon hooks for startup, reload and exit

	Add hook utilities
	This exports 3 basic routines:
	  - virHookInitialize() initializing the hook support by looking for
	    scripts availability
	  - virHookPresent() used to test if there is a hook for a given driver
	  - virHookCall() which actually calls a synchronous script hook with
	    the needed parameters
	Note that this doesn't expose any public API except for the locations
	and arguments passed to the scripts

	* src/Makefile.am: add the 2 new files
	* src/util/hooks.h src/util/hooks.c: implements the 3 functions
	* src/libvirt_private.syms: export the 3 symbols internally
	* po/POTFILES.in: add src/util/hooks.c to translatables modules

	Add an error module and message for the hooks subsystem
	* include/libvirt/virterror.h: add VIR_FROM_HOOK and VIR_ERR_HOOK_SCRIPT_FAILED
	* src/util/virterror.c: associated strings

	Export virPipeReadUntilEOF internally
	used to read the data from virExec stdout/err file descriptors

	* src/util/util.c src/util/util.h: not static anymore and export it
	* src/libvirt_private.syms: allow access internally

2010-03-27  Jiri Denemark  <jdenemar@redhat.com>

	Introduce UPDATE_CPU flag for virDomainGetXMLDesc
	This flag is used in migration prepare step to send updated XML
	definition of a guest.

	Also ``virsh dumpxml --update-cpu [--inactive] guest'' command can be
	used to see the updated CPU requirements.

	Helper function for making a copy of virCPUDefPtr

	cpuUpdate() for updating guest CPU according to host CPU
	Useful mainly for migration. cpuUpdate changes guest CPU requirements in
	the following way:

	- match == "strict" || match == "exact"
	    - optional features which are supported by host CPU are changed into
	      required features
	    - optional features which are not supported by host CPU are disabled
	    - all other features remain untouched
	- match == "minimum"
	    - match is changed into "exact"
	    - optional features and all features not mentioned in guest CPU
	      specification which are supported by host CPU become required
	      features
	    - other optional features are disabled
	    - all other features remain untouched

	This ensures that no feature will suddenly disappear from the guest
	after migration.

	Don't replace persistent domain config with migrated config
	When a domain is defined on host1, migrated to host2 and then migrated
	back to host1, its current configuration would overwrite the libvirtd's
	in-memory copy of persistent configuration of that domain. This is not
	desired as we want to preserve the persistent configuration untouched.

	This patch introduces new 'live' parameter to virDomainAssignDef.
	Passing 'true' for 'live' means the configuration passed to
	virDomainAssignDef describes a configuration of live instance of the
	domain. This applies for saved domains which are being restored or for
	incoming domains during migration.

	All callers have been changed to pass the appropriate value.

2010-03-27  Jim Meyering  <meyering@redhat.com>

	filter new files through cppi, so syntax-check passes once again
	* src/conf/nwfilter_conf.h: Indent cpp directives.
	* src/conf/nwfilter_params.h: Likewise.
	* src/datatypes.h: Likewise.
	* src/nwfilter/nwfilter_driver.h: Likewise.
	* src/nwfilter/nwfilter_ebiptables_driver.h: Likewise.
	* src/nwfilter/nwfilter_gentech_driver.h: Likewise.

2010-03-27  David Allan  <dallan@redhat.com>

	Add disk error policy to domain XML
	* Fixes per feedback from Dan and Daniel
	* Added test datafiles
	* Re-disabled JSON flags
	* Added code to print the error policy attribute when generating XML
	* Re-add empty tag

2010-03-27  Eric Blake  <eblake@redhat.com>

	build: don't lose prior configure args on autogen.sh
	My prior patch forced an autogen.sh run, and I was surprised that the
	suggested './autogen.sh' lost the fact that I had previously used
	'./autogen.sh -C' for speed.

	* autogen.sh: Use config.status, if present and there were no arguments.

	build: update gnulib
	Picks up fixes for gethostname compilation problems on mingw.

	* .gnulib: Update to latest.
	* build-aux/.gitignore: Regenerate.
	* cfg.mk (local-checks-to-skip): Avoid new test not relevent to
	libvirt.

2010-03-27  Stefan Berger  <stefanb@us.ibm.com>

	Add some examples filters
	This patch adds some example filters to libvirt. They are automatically
	installed into the proper directory for libvirt to pick them up.

	Extensions for iptables rules
	This patch adds support for L3/L4 filtering using iptables. This adds
	support for 'tcp', 'udp', 'icmp', 'igmp', 'sctp' etc. filtering.

	As mentioned in the introduction, a .c file provided by this patch
	is #include'd into a .c file. This will need work, but should be alright
	for review.

	Add IPv6 support for the ebtables layer
	This patch adds IPv6 support for the ebtables layer. Since the parser
	etc. are all parameterized, it was fairly easy to add this...

	Add qemu support
	Add support for Qemu to have firewall rules applied and removed on VM
	startup and shutdown respectively. This  patch also provides support for
	the updating of a filter that causes all VMs that reference the filter
	to have their ebtables/iptables rules updated.

	Core driver implementation with ebtables support
	This patch implements the core driver and provides
	- management functionality for managing the filter XMLs
	- compiling the internal filter representation into ebtables rules
	- applying ebtables rules on a network (tap,macvtap) interface
	- tearing down ebtables rules that were applied on behalf of an
	interface
	- updating of filters while VMs are running and causing the firewalls to
	be rebuilt
	- other bits and pieces

	Add XML parser extensions for network filtering
	This patch adds XML processing for the network filter schema
	and extends the domain XML processing to parse the top level
	referenced filter along with potentially provided parameters

	Add virsh support for new CLI commands
	This patch adds virsh support for the five new CLI commands to manage
	network filters.

	Definition of the wire format, RPC client & server
	This patch adds the definition of the wire format for RPC calls
	and implementation of the RPC client & server code

	Implementation of the public API
	This patch adds the implementation of the public API for the network
	filtering (ACL) extensions to libvirt.c .

	Add internal API
	This patch adds the internal API extensions for network filtering (ACL) support.

	Add public API
	This patch adds extensions to libvirt's public API necessary for
	controlling the new functionality from remote for example.

	Add recursive locks
	This patch adds recursive locks necessary due to the processing of
	network filter XML that can reference other network filters, including
	references that cause looks. Loops in the XML are prevented but their
	detection requires recursive locks.

2010-03-27  David Allan  <dallan@redhat.com>

	Fix build break
	* Add types to switch; the switch is only exectuted for known types because of a preceding conditional, so this fix is merely to placate the compiler.

2010-03-27  Stefan Berger  <stefanb@us.ibm.com>

	Use enum of virDomainNetType
	To find out where the net type 'direct' needs to be handled I introduced
	the 'enum virDomainNetType' in the virDomainNetDef structure and let the
	compiler tell me where the case statement is missing. Then I added the
	unhandled device statement to the UML driver.

	* src/conf/domain_conf.h: change _virDomainNetDef type from int to
	  virDomainNetType enum
	* src/conf/domain_conf.c src/lxc/lxc_driver.c src/qemu/qemu_conf.c
	  src/uml/uml_conf.c: make sure all enum cases are properly handled
	  in switches

2010-03-27  Daniel Veillard  <veillard@redhat.com>

	Silence cppi syntax-check warning

2010-03-26  Stefan Berger  <stefanb@us.ibm.com>

	Mention direct device support since 0.7.7 in docs
	In the documentation mention that the direct device support is there
	since libvirt 0.7.7. A Linux kernel 2.6.34 is required for macvtap to be
	available as standard device.

2010-03-26  Daniel P. Berrange  <berrange@redhat.com>

	Implement VNC password change in QEMU
	Use the new virDomainUpdateDeviceFlags API to allow the VNC password
	to be changed on the fly

	* src/internal.h: Define STREQ_NULLABLE() which is like STREQ()
	  but does not crash if either argument is NULL, and treats two
	  NULLs as equal.
	* src/libvirt_private.syms: Export virDomainGraphicsTypeToString
	* src/qemu/qemu_driver.c: Support VNC password change on a live
	  machine
	* src/qemu/qemu_monitor.c: Disable crazy debugging info. Treat a
	  NULL password as "" (empty string), allowing passwords to be
	  disabled in the monitor

	Allow parsing <graphics> in device XML
	Expand the parser for the standalone <device> XML format to
	allow inclusion of the <graphics> device type

	* src/conf/domain_conf.h: Add virDomainGraphicsDef to
	  the virDomainDeviceDef struct
	* src/conf/domain_conf.c: Wire up parser for virDomainGraphicsDef
	  to virDomainDeviceDefParse method

	Introduce a update-device command in virsh
	Support the new virDomainUpdateDeviceFlags API in virsh by adding
	a new 'update-device' command. In the future this should be augmented
	with an explicit 'change-disk' command for media change to make it
	end user discoverable, as attach-disk is.

	* tools/virsh.c: Add 'update-device' command

	Implement virDomainUpdateDeviceFlags API in all drivers with media change
	To allow the new virDomainUpdateDeviceFlags() API to be universally
	used with all drivers, this patch adds an impl to all the current
	drivers which support CDROM or Floppy disk media change via the
	current virDomainAttachDeviceFlags API

	* src/qemu/qemu_driver.c, src/vbox/vbox_tmpl.c,
	  src/xen/proxy_internal.c, src/xen/xen_driver.c,
	  src/xen/xend_internal.c: Implement media change via the
	  virDomainUpdateDeviceFlags API
	* src/xen/xen_driver.h, src/xen/xen_hypervisor.c,
	  src/xen/xen_inotify.c, src/xen/xm_internal.c,
	  src/xen/xs_internal.c: Stubs for Xen driver entry points

	Remote protocol impl for virDomainUpdateDeviceFlags
	This defines the wire format for the new virDomainUpdateDeviceFlags()
	API, and implements the server & client side of the marshalling code.

	* daemon/remote.c: Server side dispatch for virDomainUpdateDeviceFlags
	* src/remote/remote_driver.c: Client side serialization for
	  virDomainUpdateDeviceFlags
	* src/remote/remote_protocol.x: Define wire format for
	  virDomainUpdateDeviceFlags
	* daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h,
	  daemon/remote_dispatch_table.h, src/remote/remote_protocol.c,
	  src/remote/remote_protocol.h: Re-generate code

	Introduce a new virDomainUpdateDeviceFlags public API
	The current virDomainAttachDevice API can be (ab)used to change
	the media of an existing CDROM/Floppy device. Going forward there
	will be more devices that can be configured on the fly and overloading
	virDomainAttachDevice for this is not too pleasant. This patch adds
	a new virDomainUpdateDeviceFlags() explicitly just for modifying
	existing devices.

	* include/libvirt/libvirt.h.in: Add virDomainUpdateDeviceFlags
	* src/driver.h: Internal API for virDomainUpdateDeviceFlags
	* src/libvirt.c, src/libvirt_public.syms: Glue public API to
	  driver API
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_driver.c, src/phyp/phyp_driver.c, src/qemu/qemu_driver.c,
	  src/remote/remote_driver.c, src/test/test_driver.c, src/uml/uml_driver.c,
	  src/vbox/vbox_tmpl.c, src/xen/xen_driver.c, src/xenapi/xenapi_driver.c: Add
	  stubs for new driver entry point

	Add domain events for graphics network clients
	This introduces a new event type

	   VIR_DOMAIN_EVENT_ID_GRAPHICS

	The same event can be emitted in 3 scenarios

	  typedef enum {
	      VIR_DOMAIN_EVENT_GRAPHICS_CONNECT = 0,
	      VIR_DOMAIN_EVENT_GRAPHICS_INITIALIZE,
	      VIR_DOMAIN_EVENT_GRAPHICS_DISCONNECT,
	  } virDomainEventGraphicsPhase;

	Connect/disconnect are triggered at socket accept/close.
	The initialize phase is immediately after the protocol
	setup and authentication has completed. ie when the
	client is authorized and about to start interacting with
	the graphical desktop

	This event comes with *a lot* of potential information

	 - IP address, port & address family of client
	 - IP address, port & address family of server
	 - Authentication scheme (arbitrary string)
	 - Authenticated subject identity. A subject may have
	   multiple identities with some authentication schemes.
	   For example, vencrypt+sasl results in a x509dname
	   and saslUsername identities.

	This results in a very complicated callback :-(

	   typedef enum {
	      VIR_DOMAIN_EVENT_GRAPHICS_ADDRESS_IPV4,
	      VIR_DOMAIN_EVENT_GRAPHICS_ADDRESS_IPV6,
	   } virDomainEventGraphicsAddressType;

	   struct _virDomainEventGraphicsAddress {
	       int family;
	       const char *node;
	       const char *service;
	   };
	   typedef struct _virDomainEventGraphicsAddress virDomainEventGraphicsAddress;
	   typedef virDomainEventGraphicsAddress *virDomainEventGraphicsAddressPtr;

	   struct _virDomainEventGraphicsSubject {
	      int nidentity;
	      struct {
	          const char *type;
	          const char *name;
	      } *identities;
	   };
	   typedef struct _virDomainEventGraphicsSubject virDomainEventGraphicsSubject;
	   typedef virDomainEventGraphicsSubject *virDomainEventGraphicsSubjectPtr;

	   typedef void (*virConnectDomainEventGraphicsCallback)(virConnectPtr conn,
	                                                         virDomainPtr dom,
	                                                         int phase,
	                                                         virDomainEventGraphicsAddressPtr local,
	                                                         virDomainEventGraphicsAddressPtr remote,
	                                                         const char *authScheme,
	                                                         virDomainEventGraphicsSubjectPtr subject,
	                                                         void *opaque);

	The wire protocol is similarly complex

	   struct remote_domain_event_graphics_address {
	     int family;
	     remote_nonnull_string node;
	     remote_nonnull_string service;
	   };

	   const REMOTE_DOMAIN_EVENT_GRAPHICS_IDENTITY_MAX = 20;

	   struct remote_domain_event_graphics_identity {
	     remote_nonnull_string type;
	     remote_nonnull_string name;
	   };

	   struct remote_domain_event_graphics_msg {
	     remote_nonnull_domain dom;
	     int phase;
	     remote_domain_event_graphics_address local;
	     remote_domain_event_graphics_address remote;
	     remote_nonnull_string authScheme;
	     remote_domain_event_graphics_identity subject<REMOTE_DOMAIN_EVENT_GRAPHICS_IDENTITY_MAX>;
	   };

	This is currently implemented in QEMU for the VNC graphics
	protocol, but designed to be usable with SPICE graphics in
	the future too.

	* daemon/remote.c: Dispatch graphics events to client
	* examples/domain-events/events-c/event-test.c: Watch for
	  graphics events
	* include/libvirt/libvirt.h.in: Define new graphics event ID
	  and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle graphics events
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for VNC events and emit a libvirt graphics event
	* src/remote/remote_driver.c: Receive and dispatch graphics
	  events to application
	* src/remote/remote_protocol.x: Wire protocol definition for
	  graphics events
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for VNC_CONNECTED,
	  VNC_INITIALIZED & VNC_DISCONNETED events from QEMU monitor

	Add support for an explicit IO error event
	This introduces a new event type

	   VIR_DOMAIN_EVENT_ID_IO_ERROR

	This event includes the action that is about to be taken
	as a result of the watchdog triggering

	  typedef enum {
	     VIR_DOMAIN_EVENT_IO_ERROR_NONE = 0,
	     VIR_DOMAIN_EVENT_IO_ERROR_PAUSE,
	     VIR_DOMAIN_EVENT_IO_ERROR_REPORT,
	  } virDomainEventIOErrorAction;

	In addition it has the source path of the disk that had the
	error and its unique device alias. It does not include the
	target device name (/dev/sda), since this would preclude
	triggering IO errors from other file backed devices (eg
	serial ports connected to a file)

	Thus there is a new callback definition for this event type

	typedef void (*virConnectDomainEventIOErrorCallback)(virConnectPtr conn,
	                                                     virDomainPtr dom,
	                                                     const char *srcPath,
	                                                     const char *devAlias,
	                                                     int action,
	                                                     void *opaque);

	This is currently wired up to the QEMU block IO error events

	* daemon/remote.c: Dispatch IO error events to client
	* examples/domain-events/events-c/event-test.c: Watch for
	  IO error events
	* include/libvirt/libvirt.h.in: Define new IO error event ID
	  and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle IO error events
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for block IO errors and emit a libvirt IO error event
	* src/remote/remote_driver.c: Receive and dispatch IO error
	  events to application
	* src/remote/remote_protocol.x: Wire protocol definition for
	  IO error events
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for BLOCK_IO_ERROR event
	  from QEMU monitor

	Add support for an explicit watchdog event
	This introduces a new event type

	   VIR_DOMAIN_EVENT_ID_WATCHDOG

	This event includes the action that is about to be taken
	as a result of the watchdog triggering

	 typedef enum {
	     VIR_DOMAIN_EVENT_WATCHDOG_NONE = 0,
	     VIR_DOMAIN_EVENT_WATCHDOG_PAUSE,
	     VIR_DOMAIN_EVENT_WATCHDOG_RESET,
	     VIR_DOMAIN_EVENT_WATCHDOG_POWEROFF,
	     VIR_DOMAIN_EVENT_WATCHDOG_SHUTDOWN,
	     VIR_DOMAIN_EVENT_WATCHDOG_DEBUG,
	 } virDomainEventWatchdogAction;

	Thus there is a new callback definition for this event type

	 typedef void (*virConnectDomainEventWatchdogCallback)(virConnectPtr conn,
	                                                       virDomainPtr dom,
	                                                       int action,
	                                                       void *opaque);

	* daemon/remote.c: Dispatch watchdog events to client
	* examples/domain-events/events-c/event-test.c: Watch for
	  watchdog events
	* include/libvirt/libvirt.h.in: Define new watchdg event ID
	  and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle watchdog events
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for watchdogs and emit a libvirt watchdog event
	* src/remote/remote_driver.c: Receive and dispatch watchdog
	  events to application
	* src/remote/remote_protocol.x: Wire protocol definition for
	  watchdog events
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for WATCHDOG event
	  from QEMU monitor

	Add support for an explicit  RTC change event
	This introduces a new event type

	   VIR_DOMAIN_EVENT_ID_RTC_CHANGE

	This event includes the new UTC offset measured in seconds.
	Thus there is a new callback definition for this event type

	 typedef void (*virConnectDomainEventRTCChangeCallback)(virConnectPtr conn,
	                                                        virDomainPtr dom,
	                                                        long long utcoffset,
	                                                        void *opaque);

	If the guest XML configuration for the <clock> is set to
	offset='variable', then the XML will automatically be
	updated with the new UTC offset value. This ensures that
	during migration/save/restore the new offset is preserved.

	* daemon/remote.c: Dispatch RTC change events to client
	* examples/domain-events/events-c/event-test.c: Watch for
	  RTC change events
	* include/libvirt/libvirt.h.in: Define new RTC change event ID
	  and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle RTC change events
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for RTC changes and emit a libvirt RTC change event
	* src/remote/remote_driver.c: Receive and dispatch RTC change
	  events to application
	* src/remote/remote_protocol.x: Wire protocol definition for
	  RTC change events
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for RTC_CHANGE event
	  from QEMU monitor

	Add support for an explicit guest reboot event
	The reboot event is not a normal lifecycle event, since the
	virtual machine on the host does not change state. Rather the
	guest OS is resetting the virtual CPUs. ie, the QEMU process
	does not restart. Thus, this does not belong in the current
	lifecycle events callback.

	This introduces a new event type

	    VIR_DOMAIN_EVENT_ID_REBOOT

	It takes no parameters, besides the virDomainPtr, so it can
	use the generic callback signature.

	* daemon/remote.c: Dispatch reboot events to client
	* examples/domain-events/events-c/event-test.c: Watch for
	  reboot events
	* include/libvirt/libvirt.h.in: Define new reboot event ID
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle reboot events
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for reboots and emit a libvirt reboot event
	* src/remote/remote_driver.c: Receive and dispatch reboot
	  events to application
	* src/remote/remote_protocol.x: Wire protocol definition for
	  reboot events

	Rename domain lifecycle event message
	To avoid confusion, rename the current REMOTE_PROC_DOMAIN_EVENT
	message to REMOTE_PROC_DOMAIN_EVENT_LIFECYCLE. This does not
	cause ABI problems, since the names are only relevant at the source
	code level. On the wire they encoding is a plain integer whose
	value does not change

	* src/remote/remote_protocol.x: Rename REMOTE_PROC_DOMAIN_EVENT
	  to REMOTE_PROC_DOMAIN_EVENT_LIFECYCLE.
	* daemon/remote.c, src/remote/remote_driver.c: Update code for
	  renamed event

	Convert domain events example to new API
	Convert the domain events example program to use the new
	events APIs for one of its callback registrations to demo the
	new API and interoperability with the old API.

	* examples/domain-events/events-c/event-test.c: Convert to
	  new events API

	Remote driver & daemon impl of new event API
	This wires up the remote driver to handle the new events APIs.
	The public API allows an application to request a callback filters
	events to a specific domain object, and register multiple callbacks
	for the same event type. On the wire there are two strategies for
	this

	 - Register multiple callbacks with the remote daemon, each
	   with filtering as needed
	 - Register only one callback per event type, with no filtering

	Both approaches have potential inefficiency. In the first scheme,
	the same event gets sent over the wire many times if multiple
	callbacks are registered. With the second scheme, unneccessary
	events get sent over the wire if a per-domain filter is set on
	the client. The second scheme is far easier to implement though,
	so this patch takes that approach.

	* daemon/dispatch.h: Don't export remoteRelayDomainEvent since it
	  is no longer needed for unregistering callbacks, instead the
	  unique callback ID is used
	* daemon/libvirtd.c, daemon/libvirtd.h: Track and unregister
	  callbacks based on callback ID, instead of function pointer
	* daemon/remote.c: Switch over to using virConnectDomainEventRegisterAny
	  instead of legacy virConnectDomainEventRegister function. Refactor
	  remoteDispatchDomainEventSend() to cope with arbitrary event types
	* src/driver.h, src/driver.c: Move verify() call into source file
	  instead of header, to avoid polluting the global namespace with
	  the verify function name
	* src/remote/remote_driver.c: Implement new APIs for event
	  registration. Refactor processCallDispatchMessage() to cope
	  with arbitrary incoming event types. Merge remoteDomainQueueEvent()
	  into processCallDispatchMessage() to avoid duplication of code.
	  Rename remoteDomainReadEvent() to remoteDomainReadEventLifecycle()
	* src/remote/remote_protocol.x: Define wire format for the new
	  virConnectDomainEventRegisterAny and virConnectDomainEventDeregisterAny
	  functions

	Support new event register/deregister APis in all drivers except remote
	The libvirtd daemon impl will need to switch over to using the
	new event APIs. To make this simpler, ensure all drivers currently
	providing events support both the new APIs and old APIs.

	* src/lxc/lxc_driver.c, src/qemu/qemu_driver.c, src/test/test_driver.c,
	  src/vbox/vbox_tmpl.c, src/xen/xen_driver.c: Implement the new
	  virConnectDomainEvent(Dereg|Reg)isterAny driver entry points

	Add new internal domain events APIs for handling other event types
	The current internal domain events API tracks callbacks based on
	the function pointer, and only supports lifecycle events. This
	adds new internal APIs for registering callbacks for other event
	types. These new APIs are postfixed with the word 'ID' to indicate
	that they operated based on event ID, instead of hardcoded to
	lifecycle events

	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Add new APIs for handling callbacks
	  for non-lifecycle events

	Refactor domain events to handle multiple event types
	The internal domain events APIs are designed to handle the lifecycle
	events. This needs to be refactored to allow arbitrary new event
	types to be handled.

	 * The signature of virDomainEventDispatchFunc changes to use
	   virConnectDomainEventGenericCallback instead of the lifecycle
	   event specific virConnectDomainEventCallback
	 * Every registered callback gains a unique ID to allow its
	   removal based on ID, instead of function pointer
	 * Every registered callback gains an 'eventID' to allow callbacks
	   for different types of events to be distinguished
	 * virDomainEventDispatch is adapted to filter out callbacks
	   whose eventID does not match the eventID of the event being
	   dispatched
	 * virDomainEventDispatch is adapted to filter based on the
	   domain name and uuid, if this filter is set for a callback.
	 * virDomainEvent type/detail fields are moved into a union to
	   allow different data fields for other types of events to be
	   added later

	* src/conf/domain_event.h, src/conf/domain_event.c: Refactor
	  to allow handling of different types of events
	* src/lxc/lxc_driver.c, src/qemu/qemu_driver.c,
	  src/remote/remote_driver.c, src/test/test_driver.c,
	  src/xen/xen_driver.c: Change dispatch function signature
	  to use virConnectDomainEventGenericCallback

	Make internal domain events struct definitions private
	The virtual box driver was directly accesing the domain events
	structs instead of using the APIs provided. To prevent this kind
	of abuse, make the struct definitions private, forcing use of the
	internal APIs. This requires adding one extra internal API.

	* src/conf/domain_event.h, src/conf/domain_event.c: Move
	  virDomainEventCallback and virDomainEvent structs into
	  the source file instead of header
	* src/vbox/vbox_tmpl.c: Use official APIs for dispatching domain
	  events instead of accessing structs directly.

	Introduce a new public API for domain events
	The current API for domain events has a number of problems

	 - Only allows for domain lifecycle change events
	 - Does not allow the same callback to be registered multiple times
	 - Does not allow filtering of events to a specific domain

	This introduces a new more general purpose domain events API

	  typedef enum {
	     VIR_DOMAIN_EVENT_ID_LIFECYCLE = 0,       /* virConnectDomainEventCallback */
	      ...more events later..
	  }

	  int virConnectDomainEventRegisterAny(virConnectPtr conn,
	                                       virDomainPtr dom, /* Optional, to filter */
	                                       int eventID,
	                                       virConnectDomainEventGenericCallback cb,
	                                       void *opaque,
	                                       virFreeCallback freecb);

	  int virConnectDomainEventDeregisterAny(virConnectPtr conn,
	                                         int callbackID);

	Since different event types can received different data in the callback,
	the API is defined with a generic callback. Specific events will each
	have a custom signature for their callback. Thus when registering an
	event it is neccessary to cast the callback to the generic signature

	eg

	  int myDomainEventCallback(virConnectPtr conn,
	                            virDomainPtr dom,
	                            int event,
	                            int detail,
	                            void *opaque)
	  {
	    ...
	  }

	  virConnectDomainEventRegisterAny(conn, NULL,
	                                   VIR_DOMAIN_EVENT_ID_LIFECYCLE,
	                                   VIR_DOMAIN_EVENT_CALLBACK(myDomainEventCallback)
	                                   NULL, NULL);

	The VIR_DOMAIN_EVENT_CALLBACK() macro simply does a "bad" cast
	to the generic signature

	* include/libvirt/libvirt.h.in: Define new APIs for registering
	  domain events
	* src/driver.h: Internal driver entry points for new events APIs
	* src/libvirt.c: Wire up public API to driver API for events APIs
	* src/libvirt_public.syms: Export new APIs
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_driver.c, src/phyp/phyp_driver.c,
	  src/qemu/qemu_driver.c, src/remote/remote_driver.c,
	  src/test/test_driver.c, src/uml/uml_driver.c,
	  src/vbox/vbox_tmpl.c, src/xen/xen_driver.c,
	  src/xenapi/xenapi_driver.c: Stub out new API entries

2010-03-26  Eric Blake  <eblake@redhat.com>

	maint: update syntax-check rule to also catch test's -o operator
	* cfg.mk (sc_prohibit_test_minus_a): Rename...
	(sc_prohibit_test_minus_ao): ...and flag '-o', too.

2010-03-26  Jim Meyering  <meyering@redhat.com>

	tests: teach syntax-check that virDomainDefFree has free-like semantics
	* cfg.mk (useless_free_options): Add virDomainDefFree to the list
	of free-like functions.
	* src/test/test_driver.c (testDomainCreateXML): Remove useless-if-
	before-virDomainDefFree.
	* src/conf/domain_conf.c (virDomainAssignDef): Likewise

2010-03-25  Jiri Denemark  <jdenemar@redhat.com>

	Add entry point logging for cpu functions

2010-03-25  Eric Blake  <eblake@redhat.com>

	build: don't use "test cond1 -o cond2": it's not portable
	* configure.ac: Use "test cond1 || test cond2" instead.
	* m4/compiler-flags.m4 (gl_COMPILER_FLAGS): Likewise.
	* tests/test-lib.sh (verbose): Likewise.

2010-03-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Make the conf parser compare names case insensitive in VMX mode
	The keys of entries in a VMX file are case insensitive. Both scsi0:1.fileName
	and scsi0:1.filename are valid. Therefore, make the conf parser compare names
	case insensitive in VMX mode to accept every capitalization variation.

	Also add test cases for this.

	vbox: Fix segfault on empty device source
	<source file=''/> results in def->disks[i]->src == NULL. But
	vboxDomainDefineXML and vboxDomainAttachDevice didn't check
	def->disks[i]->src for NULL and expected it to be a valid string.

	Add checks for def->disks[i]->src != NULL to fix the segfault.

2010-03-24  Philipp Hahn  <hahn@univention.de>

	python example: poll(-0.001) does not sleep forever
	The conversion from seconds to milliseconds should only be done for
	actual delays >= 0, not for the magic -1 value used for infinite
	timeouts.

2010-03-24  Jim Meyering  <meyering@redhat.com>

	build: suppress distracting build output
	* src/Makefile.am (augeas-check): New target, just to give the existing
	rule a name.  At the same time, prefix the commands with $(AM_V_GEN),
	to avoid unexpected build output with V=0 which is the default.

	maint: add syntax-check rule to prohibit use of test's -a operator
	* cfg.mk (sc_prohibit_test_minus_a): New rule.

	build: don't use "test cond1 -a cond2" in configure: it's not portable
	* configure.ac: Use "test cond1 && test cond2" instead.

	tests: shell script portability and clean-up
	* tests/test-lib.sh: "echo -n" is not portable.  Use printf instead.
	Remove unnecessary uses of "eval-in-subshell" (subshell is sufficient).
	Remove uses of tests' -a operator; it is not portable.
	Instead, use "test cond && test cond2".
	* tests/schematestutils.sh: Replace use of test's -a.

2010-03-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Don't add extra padding if counter mod 40 is 0
	This change only affects the output of tests that have an exact
	multiple of 40 test cases. For example the domainschematest currently:

	TEST: domainschematest
	      ........................................ 40
	      ........................................ 80
	      ........................................ 120
	      ........................................ 160
	      ........................................                                         200 OK
	PASS: domainschematest

	It outputs additional 40 spaces on the last line.

	The domainschematest output is fixed by the change in test-lib.sh. The
	change in testutils.c fixes this for tests written in C. Currently no
	C test has an exact multiple of 40 test cases, but I checked it and
	the same problem exists there.

	This patch stops that in both cases.

2010-03-23  Jiri Denemark  <jdenemar@redhat.com>

	Fix error reporting when parsing CPU XML strings

	Use common XML parsing functions

	Introduce XML parsing utility functions

2010-03-23  Jim Meyering  <meyering@redhat.com>

	virDomainDiskDefAssignAddress: return int, not void
	Before, this function would blindly accept an invalid def->dst
	and then abuse the idx=-1 it would get from virDiskNameToIndex,
	when passing it invalid strings like "xvda:disk" and "sda1".
	Now, this function returns -1 upon failure.
	* src/conf/domain_conf.c (virDomainDiskDefAssignAddress): as above.
	Update callers.
	* src/conf/domain_conf.h: Update prototype.
	* src/qemu/qemu_conf.c: Update callers.

	tests: do not use the ":disk" suffix in sample xml input
	* tests/xml2sexprdata/xml2sexpr-curmem.xml: Remove ":disk" suffix from
	"<target dev=" value.
	* tests/xml2sexprdata/xml2sexpr-pv-localtime.xml: Likewise.
	* tests/xml2sexprdata/xml2sexpr-curmem.sexpr: Update expected output
	to match.
	* tests/xml2sexprdata/xml2sexpr-pv-localtime.sexpr: Likewise.

	virDiskNameToIndex: ignore trailing digits
	* src/util/util.c (virDiskNameToIndex): Accept sda1, and map it to "sda".
	I.e., accept and ignore any string of trailing digits.

2010-03-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	util: Add stubs for some functions on Windows
	virSetCloseExec and virExecDaemonize were missing a body on Windows.

	Add HAVE_PTHREAD_H guard for pthread_sigmask
	Correctly disable pthread related code if pthread is not avialable,
	in order to get it compile with MinGW on Windows.

	bootstrap: Enable copy-mode for MinGW builds
	MSYS' ln doesn't work well in the way bootstrap uses it with relative paths.

	util: Handle lack of (f)chmod and (f)chown on Windows
	Even if gnulib can provide stubs, it won't help that much. So just
	replace affected util functions (virFileOperation and virDirCreate)
	with stubs on Windows. Both functions aren't used on libvirt's
	client side, so this is fine for MinGW builds.

	bootstrap: Remove rsync from buildreq list
	rsync is used to download .po files, but SKIP_PO=true is set and
	downloading .po files is skipped.

	This also fixes a problem with MinGW builds, because rsync is not
	available for MinGW.

	util: Make some conditional symbols unconditional
	Add dummy bodies for HAVE_GETPWUID_R and HAVE_MNTENT_H dependent
	functions for MinGW builds.

	Make sure virtTestCaptureProgramOutput has a body on Windows
	Now the virsh tests compile at least.

	Fix export of virConnectAuthPtrDefault for MinGW builds
	Use the __declspec(dllexport/dllimport) stuff to export the symbol,
	otherwise accessing virConnectAuthPtrDefault triggers a segfault.

	Remove interfaceRegister from libvirt_private.syms
	This symbol is conditional, it would need to be exported conditional to
	work properly with MinGW. So just remove it, as no other driver register
	function is listed in the symbols files.

	Export conditional state driver symbols only when they are defined
	This is necessary for MinGW builds.

	Make sure uid_t and gid_t are available

	esx: Add esxVI_LookupVirtualMachineByName
	Used in esxDomainLookupByName and to be used in esxDomainDefineXML later.

	esx: Fix potential memory leak in esxVI_BuildFullTraversalSpecItem
	If esxVI_String_DeepCopyValue or esxVI_SelectionSpec_AppendToList fail
	then selectionSpec would leak. Add a free call in the failure path to
	fix the leak.

	esx: Cleanup file header comments
	Replace 'method' with 'function' and get the filename's suffix right.

	esx: Generate method mappings via macros
	This is actually a consequence of the reworked required parameter
	checking: Unify the required parameter check into a Validate function
	instead of doing it separately im the (de)serialization part.

	The required parameter checking for the mapped methods parameter was
	done in the (de)serialize functions before. Now it's explicitly done
	in the mapped method itself.

2010-03-22  Jim Fehlig  <jfehlig@novell.com>

	Avoid libvirtd crash when cgroups is not configured on host
	Invoking virDomainSetMemory() on lxc driver results in libvirtd
	segfault when cgroups has not been configured on the host.

	Ensure driver->cgroup is non-null before invoking
	virCgroupForDomain().  To prevent similar segfaults in the future,
	ensure driver parameter to virCgroupForDomain() is non-null before
	dereferencing.

2010-03-22  Cole Robinson  <crobinso@redhat.com>

	security: selinux: Fix crash when releasing non-existent label
	This can be triggered by the qemuStartVMDaemon cleanup path if a
	VM references a non-existent USB device (by product) in the XML.

2010-03-22  Guido Günther  <agx@sigxcpu.org>

	Don't crash without a security driver
	"virsh dominfo <vm>" crashes if there's no primary security driver set
	since we only intialize the secmodel.model and secmodel.doi if we have
	one. Attached patch checks for securityPrimaryDriver instead of
	securityDriver since the later is always set in qemudSecurityInit().

	Closes: http://bugs.debian.org/574359

2010-03-20  Jiri Denemark  <jdenemar@redhat.com>

	Add migrate-setmaxdowntime command to virsh

	Implement virDomainMigrateSetMaxDowntime in qemu driver

	Implement virDomainMigrateSetMaxDowntime in remote driver

	Wire protocol and dispatcher for virDomainMigrateSetMaxDowntime

	Public virDomainMigrateSetMaxDowntime API

	Internal driver API for virDomainMigrateSetMaxDowntime

2010-03-20  David Allan  <dallan@redhat.com>

	Virsh support for vol wiping

	Simplified version of volume wiping based on feedback from the list.

	Implement remote bits for vol wiping

	Implement the public API for vol wiping

	Define the internal driver API for vol wiping
	Also add vol wiping to ESX storage driver struct

	Add public API for volume wiping

2010-03-19  Laine Stump  <laine@laine.org>

	Support vhost-net mode at qemu startup for virtio network devices
	Attempt to turn on vhost-net mode for devices of type NETWORK, BRIDGE,
	and DIRECT (macvtap).

	* src/qemu/qemu_conf.h: add vhostfd to qemuBuildHostNetStr prototype
	  add qemudOpenVhostNet prototype new flag to set when :,vhost=" found in
	  qemu help
	* src/qemu/qemu_conf.c: * set QEMUD_CMD_FLAG_VNET_HOST is ",vhost=" found
	  in qemu help
	   - qemudOpenVhostNet - opens /dev/vhost-net to pass to qemu if everything
	     is in place to use it.
	   - qemuBuildHostNetStr - add vhostfd to commandline if it's not empty
	     (higher levels decide whether or not to fill it in)
	   - qemudBuildCommandLine - if /dev/vhost-net is successfully opened, add
	     its fd to tapfds array so it isn't closed on qemu exec, and populate
	     vhostfd_name to be passed in to commandline builder.
	* src/qemu/qemu_driver.c: add filler 0 for new arg to qemuBuildHostNetStr,
	  along with a note that this must be implemented in order for hot-plug of
	  vhost-net virtio devices to work properly (once qemu "netdev_add" monitor
	  command is implemented).

2010-03-19  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Fix FD leak in qemudStartVMDaemon
	The logfile FD is dup2'ed in __virExec in the child. The FD needs to
	be closed in the parent, otherwise it leaks.

2010-03-19  Eric Blake  <eblake@redhat.com>

	util: ensure virMutexInit is not recursive
	POSIX states that creation of a mutex with default attributes
	is unspecified whether the mutex is recursive or non-recursive.
	We specifically want non-recursive (deadlock is desirable in
	flushing out coding bugs that used our mutex incorrectly).

	* src/util/threads-pthread.c (virMutexInit): Specifically request
	non-recursive mutex, rather than relying on unspecified default.

	maint: enforce recent copyright style
	* cfg.mk (sc_copyright_format): New rule.

2010-03-18  Eric Blake  <eblake@redhat.com>

	maint: make Red Hat copyright notices consistent
	Spell out 'Red Hat, Inc.':
	 git grep -i 'Copyright.*Red Hat' | grep -v Inc

	Include (C) consistently:
	 git grep -i 'Copyright [^(].*Red Hat'

	* src/lxc/lxc_container.c: Update copyright formatting.
	* src/node_device/node_device_udev.c: Likewise.
	* src/node_device/node_device_udev.h: Likewise.
	* src/xen/xend_internal.h: Likewise.
	* src/xen/xm_internal.c: Likewise.
	* src/xen/xm_internal.h: Likewise.
	* tests/xmconfigtest.c: Likewise.
	* tests/object-locking.ml: Likewise.
	* tools/virt-pki-validate.in: Likewise.
	* tools/virt-xml-validate.in: Likewise.

	maint: fix typo
	* cfg.mk (sc_prohibit_gettext_noop): Fix typo

	maint: enforce recent N_ usage
	* cfg.mk (sc_prohibit_gettext_noop): New rule applied in "make syntax-check"

2010-03-18  Daniel Veillard  <veillard@redhat.com>

	Fix logroate rpm build breakage
	related to fix of bug https://bugzilla.redhat.com/show_bug.cgi?id=547514

	Fix LSB compliance of init script
	https://bugzilla.redhat.com/show_bug.cgi?id=538701

	* daemon/libvirtd.init.in: daemon/libvirtd.init.in were not mentionned
	  in the usage message and if a missing or wrong argument is given it
	  should return 2, not 1

2010-03-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: <pre> cannot be nested in <p>
	xsltproc complained about this.

2010-03-18  Philip Hahn  <hahn@univention.de>

	python: Fix networkLookupByUUID
	According to:

	http://libvirt.org/html/libvirt-libvirt.html#virNetworkLookupByUUID

	virNetworkLookupByUUID() expects a virConnectPtr as its first argument,
	thus making it a method of the virConnect Python class.

	Currently it's a method of libvirt.virNetwork.

	@@ -805,13 +805,6 @@ class virNetwork:
	         if ret == -1: raise libvirtError ('virNetworkGetAutostart() failed', net=self)
	         return ret

	-    def networkLookupByUUID(self, uuid):
	-        """Try to lookup a network on the given hypervisor based on its UUID. """
	-        ret = libvirtmod.virNetworkLookupByUUID(self._o, uuid)
	-        if ret is None:raise libvirtError('virNetworkLookupByUUID() failed', net=self)
	-        __tmp = virNetwork(self, _obj=ret)
	-        return __tmp
	-
	 class virInterface:
	     def __init__(self, conn, _obj=None):
	         self._conn = conn
	@@ -1689,6 +1682,13 @@ class virConnect:
	         __tmp = virDomain(self,_obj=ret)
	         return __tmp

	+    def networkLookupByUUID(self, uuid):
	+        """Try to lookup a network on the given hypervisor based on its UUID. """
	+        ret = libvirtmod.virNetworkLookupByUUID(self._o, uuid)
	+        if ret is None:raise libvirtError('virNetworkLookupByUUID() failed', conn=self)
	+        __tmp = virNetwork(self, _obj=ret)
	+        return __tmp
	+

2010-03-18  Cole Robinson  <crobinso@redhat.com>

	.gitignore: Ignore generated daemon/libvirtd.logrotate

	Fix make dist with XenAPI changes

2010-03-17  Jiri Denemark  <jdenemar@redhat.com>

	Allow suspend during live migration
	Currently no command can be sent to a qemu process while another job is
	active. This patch adds support for signaling long-running jobs (such as
	migration) so that other threads may request predefined operations to be
	done during such jobs. Two signals are defined so far:
	    - QEMU_JOB_SIGNAL_CANCEL
	    - QEMU_JOB_SIGNAL_SUSPEND

	The first one is used by qemuDomainAbortJob.

	The second one is used by qemudDomainSuspend for suspending a domain
	during migration, which allows for changing live migration into offline
	migration. However, there is a small issue in the way qemudDomainSuspend
	is currently implemented for migrating domains. The API calls returns
	immediately after signaling migration job which means it is asynchronous
	in this specific case.

2010-03-17  Jim Meyering  <meyering@redhat.com>

	do not require two ./autogen.sh runs to permit "make"
	* autogen.sh (bootstrap_hash): New function.
	Running bootstrap may update the gnulib SHA1, yet we were computing
	t=$(git submodule status ...) *prior* to running bootstrap, and
	then recording that sometimes-stale value in the stamp file upon
	a successful bootstrap run.  That would require two (lengthy!)
	bootstrap runs to update the stamp file.

2010-03-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	phyp: Use virRequestUsername and virRequestPassword

	xenapi: Don't leak url and caps in case of error

	xenapi: Check for NULL before accessing the scheme

	xenapi: Request a username if there is non in the URI
	Use virRequestUsername and virRequestPassword.

	xenapi: Check for valid private data in xenapiSessionErrorHandle

	esx: Move username and password helper functions to authhelper.c

2010-03-17  Jim Meyering  <meyering@redhat.com>

	fix two "make syntax check" failures
	* src/xenapi/xenapi_driver.c (xenapiOpen): Remove useless-if-before-free.
	* po/POTFILES.in: Add src/xenapi/xenapi_utils.c.

2010-03-16  Jiri Denemark  <jdenemar@redhat.com>

	Use WARN_CFLAGS when compiling virsh.c

	Use fsync() at the end of file allocation instead of O_DSYNC
	Instead of opening storage file with O_DSYNC, make sure data are written
	to a disk only before we claim allocation has finished.

2010-03-16  Jim Meyering  <meyering@redhat.com>

	Revert f5a6ce44ce8368d4183b69a31b77f67688d9af43
	* src/qemu/qemu_driver.c (qemudDomainAttachSCSIDisk): The ".controller"
	member is an index, and *may* be 0.  As such, the commit that we're
	reverting broke SCSI disk hot-plug on controller 0.
	Reported by Wolfgang Mauerer.

2010-03-16  Cole Robinson  <crobinso@redhat.com>

	security: Set permissions for kernel/initrd
	Fixes URL installs when running virt-install as root on Fedora.

	qemu: Fix USB by product with security enabled
	We need to call PrepareHostdevs to determine the USB device path before
	any security calls. PrepareHostUSBDevices was also incorrectly skipping
	all USB devices.

	qemu: Add some debugging at domain startup

2010-03-16  Daniel Veillard  <veillard@redhat.com>

	qemu: pass the information when disks are read-only
	* src/qemu/qemu_conf.c: add the ",readonly=on" for read-only disks
	  and also parse it back in qemuParseCommandLineDisk()
	* tests/qemuxml2argvtest.c
	  tests/qemuxml2argvdata/qemuxml2argv-disk-drive-readonly-disk.args
	  tests/qemuxml2argvdata/qemuxml2argv-disk-drive-readonly-disk.xml:
	  add a specific regression test

2010-03-15  Jiri Denemark  <jdenemar@redhat.com>

	Fix syntax-check errors

	Fix error messages in qemu text monitor

2010-03-15  Sharadha Prabhakar  <sharadha.prabhakar@citrix.com>

	xenapi: Initial commit of the new driver

2010-03-13  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Improve documentation about remote URIs

	macvtap: Only export symbols if support is enabled

2010-03-13  Chris Lalancette  <clalance@redhat.com>

	Only use the numa functions when they are available.

2010-03-12  Chris Lalancette  <clalance@redhat.com>

	Make nodeGetInfo report the correct number of NUMA nodes.
	The nodeGetInfo code was always assuming that machine had a
	single NUMA node, which is not correct.  The good news is that
	libnuma gives us this information pretty easily, so let's
	properly report it.

	NOTE: With recent hardware starting to support CPU hot-add
	and hot-remove, both this code and the nodeCapsInitNUMA()
	code are quickly going to become obsolete.  We'll have to
	think of a more dynamic solution for dealing with NUMA
	nodes and CPUs that can come and go at will.

	Fix crash in virsh after bogus command
	If you ran virsh in interactive mode and ran a command
	that virsh could not parse, it would then SEGV
	on subsequent commands.  The problem is that we are
	freeing the vshCmd structure in the syntaxError label
	at the end of vshCommandParse, but forgetting to
	set ctl->cmd to NULL.  This means that on the next command,
	we would try to free the same structure again, leading
	to badness.

	* tools/virsh.c: Make sure to set ctl->cmd to NULL after
	  freeing it in vshCommandParse()

	Fix virsh command 'cd'
	* tools/virsh.c: cmdCd was returning a 0 on success and -1 on error,
	  when the rest of the code expected a TRUE on success and a
	  FALSE on error.

2010-03-12  Laine Stump  <laine@laine.org>

	Fix compiler warnings in virsh.c
	No functional change. These all generated compiler warnings which, for
	some reason weren't converted to errors by
	--enable-compiler-warnings=error.

	* tools/virsh.c:
	  - change return type from int to void on two functions that don't
	    return a value.
	  - remove unused variables/labels from two functions
	  - eliminate non-literal format strings
	  - typecast char* into xmlChar* when calling
	  - xmlParseBalancedChunkMemory

	Silence compiler complaints about non-literal format strings
	* src/util/macvtap.c: replace _("....") with "%s", _("...") in two places

2010-03-12  Daniel Veillard  <veillard@redhat.com>

	Update commiters list

2010-03-12  Chris Lalancette  <clalance@redhat.com>

	Fix hang in qemudDomainCoreDump.
	Currently if you dump the core of a qemu guest with
	qemudDomainCoreDump, subsequent commands will hang
	up libvirtd.  This is because qemudDomainCoreDump
	uses qemuDomainWaitForMigrationComplete, which expects
	the qemuDriverLock to be held when it's called.  This
	patch does the simple thing and moves the qemuDriveUnlock
	to the end of the qemudDomainCoreDump so that the driver
	lock is held for the entirety of the call (as it is done
	in qemudDomainSave).  We will probably want to make the
	lock more fine-grained than that in the future, but
	we can fix both qemudDomainCoreDump and qemudDomainSave
	at the same time.

	Make sure qemudDomainSetVcpus doesn't hang.
	The code to add job support into libvirtd caused a problem
	in qemudDomainSetVcpus.  In particular, a qemuDomainObjEndJob()
	call was added at the end of the function, but a
	corresponding qemuDomainObjBeginJob() was not.  Additionally,
	a call to qemuDomainObj{Enter,Exit}Monitor() was also missed
	in qemudDomainHotplugVcpus().  These missing calls conspired to
	cause a hang in the libvirtd process after the command was
	finished.  Fix this by adding the missing calls.

2010-03-11  Chris Lalancette  <clalance@redhat.com>

	Remove qemudDomainSetMaxMemory.
	As previously discussed[1], this patch removes the
	qemudDomainSetMaxMemory() function, since it doesn't
	work.  This means that instead of getting somewhat
	cryptic errors, you will now get:

	error: Unable to change MaxMemorySize
	error: this function is not supported by the hypervisor: virDomainSetMaxMemory

	Which describes the situation perfectly.

	[1] https://www.redhat.com/archives/libvir-list/2010-February/msg00928.html

	Fix a JSON CPU information bug.
	When using the JSON monitor, qemuMonitorJSONExtractCPUInfo
	was returning 0 on success.  Unfortunately, higher levels of
	the cpuinfo code expect that it returns the number of CPUs
	it found on success.  This one-line patch fixes it so that
	it returns the correct number.  This makes "virsh vcpuinfo <domain>"
	work when using the JSON monitor.

2010-03-11  Ed Swierk  <eswierk@aristanetworks.com>

	Allow devices without a parent
	* Allow devices without parent links to be created and set their parent to the root "computer" node

2010-03-11  Eric Blake  <eblake@redhat.com>

	build: change to gnulib module list should rerun bootstrap
	* autogen.sh (curr_status): Also include hash of bootstrap.conf
	when checking for changes that require bootstrap rerun.
	* cfg.mk (_update_required): Likewise.

	build: enforce preprocessor indentation
	Since cppi is not part of Fedora Core 12, the check is conditional:
	without cppi, running 'make syntax-check' merely warns:

	$ make sc_preprocessor_indentation
	preprocessor_indentation
	maint.mk: skipping test sc_preprocessor_indentation: cppi not installed

	* cfg.mk (sc_preprocessor_indentation): New syntax-check rule.
	(preprocessor_exempt): New macro, with first exemption.

2010-03-11  Jim Meyering  <meyering@redhat.com>

	build: update gnulib submodule to newer (but not latest)
	This is a stop-gap measure to make autogen.sh rerun ./bootstrap,
	(required due to recent bootstrap.conf addition) while we prepare
	the fix to automatically detect the case of an updated modules list.

2010-03-11  David Allan  <dallan@redhat.com>

	Free resources on error in udev startup
	* The udev driver didn't properly free resources that it allocates when setting up the 'computer' device in the error case.

2010-03-11  Daniel Veillard  <veillard@redhat.com>

	Make virsh reconnect when losing connection
	When the daemon libvirtd restarts, a connected virsh gets a SIGPIPE
	and dies. This change the behaviour to try to reconnect if the
	signal was received or command error indicated a connection or RPC
	failure. Note that the failing command is not restarted.

	* tools/virsh.c: catch SIGPIPE signals as well as connection related
	  failures, add some automatic reconnection code and appropriate error
	  messages.

2010-03-10  Chris Lalancette  <clalance@redhat.com>

	Fix up nodeinfo parsing code.
	As pointed out by eblake, I made a real hash of the
	nodeinfo code with commit
	aa2f6f96ddd7a57011c3d25586d588100651feb2.  This patch
	cleans it up:

	1)  Do more work at compile time instead of runtime (minor)
	2)  Properly handle the hex digits that come from
	/sys/devices/system/cpu/cpu*/topology/thread_siblings
	3)  Fix up some error paths that could cause SEGV
	4)  Used unsigned's for the cpu numbers (cpu -1 doesn't
	make any sense)

	Along with the recent patch from jdenemar to zero out
	the nodeinfo structure, I've re-tested this on the
	machines having the problems, and it seems to be good.

2010-03-10  Daniel Veillard  <veillard@redhat.com>

	Change logrotate to be per-hypervisor logs
	Having a single logrotate configuration file for all hypervisors
	did not work as logrotate would get confused if an hypervisor not
	supported on that platform was still listed. Simplest is to split
	the logrotate as separate per hypervisor files and change the
	spec file to only install the ones compiled in.
	* daemon/libvirtd.lxc.logrotate.in daemon/libvirtd.qemu.logrotate.in
	  daemon/libvirtd.uml.logrotate.in: copy and split the original
	  daemon/libvirtd.logrotate.in file
	* daemon/Makefile.am: update to support the different files and
	  cleanup in sed suggested by Eric Blake
	* libvirt.spec.in: only install the relevant logrotate configs
	* daemon/.gitignore: update logrotate generated list

2010-03-10  Eric Blake  <eblake@redhat.com>

	build: consistently indent preprocessor directives
	* global: patch created by running:
	for f in $(git ls-files '*.[ch]') ; do
	    cppi $f > $f.t && mv $f.t $f
	done

	virsh: use N_ rather than gettext_noop
	With N_() in place, we can use it for a smaller file.

	* doc/api-extension/0008-Step-8-of-8-Add-virsh-support.patch:
	Replace all uses of gettext_noop with N_.
	* tools/virsh.c: Likewise, throughout the file.

	virsh: fix existing N_ uses
	It is a bad idea to call gettext on an already-translated
	string.  In cases where a string must be translated separately
	from where it is exposed to xgettext, the gettext manual
	recommends the idiom of N_() wrapping gettext_noop for
	marking the string.

	* src/internal.h (N_): Fix definition to match gettext manual.
	* tools/virsh.c: (cmdHelp, cmdList, cmdDomstate, cmdDominfo)
	(cmdVcpuinfo, vshUsage): Replace incorrect use of N_ with _.
	(vshCmddefHelp): Likewise.  Mark C format strings appropriately.

2010-03-10  Jim Meyering  <meyering@redhat.com>

	doc: fix typos in hacking.html.in; mark HACKING as read-only
	* HACKING: Mark as read-only.  Soon we'll generate it from...
	* docs/hacking.html.in: ... this file.  More typo fixes.

2010-03-10  Jiri Denemark  <jdenemar@redhat.com>

	Fix copy&paste typos in virProcessInfoGetAffinity

	Wipe nodeinfo structure before filling it
	The nodeinfo structure wasn't initialized in qemu driver and with the
	recent change in CPU topology parsing, old value of nodeinfo->sockets
	could be used and incremented giving totally bogus results.

	Let's just wipe the structure completely.

2010-03-10  Jim Meyering  <meyering@redhat.com>

	doc: fix more typos in HACKING
	* HACKING: More spelling/typo fixes.

2010-03-10  Eric Blake  <eblake@redhat.com>

	AUTHORS: add recent contributors

	hacking: add a section on preprocessor conventions
	* doc/hacking.html.in (preprocessor): New section to document
	recently-discussed style issues.

	hacking: fix typos
	* docs/hacking.html.in (committers): Fix spelling and grammar.

2010-03-09  Laine Stump  <laine@laine.org>

	Fix format string warnings
	A few more non-literal format strings in error log messages have crept
	in. Fix them in the standard way - turn the format string into "%s"
	with the original string as the arg.

2010-03-09  Stefan Berger  <stefanb@us.ibm.com>

	macvtap build detection fix
	* configure.ac: fix the header test used for macvtap availability
	  detection

2010-03-09  Soren Hansen  <soren@ubuntu.com>

	Fix virDomainGetXMLDesc cache settings output
	If a special cache strategy for a disk has been specified in a domain
	definition, but no driverName has been set, virDomainGetXMLDesc would not
	include the <driver> tag at all.

	* src/conf/domain_conf.c: make sure any <driver> tag setting is
	  serialized if set.

2010-03-08  David Allan  <dallan@redhat.com>

	Update hacking.html.in
	* Added section on use of goto
	* Added missing content from HACKING document

2010-03-08  Chris Lalancette  <clalance@redhat.com>

	Get thread and socket information in virsh nodeinfo.
	The current code for "nodeinfo" is pretty naive
	about socket and thread information.  To determine the
	sockets, it just takes the number of cpus and divides
	by the number of cores.  For the thread count, it always
	sets it to 1.  With more recent Intel machines, however,
	hyperthreading is again an option, meaning that these
	heuristics no longer work and give bogus numbers.  This
	patch goes through /sys to get the additional
	information so we properly report it.

	Note that I had to edit the tests not to report on
	socket and thread counts, since these are determined
	dynamically now.

	v2: As pointed out by Eric Blake, gnulib provides
	    count-one-bits (which is LGPLv2+).  Use it instead
	    of a hand-coded popcnt.

2010-03-08  Adam Litke  <agl@us.ibm.com>

	Fix locking in qemudDomainMemoryStats
	When adding domainMemoryStats API support for the qemu driver, I didn't
	follow the locking rules exactly.  The job condition must be held when
	executing monitor commands.  This corrects the segfaults I was seeing
	when calling domainMemoryStats in a multi-threaded environment.

	* src/qemu/qemu_driver.c: in qemudDomainMemoryStats() add missing
	  calls to qemuDomainObjBeginJob/qemuDomainObjEndJob

2010-03-08  Laine Stump  <laine@laine.org>

	Eliminate large stack buffer in doTunnelSendAll
	doTunnelSendAll function (used by QEMU migration) uses a 64k buffer on
	the stack, which could be problematic. This patch replaces that with a
	buffer from the heap.

	While in the neighborhood, this patch also improves error reporting in
	the case that saferead fails - previously, virStreamAbort() was called
	(resetting errno) before reporting the error. It's been changed to
	report the error first.

	* src/qemu/qemu_driver.c: fix doTunnelSendAll() to use a malloc'ed
	  buffer

2010-03-08  Eric Blake  <eblake@redhat.com>

	build: consistently use C99 varargs macros
	Prior to this patch, there was an inconsistent mix between GNU and C99.

	For consistency, and potential portability to other compilers, stick
	with the C99 vararg macro syntax.

	* src/conf/cpu_conf.c (virCPUReportError): Use C99 rather than GNU
	  vararg macro syntax.
	* src/conf/domain_conf.c (virDomainReportError): Likewise.
	* src/conf/domain_event.c (eventReportError): Likewise.
	* src/conf/interface_conf.c (virInterfaceReportError): Likewise.
	* src/conf/network_conf.c (virNetworkReportError): Likewise.
	* src/conf/node_device_conf.h (virNodeDeviceReportError): Likewise.
	* src/conf/secret_conf.h (virSecretReportError): Likewise.
	* src/conf/storage_conf.h (virStorageReportError): Likewise.
	* src/esx/esx_device_monitor.c (ESX_ERROR): Use C99 rather than
	  GNU vararg macro syntax.
	* src/esx/esx_driver.c (ESX_ERROR): Likewise.
	* src/esx/esx_interface_driver.c (ESX_ERROR): Likewise.
	* src/esx/esx_network_driver.c (ESX_ERROR): Likewise.
	* src/esx/esx_secret_driver.c (ESX_ERROR): Likewise.
	* src/esx/esx_storage_driver.c (ESX_ERROR): Likewise.
	* src/esx/esx_util.c (ESX_ERROR): Likewise.
	* src/esx/esx_vi.c (ESX_VI_ERROR): Likewise.
	* src/esx/esx_vi_methods.c (ESX_VI_ERROR): Likewise.
	* src/esx/esx_vi_types.c (ESX_VI_ERROR): Likewise.
	* src/esx/esx_vmx.c (ESX_ERROR): Likewise.
	* src/util/hostusb.c (usbReportError): Use C99 rather than GNU
	  vararg macro syntax.
	* src/util/json.c (virJSONError): Likewise.
	* src/util/macvtap.c (ReportError): Likewise.
	* src/util/pci.c (pciReportError): Likewise.
	* src/util/stats_linux.c (virStatsError): Likewise.
	* src/util/util.c (virUtilError): Likewise.
	* src/util/xml.c (virXMLError): Likewise.
	* src/xen/proxy_internal.c (virProxyError): Use C99 rather than
	  GNU vararg macro syntax.
	* src/xen/sexpr.c (virSexprError): Likewise.
	* src/xen/xen_driver.c (xenUnifiedError): Likewise.
	* src/xen/xen_hypervisor.c (virXenError): Likewise.
	* src/xen/xen_inotify.c (virXenInotifyError): Likewise.
	* src/xen/xend_internal.c (virXendError): Likewise.
	* src/xen/xm_internal.c (xenXMError): Likewise.
	* src/xen/xs_internal.c (virXenStoreError): Likewise.
	* src/cpu/cpu.h (virCPUReportError): Use C99 rather than GNU
	  vararg macro syntax.
	* src/datatypes.c (virLibConnError): Likewise.
	* src/interface/netcf_driver.c (interfaceReportError): Likewise.
	* src/libvirt.c (virLibStreamError): Likewise.
	* src/lxc/lxc_conf.h (lxcError): Likewise.
	* src/network/bridge_driver.c (networkReportError): Likewise.
	* src/nodeinfo.c (nodeReportError): Likewise.
	* src/opennebula/one_conf.h (oneError): Likewise.
	* src/openvz/openvz_conf.h (openvzError): Likewise.
	* src/phyp/phyp_driver.c (PHYP_ERROR): Likewise.
	* src/qemu/qemu_conf.h (qemuReportError): Likewise.
	* src/remote/remote_driver.c (errorf): Likewise.
	* src/security/security_driver.h (virSecurityReportError): Likewise.
	* src/test/test_driver.c (testError): Likewise.
	* src/uml/uml_conf.h (umlReportError): Likewise.
	* src/vbox/vbox_driver.c (vboxError): Likewise.
	* src/vbox/vbox_tmpl.c (vboxError): Likewise.

2010-03-06  Jim Meyering  <meyering@redhat.com>

	ebtablesAddRemoveRule: avoid dead store
	* src/util/ebtables.c (ebtablesAddRemoveRule): Avoid dead store
	to local, "s".

	virInterfaceDefParseBond: avoid dead stores
	* src/conf/interface_conf.c (virInterfaceDefParseBond): Avoid dead stores
	to local, "node".  Remove declaration, too.

	xenXMDomainConfigParse: avoid dead store
	* src/xen/xm_internal.c (xenXMDomainConfigParse): Avoid dead store
	to local, "data".  Remove declaration, too.

	qemudDomainAttachSCSIDisk: handle empty controller list
	* src/qemu/qemu_driver.c (qemudDomainAttachSCSIDisk): Handle
	the (theoretical) case of an empty controller list, so that
	clang does not think the subsequent dereference of "cont"
	would dereference an undefined variable (due to preceding
	loop not iterating even once).

	qemu restore: don't let corrupt input provoke unwarranted OOM
	* src/qemu/qemu_driver.c (qemudDomainRestore): A corrupt save file
	(in particular, a too-large header.xml_len value) would cause an
	unwarranted out-of-memory error.  Do not trust the just-read
	header.xml_len.  Instead, merely use that as a hint, and
	read/allocate up to that number of bytes from the file.
	Also verify that header.xml_len is positive; if it were negative,
	passing it to virFileReadLimFD could cause trouble.

	virFileReadLimFD: diagnose maxlen <= 0, rather than passing it on...
	to saferead_lim, which interprets it as a size_t.
	* src/util/util.c (virFileReadLimFD): Do not malfunction when
	maxlen < -1.  Return -1,EINVAL in that case.  Handle maxlen==0
	in the same manner.

	xen: don't let bogus packets trigger over-allocation and segfault
	* src/xen/proxy_internal.c (xenProxyDomainDumpXML): An invalid packet
	could include a too-large "ans.len" value, which would make us allocate
	too much memory and then copy data from beyond the end of "ans",
	possibly evoking a segfault.  Ensure that the value we use is no
	larger than the remaining portion of "ans".
	Also, change unnecessary memmove to memcpy (src and dest obviously
	do not overlap, so no need to use memmove).
	(xenProxyDomainGetOSType): Likewise.
	(xenProxyGetCapabilities): Likewise.

	qemuMonitorTextGetMemoryStats: decrease risk of false positive in parsing
	The code erroneously searched the entire "reply" for a comma, when
	its intent was to search only that portion after "balloon: actual="
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextGetMemoryStats):
	Search for "," only starting *after* the BALLOON_PREFIX string.
	Otherwise, we'd be more prone to false positives.

2010-03-06  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.7.7
	* configure.ac libvirt.spec.in: update with new version
	* docs/news.html.in: add list of changes in 0.7.7
	* po/*po*: updated spanish and russian localisations, rebuilt

2010-03-05  Daniel P. Berrange  <berrange@redhat.com>

	Fix USB passthrough based on product/vendor
	Changeset

	  commit 5073aa994af460e775cb3e548528e28d7660fcc8
	  Author: Cole Robinson <crobinso@redhat.com>
	  Date:   Mon Jan 11 11:40:46 2010 -0500

	Added support for product/vendor based passthrough, but it only
	worked at the security driver layer. The main guest XML config
	was not updated with the resolved bus/device ID. When the QEMU
	argv refactoring removed use of product/vendor, this then broke
	launching guests.

	THe solution is to move the product/vendor resolution up a layer
	into the QEMU driver. So the first thing QEMU does is resolve
	the product/vendor to a bus/device and updates the XML config
	with this info. The rest of the code, including security drivers
	and QEMU argv generated can now rely on bus/device always being
	set.

	* src/util/hostusb.c, src/util/hostusb.h: Split vendor/product
	  resolution code out of usbGetDevice and into usbFindDevice.
	  Add accessors for bus/device ID
	* src/security/virt-aa-helper.c, src/security/security_selinux.c,
	  src/qemu/qemu_security_dac.c: Remove vendor/product from the
	  usbGetDevice() calls
	* src/qemu/qemu_driver.c: Use usbFindDevice to resolve vendor/product
	  into a bus/device ID

	Convert QEMU driver all hotunplug code from pci_del to device_del
	The pci_del command is not being ported to QMP. Convert all the
	QEMU hotplug code over to use device_del whenever it is available
	to avoid the pci_del problem

	* src/qemu/qemu_driver.c: Convert unplug code to device_del

	Support hot-unplug for USB devices in QEMU
	Previously hot-unplug could not be supported for USB devices
	in QEMU, since usb_del required the guest visible address
	which libvirt never knows. With 'device_del' command we can
	now unplug based on device alias, so support that.

	* src/qemu/qemu_driver.c: Use device_del to remove USB devices

	Tweak container initialization to make upstart/init happier
	Upstart crashes & burns in a heap if $TERM environment variable
	is missing. Presumably the kernel always sets this when booting
	init on a real machine, so libvirt should set it for containers
	too.

	To make a typical inittab / mingetty setup happier, we need to
	symlink the primary console /dev/pts/0 to /dev/tty1.

	Improve logging in certain scenarios to make troubleshooting
	easier

	* src/lxc/lxc_container.c: Create /dev/tty1 and set $TERM

	Misc fixes for LXC cgroups setup
	When using the 'ns' cgroup controller, the moment a process calls
	'unshare(CLONE_NEWNS)', it will be given a private cgroup tree
	under its current location. This really messages up the LXC
	controller process, because it ends up creating the containers'
	cgroup in the wrong place. The fix is fairly easy, just move
	the cgroup setup before the code which calls unshare(). The
	'ns' controller will still create extra undesired cgroups, but
	they at least won't break libvirt's setup now.

	The patch also adds a missing cgroups allow rule for /dev/tty
	device node

	Avoid creating top level cgroups if just querying for existance
	When getting the driver/domain cgroup it is possible to specify
	whether it should be auto created. If auto-creation was turned
	off, libvirt still mistakenly created its own top level cgroup

	* src/util/cgroup.c: Honour autocreate flag for top level cgroup

2010-03-05  Stefan Berger  <stefanb@us.ibm.com>

	web docs -- macvtap mode explanation
	This adds more information about the different macvtap device modes,
	spells out VEPA and adds a link to a pdf at the ieee site.

2010-03-05  Laine Stump  <laine@laine.org>

	Change default for storage uid/gid from getuid()/getgid() to -1/-1
	This allows the config to have a setting that means "leave it alone",
	eg when building a pool where the directory already exists the user
	may want the current uid/gid of the directory left intact. This
	actually gets us back to older behavior - before recent changes to the
	pool building code, we weren't as insistent about honoring the uid/gid
	settings in the XML, and virt-manager was taking advantage of this
	behavior.

	As a side benefit, removing calls to getuid/getgid from the XML
	parsing functions also seems like a good idea. And having a default
	that is different from a common/useful value (0 == root) is a good
	thing in general, as it removes ambiguity from decisions (at least one
	place in the code was checking for (perms.uid == 0) to see if a
	special uid was requested).

	Note that this will only affect newly created pools and volumes. Due
	to the way that the XML is parsed, then formatted for newly created
	volumes, all existing pools/volumes already have an explicit uid and
	gid set.

	src/conf/storage_conf.c: Remove calls to setuid/setgid for default values
	                         of uid/gid, and set them to -1 instead

	src/storage/storage_backend.c:
	src/storage/storage_backend_fs.c:
	        Make account for the new default values of perms.uid
	        and perms.gid.

2010-03-05  Diego Elio Pettenò  <flameeyes@gmail.com>

	build: vbox: avoid build failure when linking with --no-add-needed
	With the recent changes to the linking defaults in Fedora 13 (namely
	enabling --no-add-needed behaviour by default), we have to pass the
	dlopen()-providing libraries directly at the link of the module; use the
	same AC_SEARCH_LIBS function as used before to look for it and add it to
	the Makefile.

	build: avoid dlopen-related link failure on rawhide/F13
	Instead of using AC_CHECK_LIB and hardcoding -ldl, search for the library
	needed to get dlopen() and then use the cached value.

2010-03-04  Daniel P. Berrange  <berrange@redhat.com>

	Support VCPU hotplug in QEMU guests
	QEMU has a monitor command 'set_cpu' which allows a specific
	CPU to be toggled between online& offline state. libvirt CPU
	hotplug does not work in terms of individual indexes CPUs.
	Thus to support this, we iteratively toggle the online state
	when the total number of vCPUs is adjusted via libvirt

	NB, currently untested since QEMU segvs when running this!

	* src/qemu/qemu_driver.c: Toggle online state for CPUs when
	  doing hotplug
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  monitor API for toggling a CPU's online status via 'set_cpu

	Fix parser checking of storage pool device
	The storage backend implementations all presume that the XML parser
	is validating correctness of the source specification. The check for
	a source device was lost at some point. This allowed for a potential
	crash in the disk backend. Re-introduce the sanity check

	* src/conf/storage_conf.c: Re-add check for source device

	Fix mis-leading error message in pool delete API
	When trying to delete a pool the error message claimed the volume
	could not be deleted.

	* src/storage/storage_driver.c: Error message referred to
	  volumes instead of pools

	Fix typo in QEMU migration command name
	The QMP code was running query-migration instead of query-migrate.
	This doesn't work so well

	* src/qemu/qemu_monitor_json.c: s/query-migration/query-migrate/

	Don't raise error message from cgroups if QEMU fails to start
	The code to remove the cgroup after QEMU failed to startup could
	be obscuring a real error from earlier on. It is not neccessary
	to raise an error in this case, so tell cgroups to keep quiet

	* src/qemu/qemu_driver.c: Don't raise cgroups error in QEMU start
	  cleanup code.

	Add missing device type check in QEMU PCI hotunplug
	The QEMU hotunplug code for PCI devices was looking at host
	devices in the guest config without first filtering non
	PCI devices. This means it was reading garbage

	* src/qemu/qemu_driver.c: Filter out non-PCI devices

2010-03-04  Chris Lalancette  <clalance@redhat.com>

	Add a define for NFS_SUPER_MAGIC
	Commit 3c12a67b766cce51b47861ccde2be41de369f832 added
	a dependency on the NFS_SUPER_MAGIC macro, which is
	defined in linux/magic.h.  Unfortunately linux/magic.h
	is not available in RHEL-5, and causes a compile error.
	Just define it locally, since this is something that
	can't change.

2010-03-04  Laine Stump  <laine@laine.org>

	Make domain save work on root-squash NFS
	Move *all* file operations related to creation and writing of libvirt
	header to the domain save file into a hook function that is called by
	virFileOperation. First try to call virFileOperation as root. If that
	fails with EACCESS, and (in the case of Linux) statfs says that we're
	trying to save the file on an NFS share, rerun virFileOperation,
	telling it to fork a child process and setuid to the qemu user. This
	is the only way we can successfully create a file on a root-squashed
	NFS server.

	This patch (along with setting dynamic_ownership=0 in qemu.conf)
	makes qemudDomainSave work on root-squashed NFS.

	* src/qemu/qemu_driver.c: provide new qemudDomainSaveFileOpHook()
	  utility, use it in qemudDomainSave() if normal creation of the
	  file as root failed, and after checking the filesystem type for
	  the storage is NFS. In that case we also bypass the security
	  driver, as this would fail on NFS.

2010-03-03  Laine Stump  <laine@laine.org>

	Fix domain restore for files on root-squash NFS
	If qemudDomainRestore fails to open the domain save file, create a
	pipe, then fork a process that does setuid(qemu_user) and opens the
	file, then reads this file and stuffs it into the pipe. the parent
	libvirtd process will use the other end of the pipe as its fd, then
	reap the child process after it's done reading.

	This makes domain restore work on a root-squash NFS share that is only
	visible to the qemu user.

	* src/qemu/qemu_driver.c: add new qemudOpenAsUID() helper function,
	  and use it in qemudDomainRestore() if reading as root directly failed.

2010-03-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix USB/PCI device address aliases in QEMU hotplug driver
	The USB/PCI device hotplug code for the QEMU driver was forgetting
	to allocate a unique device alias.

	* src/qemu/qemu_driver.c: Fill in device alias for USB/PCI devices

	Fix detection of errors in QEMU device_add command
	The code assumed that 'device_add' returned an empty string upon
	success. This is not true, it sometimes prints random debug info.
	THus we need to check for an explicit fail string

	* src/qemu/qemu_monitor_text.c: Fix error checking of the device_add
	  monitor command

2010-03-03  Eric Blake  <eblake@redhat.com>

	esx: don't ignore failure on close
	Another warning caught by coverity.  Continue to perform best-effort
	closing and resource release, but warn the caller about the failure.

	* src/esx/esx_driver.c (esxClose): Return an error on failure to close.

	uml: avoid crash on partial read
	Coverity detected a potential dereference of uninitialized memory
	if recvfrom got cut short.

	* src/uml/uml_driver.c (umlMonitorCommand): Validate complete read
	prior to dereferencing res.

	virsh: silence compiler warning
	gcc warns:
	virsh.c:1879: warning: '0' flag ignored with '-' flag in gnu_printf format

	* tools/virsh.c (cmdDomjobinfo): Delete useless flag.

2010-03-03  Jiri Denemark  <jdenemar@redhat.com>

	Fix safezero()
	Various safezero() implementations used either -1, errno or -errno
	return values. This patch fixes them all to return -1 and set errno
	appropriately.

	There was also a bug in size parameter passed to safewrite() which could
	result in an attempt to write gigabytes out of a megabyte buffer.

2010-03-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU domain state after a save attempt fails
	When a VM save attempt failed, the VM would be left in a paused
	state. It is neccessary to resume CPU execution upon failure
	if it was running originally

	* src/qemu/qemu_driver.c: Resume CPUs upon save failure

	Support job cancellation in QEMU driver
	This supports cancellation of jobs for the QEMU driver against
	the virDomainMigrate, virDomainSave and virDomainCoreDump APIs.
	It is not yet supported for the virDomainRestore API, although
	it is desirable.

	* src/qemu/qemu_driver.c: Issue 'migrate_cancel' command if
	  virDomainAbortJob is issued during a migration operation
	* tools/virsh.c: Add a domjobabort command

	Remote driver implementation for the virDomainAbortJob APi
	This defines the wire protocol for the new API

	* src/remote/remote_protocol.x: Wire protocol definition
	* src/remote/remote_driver.c,daemon/remote.c: Client and server
	  side implementation
	* daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h,
	  daemon/remote_dispatch_table.h, src/remote/remote_protocol.c,
	  src/remote/remote_protocol.h: Re-generate from remote_protocol.x

	Wire up internal entry points for virDomainAbortJob API
	This provides the internal glue for the driver API

	* src/driver.h: Internal API contract
	* src/libvirt.c, src/libvirt_public.syms: Connect public API
	  to driver API
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_driver.c, src/phyp/phyp_driver.c,
	  src/qemu/qemu_driver.c, src/remote/remote_driver.c,
	  src/test/test_driver.c src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/xen/xen_driver.c: Stub out entry points

	Introduce public API for cancelling async domain jobs
	The new virDomainAbortJob() method provides a way for a second
	thread to abort an ongoing job run by another thread. This
	extends to any API with  which the virDomainGetJobInfo() API
	is intended to work. Cancellation is not guarenteed, rather best
	effort on part of the hypervisor and not required to be implmented.

	* include/libvirt/libvirt.h.in: Define virDomainAbortJob()

	Add QEMU driver support for job info on migration ops
	Introduce support for  virDomainGetJobInfo in the QEMU driver. This
	allows for monitoring of any API that uses the 'info migrate' monitor
	command. ie virDomainMigrate, virDomainSave and virDomainCoreDump

	Unfortunately QEMU does not provide a way to monitor incoming migration
	so we can't wire up virDomainRestore yet.

	The virsh tool gets a new command 'domjobinfo' to query status

	* src/qemu/qemu_driver.c: Record virDomainJobInfo and start time
	  in qemuDomainObjPrivatePtr objects. Add generic shared handler
	  for calling 'info migrate' with all migration based APIs.
	* src/qemu/qemu_monitor_text.c: Fix parsing of 'info migration' reply
	* tools/virsh.c: add new 'domjobinfo' command to query progress

	Remote driver implmentation of job info API
	* src/remote/remote_protocol.x: Define wire protocol format
	  for virDomainGetJobInfo API
	* src/remote/remote_driver.c, daemon/remote.c: Implement client
	  and server marshalling code for virDomainGetJobInfo()
	* daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h
	  daemon/remote_dispatch_ret.h, daemon/remote_dispatch_table.h,
	  src/remote/remote_protocol.c, src/remote/remote_protocol.h: Rebuild
	  files from src/remote/remote_protocol.x

	Stub out internal driver entry points for job processing
	The internal glue layer for the new pubic API

	* src/driver.h: Define internal driver API contract
	* src/libvirt.c, src/libvirt_public.syms: Wire up public
	  API to internal driver API
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_driver.c, src/phyp/phyp_driver.c,
	  src/qemu/qemu_driver.c, src/remote/remote_driver.c,
	  src/test/test_driver.c, src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/xen/xen_driver.c: Stub new entry point

	Introduce public API for domain async job handling
	Introduce a new public API that provides a way to get progress
	info on currently running jobs on a virDomainpPtr. APIs that
	are initially within scope of this idea are

	 virDomainMigrate
	 virDomainMigrateToURI
	 virDomainSave
	 virDomainRestore
	 virDomainCoreDump

	These all take a potentially long time and benefit from monitoring.
	The virDomainJobInfo struct allows for various pieces of information
	to be reported

	 - Percentage completion
	 - Time
	 - Overall data
	 - Guest memory data
	 - Guest disk/file data

	* include/libvirt/libvirt.h.in: Add virDomainGetJobInfo
	* python/generator.py, python/libvirt-override-api.xml,
	  python/libvirt-override.c: Override for virDomainGetJobInfo API
	* python/typewrappers.c, python/typewrappers.h: Introduce wrapper
	  for unsigned long long type

2010-03-02  Eric Blake  <eblake@redhat.com>

	build: silence coverity warning in node_device
	All other uses of get_str_prop in this file that ignored
	failure explicitly cast to void.

	* src/node_device/node_device_hal.c (dev_create): Silence coverity
	warning.

2010-03-02  Rolf Eike Beer  <eike@sf-mail.de>

	Fix error messages when parsing USB devices in QEMU
	A number of the error messages raised when parsing USB devices
	refered to PCI devices by mistake

	* src/qemu/qemu_conf.c: s/PCI/USB/ in qemuParseCommandLineUSB()

	Fix USB hotplug device string in QEMU driver
	The USB hotplug method was mistakenly generating a PCI address
	string

	* src/qemu/qemu_driver.c: Fix USB hotplug device string

2010-03-02  Wolfgang Mauerer  <wolfgang.mauerer@siemens.com>

	Use device_del to remove SCSI controllers
	when the underlying qemu supports the drive/device model and the
	controller has been added this way.
	* src/qemu/qemu_driver.c: use qemuMonitorDelDevice() when detaching
	  PCI controller and if supported
	* src/qemu/qemu_monitor.[ch]: add new qemuMonitorDelDevice() function
	* src/qemu/qemu_monitor_json.[ch]: JSON backend for DelDevice command
	* src/qemu/qemu_monitor_text.[ch]: Text backend for DelDevice command

	Fix PCI address handling when controllers are deleted
	* src/qemu/qemu_driver.c: in qemudDomainDetachPciControllerDevice()
	  when a controller is not present in the system anymore, the PCI
	  address must be deleted from libvirt's hashtable because it can
	  be re-used for other purposes.

	Fix data structure handling when controllers are attached
	* src/qemu/qemu_driver.c: in qemudDomainAttachDevice(), one must not
	  delete the data part when the operation succeeds because it is
	  required later on. The correct pattern to handlethe parsed
	  representation of the device information on success
	  is dev->data.controller = NULL; virDomainDeviceDefFree(dev);,
	  which leaves the structure pointed at by data in memory.

	Tiny spelling fix

2010-03-02  Eric Blake  <eblake@redhat.com>

	libvirtd: avoid false-positive NULL-deref warning from clang
	* daemon/libvirtd.c (qemudWorker): Rewrite loop to silence a
	warning.

2010-03-02  Jim Meyering  <meyering@redhat.com>

	x86Decode: avoid NULL-dereference upon questionable input
	* src/cpu/cpu_x86.c (x86Decode): Don't dereference NULL when passed
	a NULL "models" pointer, or when passed a nonzero "nmodels" value
	and a corresponding NULL models[i].

	phypUUIDTable_Push: do not corrupt output stream upon partial write
	* src/phyp/phyp_driver.c (phypUUIDTable_Push): Move incr/decr
	of ptr/nread into the loop where those variables are used.
	Also, remove "exit" label and just-preceding "goto".

	openvzDomainDefineCmd: remove useless increment
	* src/openvz/openvz_driver.c (openvzDomainDefineCmd): Remove
	useless increment of "max_veid".

	maint: disallow TAB-in-indentation also in *.rng files
	* cfg.mk (sc_TAB_in_indentation): Also check .rng files.

	maint: convert leading TABs in *.rng files to equivalent spaces
	* docs/schemas/capability.rng: Likewise.
	* docs/schemas/network.rng: Likewise.
	* docs/schemas/nodedev.rng: Likewise.
	* docs/schemas/storagepool.rng: Likewise.
	* docs/schemas/storagevol.rng: Likewise.
	Use these commands:
	t=$'\t'
	git ls-files | grep '\.rng$' | xargs grep -lE "^ *$t" \
	  | xargs perl -MText::Tabs -ni -le \
	    '$m=/^( *\t[ \t]*)(.*)/; print $m ? expand($1) . $2 : $_'

2010-03-02  Daniel P. Berrange  <berrange@redhat.com>

	Expand docs about clock modes
	* formatdomain.html.in: Document new clock options

	Allow configurable timezones with QEMU
	Allow an arbitrary timezone with QEMU by setting the $TZ environment
	variable when launching QEMU

	* src/qemu/qemu_conf.c: Set TZ environment variable if a timezone
	  is requested
	* tests/qemuxml2argvtest.c: Add test case for timezones
	* tests/qemuxml2argvdata/qemuxml2argv-clock-france.xml,
	  tests/qemuxml2argvdata/qemuxml2argv-clock-france.args: Data
	  for timezone tests

	Allow a timezone to be specified instead of sync to host timezone
	This extends the XML to allow for

	  <clock offset='timezone' timezone='Europe/Paris'/>

	This is useful if the admin has not configured any timezone on the
	host OS, but still wants to synchronize a guest to a specific one.

	* src/conf/domain_conf.h, src/conf/domain_conf.c: Support extra
	  'timezone' attribute on clock configuration
	* docs/schemas/domain.rng: Add 'timezone' attribute
	* src/xen/xend_internal.c, src/xen/xm_internal.c: Reject configs
	  with a configurable timezone

	Support variable clock offset mode in QEMU
	This allows QEMU guests to be started with an arbitrary clock
	offset

	The test case can't actually be enabled, since QEMU argv expects
	an absolute timestring, and this will obviously change every
	time the test runs :-( Hopefully QEMU will allow a relative
	time offset in the future.

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Use the -rtc arg
	  if available to support variable clock offset mode
	* tests/qemuhelptest.c: Add QEMUD_CMD_FLAG_RTC for qemu 0.12.1
	* qemuxml2argvdata/qemuxml2argv-clock-variable.args,
	  qemuxml2argvdata/qemuxml2argv-clock-variable.xml,
	  qemuxml2argvtest.c: Test case, except we can't actually enable
	  it yet.

	Add new clock mode allowing variable adjustments
	This introduces a third option for clock offset synchronization,
	that allows an arbitrary / variable adjustment to be set. In
	essence the XML contains the time delta in seconds, relative to
	UTC.

	  <clock offset='variable' adjustment='123465'/>

	The difference from 'utc' mode, is that management apps should
	track adjustments and preserve them at next reboot.

	* docs/schemas/domain.rng: Schema for new clock mode
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Parse
	  new clock time delta
	* src/libvirt_private.syms, src/util/xml.c, src/util/xml.h: Add
	  virXPathLongLong() method

	Change the internal domain conf representation of localtime/utc
	The XML will soon be extended to allow more than just a simple
	localtime/utc boolean flag. This change replaces the plain
	'int localtime' with a separate struct to prepare for future
	extension

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Add a new
	  virDomainClockDef structure
	* src/libvirt_private.syms: Export virDomainClockOffsetTypeToString
	  and virDomainClockOffsetTypeFromString
	* src/qemu/qemu_conf.c, src/vbox/vbox_tmpl.c, src/xen/xend_internal.c,
	  src/xen/xm_internal.c: Updated to use new structure for localtime

2010-03-01  Jim Meyering  <meyering@redhat.com>

	udevEnumerateDevices: remove dead code
	* src/node_device/node_device_udev.c (udevEnumerateDevices): Remove
	unnecessary call to udev_list_entry_get_name.

	qemudNetworkIfaceConnect: remove dead store
	* src/qemu/qemu_conf.c (qemudNetworkIfaceConnect): Remove extraneous
	virSaveLastError call, whose result was unused.

	cmdPoolDiscoverSources: initialize earlier to avoid FP from clang
	* tools/virsh.c (cmdPoolDiscoverSources): Always initialize srcSpec.
	Otherwise, clang would report that srcSpec could be used uninitialized
	in the call to virConnectFindStoragePoolSources.

2010-03-01  Eric Blake  <eblake@redhat.com>

	qemu: avoid null dereference on failed migration
	* src/qemu/qemu_monitor_text.c: qemuMonitorTextGetMigrationStatus: Check for
	  failed strchr, to silence a coverity warning.

2010-03-01  Stefan Berger  <stefanb@us.ibm.com>

	Free the macvtap mode string
	* src/conf/domain_conf.c: forgot to free the attribute value in
	  virDomainNetDefParseXML()

2010-03-01  Daniel Veillard  <veillard@redhat.com>

	Update of indian, spanish and russian translations
	and regeneration of the po/pot files

2010-02-26  David Allan  <dallan@redhat.com>

	Revert fs pool formatting
	* We are reverting this patch pending a discussion of the right way to implement.

2010-02-27  Jim Meyering  <meyering@redhat.com>

	build: update gnulib submodule to latest
	* .gnulib: Update to latest.
	Commit 89bdf84bcd9c6032e37 inadvertently rewound the .gnulib
	submodule by 51 commits.  This corrects it.
	Spotted by Eric Blake.

	build: avoid warning about return-with-value in void function
	* tools/virsh.c: Just "return;", not "return NULL;".

	libvirtd: do not ignore failure to set group ID in privileged mode
	* daemon/libvirtd.c (qemudListenUnix): Diagnose and fail upon
	failure to set or restore group-ID.

2010-02-26  Chris Lalancette  <clalance@redhat.com>

	Only build virDomainObjFormat if not building proxy.
	While building under RHEL-5, I got a compile warning because
	virDomainObjFormat was defined but not used.  That came about
	because in RHEL-5 we build with "#define PROXY", and
	virDomainObjFormat is only used with !PROXY.  Move the
	define.

2010-02-26  Jim Meyering  <meyering@redhat.com>

	openvzGetVEID: don't leak (memory + file descriptor)
	* src/openvz/openvz_conf.c (openvzGetVEID): Always call fclose.
	Diagnose parse failure also when vzlist output is empty.
	If somehow we read a -1, diagnose that (albeit as a parse failure).

2010-02-26  Cole Robinson  <crobinso@redhat.com>

	Use standard spacing for user/pass prompt
	Kind of minor, but it annoys me that the default auth callback
	doesn't put a space between the prompt and the input, like a typical
	terminal, ssh, etc. This patch changes the current prompt:

	Please enter your authentication name:myuser

	to

	Please enter your authentication name: myuser

	libvirtd: Better initscript error reporting
	From time to time I bork my install, and hate it when the initscript
	returns no info. This patch removes the sanity check, which lets
	the shell give us 'command not found' or 'permission denied' errors.

	qemu: Report binary path if error parsing -help

	remote: Improve daemon startup error reporting
	If I toggle enable_tcp in libvirtd.conf and add --listen in
	/etc/init.d/libvirtd, I get the unhelpful error:

	Starting libvirtd daemon: error: Unable to initialize network sockets.

	Running without --daemon provides much more useful info:

	sudo libvirtd --listen
	11:29:26.117: error : remoteCheckCertFile:270 : Cannot access CA certificate '/etc/pki/CA/cacert.pem': No such file or directory

	The daemon architecture makes it difficult to report this useful
	info if daemonized, so point users to /var/log/messages and
	dropping the --daemon flag if they want more info.

	virsh: Show errors reported by nonAPI functions
	Only API calls trigger the error callback, which is required for
	proper virsh error reporting. Since we use non API functions from
	util/, make sure we properly report these errors.

	Fixes lack of error message from 'virsh create idontexit.xml'

	remote: Improve error message when libvirtd isn't running
	While this could lead people in the wrong direction, people most commonly
	hit this error when libvirtd isn't running, so let's mention a possible
	fix.

2010-02-25  Jim Meyering  <meyering@redhat.com>

	build: avoid warning about unused variables
	* tools/virsh.c (cmdCPUBaseline): Remove declarations of unused
	variables, p and cur.

	build: avoid "make rpm" failure in docs/
	Add missing rule to build html/libvirt-libvirt.html.
	Use a GNU Make pattern rule to avoid running apibuild.py once
	for each out-of-date target, in a parallel build.
	* docs/Makefile.am

	build: teach apibuild.py to work in a non-srcdir build
	* docs/Makefile.am (libvirt-api.xml libvirt-refs.xml): Generalize
	apibuild.py to work in a non-srcdir build.  Pass "srcdir" to it.
	* docs/apibuild.py (rebuild): Honor the $srcdir envvar.

	build: avoid non-srcdir "make distcheck" failures (CLEANFILES)
	* docs/Makefile.am (MAINTAINERCLEANFILES): Use this variable
	for generated-and-distributed files, not "CLEANFILES".
	Besides, "make clean" and "make distclean" should not delete
	distributed files.

	build: make git submodule checking more reliable
	* cfg.mk (_curr_status): Accommodate leading "+" or "-" in the output
	of git submodule status.
	* autogen.sh: Likewise.

	build: avoid non-srcdir "make distcheck" failures (srcdir vs wildcard)
	* tests/xencapsdata/Makefile.am: Use $(wildcard in $(srcdir)-aware manner
	* tests/xmconfigdata/Makefile.am: Likewise.
	* tests/xml2sexprdata/Makefile.am: Likewise.
	* tests/sexpr2xmldata/Makefile.am (EXTRA_DIST): Likewise.
	* Makefile.am (XML_EXAMPLES): Use $(wildcard in $(srcdir)-aware manner.

	build: avoid non-srcdir "make distcheck" failure (test_conf.sh)
	* tests/confdata/Makefile.am (EXTRA_DIST): Apply $(wildcard... to
	$(srcdir)/..., and then remove the prefix.

	build: avoid non-srcdir installation failure (sitemap.html.in)
	* docs/Makefile.am (EXTRA_DIST): Add sitemap.html.in.

	build: avoid non-srcdir installation failure (apibuild.py)
	* docs/Makefile.am (libvirt-api.xml): Insert missing "$(srcdir)/".
	Also, remove unnecessary sub-shell.

	build: fix typos in makefile variable names
	* configure.ac: Fix typos:
	s/DRIVER_MODULES_CFLAGS/DRIVER_MODULE_CFLAGS/
	s/DRIVER_MODULES_LIBS/DRIVER_MODULE_LIBS/

	build: ensure that MKINSTALLDIRS is AC_SUBST-defined
	since we're using gettext-0.14.1, which uses that now-obsolete
	automake symbol.  Otherwise, make distcheck would fails like this:

	    make[2]: Entering directory `/t/libvirt-0.7.6/_build/po'
	    /bin/sh @MKINSTALLDIRS@ /t/libvirt-0.7.6/_inst/share
	    /bin/sh: @MKINSTALLDIRS@: No such file or directory
	    make[2]: *** [install-data-yes] Error 127

	* configure.ac (MKINSTALLDIRS): Define.
	For reference, we're currently hamstrung by our desire
	to support RHEL5, which still uses gettext-0.14:
	http://bugzilla.redhat.com/523713

2010-02-25  Eric Blake  <eblake@redhat.com>

	maint: relax git minimum version
	Requiring git 1.6.4, just for the optional GNULIB_SRCDIR support,
	was too harsh.  Resynchronize from gnulib.

	* .gnulib: Import from latest gnulib.
	* bootstrap: Re-synchronize from .gnulib/build-aux.
	* bootstrap.conf: Drop git to 1.5.5.
	* README-hacking: Document use of GNULIB_SRCDIR.

2010-02-25  Richard Jones  <rjones@redhat.com>

	Ignore SIGWINCH in remote client call to poll(2) (RHBZ#567931).
	In bug 567931 we found that virt-top would exit occasionally
	when the terminal window was resized.  Tracking this down it
	turned out that SIGWINCH was being delivered to the process at
	exactly the point where the libvirt remote driver was calling
	poll(2) waiting for a reply from libvirtd.

	This caused the poll(2) call to be interrupted (returning errno
	EINTR).  However handling EINTR the same way as EAGAIN was not
	the solution to this problem since we found previously that this
	would break Ctrl-C handling (commit 47fec8eac2bb3).

	The correct solution is to mask out SIGWINCH for the duration
	of the poll(2) system call.  The per-thread mask is changed and
	restored immediately after the call.  Since we are using
	pthread_sigmask, this should not affect other threads, and
	since we restore the signal mask immediately afterwards it should
	not affect the current thread visibly either.  Other possibly
	problematic signals are SIGCHLD and SIGPIPE and these are
	masked too.

	Note use of ignore_value: It's not fatal if we cannot mask out
	SIGWINCH, and in any case pthread_sigmask never fails on Linux
	as long as you supply the correct arguments.

	I tested this patch and it cures the original problem with
	virt-top.

2010-02-24  Stefan Berger  <stefanb@us.ibm.com>

	Add descriptions for macvtap direct type interfaces
	This adds a description about the 'direct' type of interface recently
	added for macvtap device type support on the host.

2010-02-24  Dave Allan  <dallan@redhat.com>

	Format FS pools on creation
	Create the filesystem on the partition used by the pool
	* configure.ac: check for mkfs availability
	* libvirt.spec.in: add extra require on util-linux for mkfs
	* src/storage/storage_backend_fs.c: run mkfs with the expected
	  fs type when creating a filesystem pool

2010-02-24  Eric Blake  <eblake@redhat.com>

	maint: sort .gitignore
	Fallout from the new bootstrap.

	* .gitignore: Commit sorting done by bootstrap.
	* build-aux/.gitignore: Likewise.
	* po/.gitignore: Likewise.

	maint: import modern bootstrap
	Copy the latest gnulib bootstrap, which runs autoreconf and
	generates po/Makevars for us.  Other improvements include some
	improved prerequisite tool checking.

	This also fixes a bug in the .pot files, regarding the copyright holder.

	* bootstrap: Update to version in .gnulib/build-aux.
	* bootstrap.conf (MSGID_BUGS_ADDRESS, COPYRIGHT_HOLDER, SKIP_PO)
	(gnulib_mk, ACLOCAL, bootstrap_epilogue): Provide overrides.
	* autogen.sh (autoreconf): Avoid redundant autoreconf if bootstrap
	was run.
	* po/Makevars: Delete, now that bootstrap creates it.
	* po/.gitignore: Update.

	maint: start factoring bootstrap
	Borrow ideas from gnulib/build-aux/bootstrap, in order to factor the
	specifics of libvirt into bootstrap.conf, while allowing future
	upgrades of bootstrap to happen with less effort.

	* bootstrap (gnulib_tool): Update invocation to be closer to
	gnulib's version.  Move libvirt specifics...
	* bootstrap.conf: ...into new file.

	maint: fix quoting in autogen.sh
	* autogen.sh (srcdir, THEDIR, OBJ_DIR): Use proper quoting.
	(.git-module-status): Abort if bootstrap fails.

2010-02-24  Jim Meyering  <meyering@redhat.com>

	build: update gnulib submodule to latest
	* cfg.mk (local-checks-to-skip): Disable sc_prohibit_hash_without_use
	for now, since it fails with a false-positive match.

	virFork: placate static analyzers: ignore pthread_sigmask return value
	* src/util/util.c: Include "ignore-value.h".
	(virFork): We really do want to ignore pthread_sigmask failure.

2010-02-23  Cole Robinson  <crobinso@redhat.com>

	docs: Fix syntax warnings from recent changes.

	docs: network: Document <domain> element

	docs: network: Document STP and delay attributes

	docs: domain: Document <description> element

	docs: storage: Document multipath pools

	docs: storage: Document SCSI pools

	docs: storage: Fix backingStore <format> docs

	docs: storage: <volume><key> is always generated.

	docs: storage: Document capacity/alloc 'unit'

	storage: conf: Correctly calculate exabyte unit
	We were using 'Y' to mean exabyte, when the correct abbreviation would be
	'E' ('Y' is yettabyte, which is exabyte * 1024 * 1024). While it isn't
	strictly backwards compatible, I highly doubt anyone was actually using
	this broken behavior, so I don't see any harm in in dropping 'Y' handling.

2010-02-23  Jiri Denemark  <jdenemar@redhat.com>

	virsh.c: avoid all leaks in OOM path in cmdCPUBaseline

2010-02-22  Jiri Denemark  <jdenemar@redhat.com>

	Create raw storage files with O_DSYNC (again)
	Recently we introduced O_DSYNC flag when creating raw storage files to
	avoid filling all disk cache with dirty pages. However, the patch got
	lost when virStorageBackendCreateRaw was reworked using
	virFileOperation. Let's use O_DSYNC again.

2010-02-21  David Allan  <dallan@redhat.com>

	Fixed reference count in virsh pool-build command
	* tools/virsh.c: call virStoragePoolFree() in the main path too

2010-02-21  Dan Kenigsberg  <danken@redhat.com>

	docs: add 3 missing spaces

2010-02-20  David Allan  <dallan@redhat.com>

	Fix daemon-conf invalid failures
	The daemon-conf test would fail on my system if there was a system libvirtd
	running.  In the course of troubleshooting that problem, I discovered that the
	daemon-conf script would always fail if run by itself because it found the line:

	\# that each "PARAMETER = VALUE" line in this file have the parameter

	which it mistook for a line containing a parameter.  I have changed the test to
	avoid mistaking a line containing \"PARAMETER = VALUE\" for a parameter line.

	The corrupted config tests turned out to be failing because the test daemon was
	discovering the pid file from the running daemon and exiting before it processed
	the test config file.  Specifying the pid file for the corrupt config tests in
	the same way as for the valid config test solved that problem.

2010-02-20  Jim Meyering  <meyering@redhat.com>

	virsh.c: avoid leak on OOM error path
	* tools/virsh.c (cmdCPUBaseline): Also free "buffer" and "list" upon OOM.

	virBufferVSprintf: do not omit va_end(argptr) call
	* src/util/buf.c (virBufferVSprintf): Do not omit va_end(argptr).
	Improved-by: Daniel Veillard.

	xend_internal.c: don't dereference NULL for unexpected input
	* src/xen/xend_internal.c (xenDaemonDomainSetAutostart): Avoid a NULL
	dereference upon non-SEXPR_VALUE'd on_xend_start.  This bug was
	introduced by commit 37ce5600c0bb1aed9e2f2888922388de4340ebd3.

2010-02-20  Laine Stump  <laine@laine.org>

	Use virFileOperation hook function in virStorageBackendFileSystemVolBuild
	There were a few operations on the storage volume file that were still
	being done as root, which will fail if the file is on a root-squashed
	NFS share. The result was that attempts to create a storage volume of
	type "raw" on a root-squashed NFS share would fail.

	This patch uses the newly introduced "hook" function in
	virFileOperation to execute all those file operations in the child
	process that's run under the uid that owns the file (and, presumably,
	has permission to write to the NFS share)

	* src/storage/storage_backend.c: use virFileOperation() in
	  virStorageBackendCreateRaw, turning virStorageBackendCreateRaw()
	  into a new createRawFileOpHook() hook

	Rename virFileCreate to virFileOperation, add hook function
	It turns out it is also useful to be able to perform other operations
	on a file created while running as a different uid (eg, write things
	to that file), and possibly to do this to a file that already
	exists. This patch adds an optional hook function to the renamed (for
	more accuracy of purpose) virFileOperation; the hook will be called
	after the file has been opened (possibly created) and gid/mode
	checked/set, before closing it.

	As with the other operations on the file, if the VIR_FILE_OP_AS_UID
	flag is set, this hook function will be called in the context of a
	child process forked from the process that called virFileOperation.
	The implication here is that, while all data in memory is available to
	this hook function, any modification to that data will not be seen by
	the caller - the only indication in memory of what happened in the
	hook will be the return value (which the hook should set to 0 on
	success, or one of the standard errno values on failure).

	Another piece of making the function more flexible was to add an
	"openflags" argument. This arg should contain exactly the flags to be
	passed to open(2), eg O_RDWR | O_EXCL, etc.

	In the process of adding the hook to virFileOperation, I also realized
	that the bits to fix up file owner/group/mode settings after creation
	were being done in the parent process, which could fail, so I moved
	them to the child process where they should be.

	* src/util/util.[ch]: rename and rework virFileCreate-->virFileOperation,
	  and redo flags in virDirCreate
	* storage/storage_backend.c, storage/storage_backend_fs.c: update the
	  calls to virFileOperation/virDirCreate to reflect changes in the API,
	  but don't yet take advantage of the hook.

2010-02-19  Dustin Xiong  <x_k_123@hotmail.com>

	qemu: Check for IA64 kvm
	ACPI feature bit dropped: I asked internally if the -no-acpi option
	had any meaning for IA64, and was told 'probably not'.

2010-02-19  Cole Robinson  <crobinso@redhat.com>

	remote: Print ssh stderr on connection failure

2010-02-19  Yuji NISHIDA  <nishidy@nict.go.jp>

	fix multiple veth problem for OpenVZ
	Fix multiple veth problem.
	NETIF setting was overwritten after first CT because any CT could not be
	found by name.
	* src/openvz/openvz_conf.c src/openvz/openvz_conf.h: add the
	  openvzGetVEID lookup function
	* src/openvz/openvz_driver.c: use it in openvzDomainSetNetwork()

2010-02-19  Chris Lalancette  <clalance@redhat.com>

	Better error reporting for failed migration
	If the hostname as returned by "gethostname" resolves
	to "localhost" (as it does with the broken Fedora-12
	installer), then live migration will fail because the
	source will try to migrate to itself.  Detect this
	situation up-front and abort the live migration before
	we do any real work.

	* src/util/util.h src/util/util.c: add a new virGetHostnameLocalhost
	  with an optional localhost check, and rewire virGetHostname() to use
	  it
	* src/libvirt_private.syms: expose the new function
	* src/qemu/qemu_driver.c: use it in qemudDomainMigratePrepare2()

	Make virDomainObjFormat static
	* src/conf/domain_conf.c: make function static
	* src/conf/domain_conf.h: remove it from header

	Make an error message in PCI util code clearer
	* src/util/pci.c: update 2 message on pciRead errors

2010-02-19  Stefan Berger  <stefanb@us.ibm.com>

	macvtap mac_filter support
	This patch adds the mac_filter support to the macvtap device.

2010-02-19  Jim Meyering  <meyering@redhat.com>

	virsh: be careful to return "FALSE" upon OOM
	* tools/virsh.c (cmdCPUBaseline): Add an explicit "return" statement
	after the "no_memory:" label.

	virBufferStrcat: do not skip va_end
	* src/util/buf.c (virBufferStrcat): Do not skip va_end due to
	an early return.

	qparams.c: do not skip va_end, twice
	* src/util/qparams.c (new_qparam_set, append_qparams): Do not skip
	va_end due to an early return.

	xenDaemonDomainSetAutostart: avoid appearance of impropriety
	* src/xen/xend_internal.c (xenDaemonDomainSetAutostart): Rewrite to
	avoid dereferencing the result of sexpr_lookup.  While in this
	particular case, it was guaranteed never to be NULL, due to the
	preceding "if sexpr_node(...)" guard, it's cleaner to skip the
	sexpr_node call altogether, and also saves a lookup.

2010-02-19  Stefan Berger  <stefanb@us.ibm.com>

	macvtap IFF_VNET_HDR configuration
	This patch sets or unsets the IFF_VNET_HDR flag depending on what device
	is used in the VM. The manipulation of the flag is done in the open
	function and is only fatal if the IFF_VNET_HDR flag could not be cleared
	although it has to be (or if an ioctl generally fails). In that case the
	macvtap tap is closed again and the macvtap interface torn.

	* src/qemu/qemu_conf.c src/qemu/qemu_conf.h: pass qemuCmdFlags to
	  qemudPhysIfaceConnect()
	* src/util/macvtap.c src/util/macvtap.h: add vnet_hdr boolean to
	  openMacvtapTap(), and private function configMacvtapTap()
	* src/qemu/qemu_driver.c: add extra qemuCmdFlags when calling
	  qemudPhysIfaceConnect()

2010-02-19  Laine Stump  <laine@laine.org>

	Use virFork() in __virExec(), virFileCreate() and virDirCreate()
	For __virExec() this is a semantic NOP except for when fork()
	fails. __virExec() would previously forget to restore the signal mask
	in this case; virFork() corrects this behavior.

	virFileCreate() and virDirCreate() gain the code to reset the logging
	and properly deal with the signal handling race condition.

	This also removes a log message that had a typo ("cannot fork o create
	file '%s'") - this error is now logged in a more generic manner in
	virFork() (more generic, but really just as informative, since the
	fact that it's forking to create a file is immaterial to the fact that
	it simply can't fork)

	* src/util/util.c: use the generic virFork() in the 3 functions

	Add virFork() function to utils
	virFork() contains bookkeeping that must be done any time a process
	forks. Currently this includes:

	1) Call virLogLock() prior to fork() and virLogUnlock() just after,
	   to avoid a deadlock if some other thread happens to hold that lock
	   during the fork.

	2) Reset the logging hooks and send all child process log messages to
	   stderr.

	3) Block all signals prior to fork(), then either a) reset the signal
	   mask for the parent process, or b) clear the signal mask for the
	   child process.

	Note that the signal mask handling in __virExec erroneously fails to
	restore the signal mask when fork() fails. virFork() fixes this
	problem.

	Other than this, it attempts to behave as closely to fork() as
	possible (including preserving errno for the caller), with a couple
	exceptions:

	1) The return value is 0 (success) or -1 (failure), while the pid is
	   returned via the pid_t* argument. Like fork(), if pid < 0 there is
	   no child process, otherwise both the child and the parent will
	   return to the caller, and both should look at the return value,
	   which will indicate if some of the extra processing outlined above
	   encountered an error.

	2) If virFork() returns with pid < 0 or with a return value < 0
	   indicating an error condition, the error has already been
	   reported. You can log an additional message if you like, but it
	   isn't necessary, and may be awkwardly extraneous.

	Note that virFork()'s child process will *never* call _exit() - if a
	child process is created, it will return to the caller.

	* util.c util.h: add virFork() function, based on what is currently
	                 done in __virExec().

2010-02-19  Matthew Booth  <mbooth@redhat.com>

	Add QEMU support for virtio channel
	Support virtio-serial controller and virtio channel in QEMU backend.
	Will output
	the following for virtio-serial controller:

	-device
	virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x4,max_ports=16,vectors=4

	and the following for a virtio channel:

	-chardev pty,id=channel0 \
	-device
	virtserialport,bus=virtio-serial0.0,chardev=channel0,name=org.linux-kvm.port.0

	* src/qemu/qemu_conf.c: Add argument output for virtio
	* tests/qemuxml2argvtest.c
	  tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.args: Add test for
	  QEMU command line generation

	Add domain support for virtio channel
	Add support for virtio-serial by defining a new 'virtio' channel target type
	and a virtio-serial controller. Allows the following to be specified in a
	domain:

	<controller type='virtio-serial' index='0' ports='16' vectors='4'/>
	<channel type='pty'>
	  <target type='virtio' name='org.linux-kvm.port.0'/>
	  <address type='virtio-serial' controller='0' bus='0'/>
	</channel>

	* docs/schemas/domain.rng: Add virtio-serial controller and virtio
	  channel type.
	* src/conf/domain_conf.[ch]: Domain parsing/serialization for
	  virtio-serial controller and virtio channel.
	* tests/qemuxml2xmltest.c
	  tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.xml: add domain xml
	  parsing test
	* src/libvirt_private.syms src/qemu/qemu_conf.c:
	  virDomainDefAddDiskControllers() renamed to
	  virDomainDefAddImplicitControllers()

2010-02-18  Matthew Booth  <mbooth@redhat.com>

	Remove unused functions from domain_conf
	Remove virDomainDevicePCIAddressEqual and virDomainDeviceDriveAddressEqual,
	which are defined but not used anywhere.

	* src/conf/domain_conf.[ch] src/libvirt_private.syms: Remove
	  virDomainDevicePCIAddressEqual and virDomainDeviceDriveAddressEqual.

	Fix typo in comment
	* src/qemu/qemu_driver.c: qemudStartVMDaemon() fix typo in comment

2010-02-18  Jim Meyering  <meyering@redhat.com>

	get_virtual_functions_linux: would mistakenly always return zero
	* src/node_device/node_device_linux_sysfs.c(get_virtual_functions_linux):
	Return "ret", rather than always returning 0.

2010-02-18  Cole Robinson  <crobinso@redhat.com>

	qemu: Explicitly error if guest virtual network is inactive
	Currently we just error with ex. 'virbr0: No such device'.

	Since we are using public API calls here, we need to ensure that any
	raised error is properly saved and restored, since API entry points
	always reset messages.

	network: bridge: Fix IsActive, IsPersistent
	We were accessing the wrong private data structure, which would
	cause a segfault.

	virterror: Make SetError work if no previous error was set
	virGetLastError returns NULL if no error has been set, not on
	allocation error like virSetError assumed. Use virLastErrorObject
	instead. This fixes virSetError when no error is currently stored.

	libvirt: Update docs for hotplug only commands
	The commands updated are SetMem, SetMaxMem, SetVcpus, and PinVcpu.

2010-02-18  Stefan Berger  <stefanb@us.ibm.com>

	macvtap teardown rework
	Rework and simplification of teardown of the macvtap device.

	Basically all devices with the same MAC address and link device are kept
	alive and not attempted to be torn down. If a macvtap device linked to a
	physical interface with a certain MAC address 'M' is to be created it
	will automatically fail if the interface is 'up'ed and another macvtap
	with the same properties (MAC addr 'M', link dev) happens to be 'up'.
	This will prevent the VM from starting or the device from being attached
	to a running VM. Stale interfaces are assumed to be there for some
	reason and not stem from libvirt.

	In the VM shutdown path, it's assuming that an interface name is always
	available so that if the device type is DIRECT it can be torn down
	using its name.

	* src/util/macvtap.h src/libvirt_macvtap.syms: change of deleting routine
	* src/util/macvtap.c: cleanups and change of deleting routine
	* src/qemu/qemu_driver.c: change cleanup on shutdown
	* src/qemu/qemu_conf.c: don't delete Macvtap in qemudPhysIfaceConnect()

2010-02-18  Matthew Booth  <mbooth@redhat.com>

	Fix whitespace in domain.rng
	* src/schemas/domain.rng: Replace tabs with 8 spaces

2010-02-18  Daniel P. Berrange  <berrange@redhat.com>

	Update QEMU JSON balloon command handling
	The QEMU JSON monitor changed balloon commands to return/accept
	bytes instead of kilobytes. Update libvirt to cope with this

	* src/qemu/qemu_monitor_json.c: Expect/use bytes for ballooning

2010-02-18  Jim Meyering  <meyering@redhat.com>

	openvzLoadDomains: don't ignore failing virUUIDFormat
	* src/openvz/openvz_conf.c (openvzLoadDomains): Diagnose failure of
	virUUIDFormat.

2010-02-18  Cole Robinson  <crobinso@redhat.com>

	python: Actually add virConnectGetVersion to generated bindings
	The recent commit to implement a python version of this function
	didn't drop an explicit 'ignore' check in the generator, so this
	never ended up in the bindings.

2010-02-17  Eric Blake  <ebb9@byu.net>

	build: inform libtool of m4 directory
	Silence a libtoolize warning.
	*  configure.ac (AC_CONFIG_MACRO_DIR): Add.

2010-02-17  Jiri Denemark  <jdenemar@redhat.com>

	Adds a cpu-baseline command for virsh
	* tools/virsh.c: add a command to compute a CPU baseline based on
	  multiple CPU definitions in an XML chunk
	* tools/virsh.pod: add it to the man page

2010-02-17  Jim Meyering  <meyering@redhat.com>

	vshCommandParse: placate coverity
	There is no real leak here, but Coverity-Prevent thinks there is.
	It does not see that while there are four ways to return from
	vshCommandGetToken with VSH_TK_END, none of them results in allocation
	of a result.
	* tools/virsh.c (vshCommandParse): Add a (currently) useless VIR_FREE,
	to ensure that we never leak when vshCommandGetToken returns VSH_TK_END.

	qemuMonitorTextAddUSBDisk: avoid unconditional leak
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextAddUSBDisk): Free
	command output buffer.

	tests: avoid NULL deref upon OOM failure
	* tests/qemuxml2argvtest.c (testCompareXMLToArgvFiles): Handle malloc
	failure.

	qemuInitPasswords: avoid unconditional leak
	* src/qemu/qemu_driver.c (qemuInitPasswords): Free pass-phrase buffer.

	qemuMonitorTextAddDevice: avoid unconditional leak
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextAddDevice): Free the
	device name buffer.

	libvirt-override.c: avoid a leak upon call with invalid argument
	* python/libvirt-override.c (libvirt_virConnectBaselineCPU): Don't leak
	the xmlcpus buffer upon encountering a non-string list element.

	vboxDomainDumpXML: avoid a leak on OOM error path
	* src/vbox/vbox_tmpl.c (vboxDomainDumpXML): Free vboxCallback buffer
	upon OOM.

	virNodeDevCapScsiHostParseXML: avoid an unconditional leak
	* src/conf/node_device_conf.c (virNodeDevCapScsiHostParseXML):
	Free the "nodes" buffer allocated by virXPathNodeSet.

	uml_driver.c: avoid leak upon failure
	* src/uml/uml_driver.c (umlMonitorCommand): This function would
	sometimes return -1, yet fail to free the "reply" it had allocated.
	Hence, no caller would know to free the corresponding argument.
	When returning -1, be sure to free all allocated resources.

	vbox_tmpl.c: avoid an unconditional leak
	* src/vbox/vbox_tmpl.c (vboxDomainDumpXML): Free def.
	Improved by Matthias Bolte.

	openvz (openvzFreeDriver): avoid leaks
	* src/openvz/openvz_conf.c (openvzFreeDriver): Also free driver buffer.
	Based on a suggestion from Matthias Bolte.

	virStorageBackendIsMultipath: avoid dead store
	* src/storage/storage_backend_mpath.c (virStorageBackendIsMultipath):
	The result of dm_get_next_target was never used (and isn't needed),
	so don't store it.

2010-02-17  Cole Robinson  <crobinso@redhat.com>

	qemu: Make SetVcpu command hotplug only
	Similar to the Set*Mem commands, this implementation was bogus and
	misleading. Make it clear this is a hotplug only operation, and that the
	hotplug piece isn't even implemented.

	Also drop the overkill maxvcpus validation: we don't perform this check
	at XML define time so clearly no one is missing it, and there is
	always the risk that our info will be out of date, possibly preventing
	legitimate CPU values.

	qemu: Make Set*Mem commands hotplug only
	SetMem and SetMaxMem are hotplug only APIs, any persistent config
	changes are supposed to go via XML definition. The original implementation
	of these calls were incorrect and had the nasty side effect of making
	a psuedo persistent change that would be lost after libvirtd restart
	(I didn't know any better).

	Fix these APIs to rightly reject non running domains.

2010-02-16  Daniel P. Berrange  <berrange@redhat.com>

	Treat missing QEMU 'thread_id' as non-fatal in JSON monitor
	The plain QEMU tree does not include 'thread_id' in the JSON
	output. Thus we need to treat it as non-fatal if missing.

	* src/qemu/qemu_monitor_json.c: Treat missing thread_id as non-fatal

	Fix check for primary IDE controller in QEMU PCI slot assignment
	A typo in the check for the primary IDE controller could cause
	a crash on restore depending on the exact guest config.

	* src/qemu/qemu_conf.c: Fix s/video/controller/ typo & slot
	  number typo

	Make error reporting for QEMU JSON mode more friendly
	Current error reporting for JSON mode returns the full JSON
	command string and full JSON error string. This is not very
	user friendly, so this change makes the error report only
	contain the basic command name, and friendly error message
	description string. The full JSON data is logged instead.

	* src/qemu/qemu_monitor_json.c: Always return the 'desc' field from
	  the JSON error message to users.

	Run 'qmp_capabilities' command at QEMU monitor startup
	When in JSON mode, QEMU requires that 'qmp_capabilities' is run as
	the first command in the monitor. This is a no-op when run in the
	text mode monitor

	* src/qemu/qemu_driver.c: Run capabilities negotiation when
	  connecting to the monitor
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h: Add
	  support for the 'qmp_capabilities' command, no-op in text mode.

2010-02-16  Stefan Berger  <stefanb@us.ibm.com>

	macvtap support for libvirt -- schema extensions
	* docs/schemas/domain.rng: extends the domain xml schema to support the
	  new interface type 'direct'

	macvtap support for libvirt -- qemu support
	This part adds support for qemu making a macvtap tap device available
	via file descriptor passed to qemu command line. This also attempts to
	tear down the macvtap device when a VM terminates. This includes support
	for attachment and detachment to/from running VM.
	* src/qemu/qemu_conf.[ch] src/qemu/qemu_driver.c: add support in the
	  QEmu driver

	macvtap support for libvirt -- helper code
	This part adds the helper code to setup and tear down macvtap devices
	using direct communication with the device driver via netlink sockets.
	The rather short messages received from the netlink layer are now
	written into a dynamically allocated buffer

	* src/util/macvtap.h src/util/macvtap.c: provides the new module
	* po/POTFILES.in: the module contains translated strings

	macvtap support for libvirt -- parse new interface XML
	This part adds support to domain_conf.{c|h} for parsing the new
	interface XML of type 'direct'. The parsed mode is now stored as
	an int.
	* src/conf/domain_conf.c src/conf/domain_conf.h: extend parsing code
	* src/util/macvtap.h: empty header to not break compilation

	macvtap support for libvirt -- build support
	This patch adds build support for libvirt checking for certain contents
	of /usr/include/linux/if_link.h to see whether macvtap support is
	compilable on that system. One can disable macvtap support in libvirt
	via --without-macvtap passed to configure.
	* configure.ac src/Makefile.am: new build support
	* src/libvirt_macvtap.syms: list of exported symbols
	* src/util/macvtap.c: empty module to not break compilation

2010-02-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	interface: Use proper return codes in the open function
	The open function returned -1 in case of an error, but -1 maps
	to VIR_DRV_OPEN_DECLINED instead of VIR_DRV_OPEN_ERROR.

	Convert virSecurityReportError into a macro
	The virRaiseError macro inside of virSecurityReportError expands to
	virRaiseErrorFull and includes the __FILE__, __FUNCTION__ and __LINE__
	information. But this three values are always the same for every call
	to virSecurityReportError and do not reflect the actual error context.

	Converting virSecurityReportError into a macro results in getting the
	correct __FILE__, __FUNCTION__ and __LINE__ information.

2010-02-13  Daniel P. Berrange  <berrange@redhat.com>

	Add persistence of PCI addresses to QEMU
	Current PCI addresses are allocated at time of VM startup.
	To make them truely persistent, it is neccessary to do this
	at time of virDomainDefine/virDomainCreate. The code in
	qemuStartVMDaemon still remains in order to cope with upgrades
	from older libvirt releases

	* src/qemu/qemu_driver.c: Rename existing qemuAssignPCIAddresses
	  to qemuDetectPCIAddresses. Add new qemuAssignPCIAddresses which
	  does auto-allocation upfront. Call qemuAssignPCIAddresses from
	  qemuDomainDefine and qemuDomainCreate to assign PCI addresses that
	  can then be persisted. Don't clear PCI addresses at shutdown if
	  they are intended to be persistent

	Fix crash in LXC driver open method when URI has no path
	If giving a lxc://  URI instead of lxc:/// the open method
	would crash ona NULL pointer

	* src/lxc/lxc_driver.c: Cope with a NULL URI path

	Fix USB device path formatting mixup
	* src/util/hostusb.c: The device path for a USB device wants the
	  bus/device IDs in decimal not octal

	Support 'block_passwd' command for QEMU disk encryption
	The old text mode monitor prompts for a password when disks are
	encrypted. This interactive approach doesn't work for JSON mode
	monitor. Thus there is a new 'block_passwd' command that can be
	used.

	* src/qemu/qemu_driver.c: Split out code for looking up a disk
	  secret from findVolumeQcowPassphrase, into a new method
	  getVolumeQcowPassphrase. Enhance qemuInitPasswords() to also
	  set the disk encryption password via the monitor
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  support for the 'block_passwd' monitor command.

2010-02-12  Jiri Denemark  <jdenemar@redhat.com>

	Implement cpuBaseline in remote and qemu drivers

	Wire protocol format and dispatcher for virConnectBaselineCPU

	virConnectBaselineCPU public API implementation

	Internal driver API for virConnectBaselineCPU

	virConnectBaselineCPU public API

	Implement cpuArchBaseline in x86 CPU driver

	Implement cpuArchBaseline in generic CPU driver

	Functions for computing baseline CPU from a set of host CPUs
	Baseline CPU is the best CPU which can be used for a guest on any of the
	hosts.

2010-02-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix compliation of AppArmor related code
	Broken by the latest commits to remove the virConnectPtr parameter
	from internal functions.

2010-02-12  Jim Meyering  <meyering@redhat.com>

	qemu_driver.c: honor dname parameter once again
	Since c26cb9234f4b9fa46d7caa3385ae36704167c53f, the dname
	parameter has been ignored by these two functions.  Use it.
	* src/qemu/qemu_driver.c (qemudDomainMigratePrepareTunnel): Honor dname
	parameter once again.
	(qemudDomainMigratePrepare2): Likewise.

	plug four virStoragePoolSourceFree-related leaks
	* src/conf/storage_conf.c (virStoragePoolDefParseSourceString):
	* src/storage/storage_backend_fs.c:
	(virStorageBackendFileSystemNetFindPoolSourcesFunc):
	(virStorageBackendFileSystemNetFindPoolSources):
	* src/test/test_driver.c (testStorageFindPoolSources):

2010-02-11  Jim Meyering  <meyering@redhat.com>

	remote_driver.c: avoid leak on OOM error path
	* src/remote/remote_driver.c (doRemoteOpen): Don't leak a qparam_set
	buffer upon OOM error.

2010-02-11  Jiri Denemark  <jdenemar@redhat.com>

	Mark all error messages for translation

	Add cpu_generic.c to the list of translated files

	Swap position of nmodels and models parameters in cpuDecode()
	All other libvirt functions use array first and then number of elements
	in that array. Let's make cpuDecode follow this rule.

	Fix <cpu> element in domain XML schema
	The current schema is more permissive than the XML parsing code in
	libvirt. Precisely, 'match' attribute is optional in schema while in
	reality its use is bound to <model> element:

	- <cpu> element without 'match' attribute is allowed only if <topology>
	  element is the only child element of <cpu>

	- <cpu> element with 'match' attribute requires <model> element to be
	  present; <topology> and <feature> elements are optional

2010-02-11  Chris Lalancette  <clalance@redhat.com>

	Fix up a misspelled comment.

2010-02-11  Daniel P. Berrange  <berrange@redhat.com>

	Fix disk stats retrieval with QEMU >= 0.12
	With QEMU >= 0.12 the host and guest side of disks no longer have
	the same naming convention. Specifically the host side will now
	get a 'drive-' prefix added to its name. The 'info blockstats'
	monitor command returns the host side name, so it is neccessary
	to strip this off when looking up stats since libvirt stores the
	guest side name !

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Move 'drive-' prefix
	  string to a defined constant
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_text.c: Strip
	  off 'drive-' prefix (if found) when looking up disk stats

2010-02-10  Cole Robinson  <crobinso@redhat.com>

	qemu: Increase guest startup timeout to 30 seconds
	Currently the timeout for reading startup output is 3 seconds. If the
	host is under any sort of load, we can easily trigger this. Lets bump
	it to 30 seconds.

	Since the polling loop checks to see if the process has died, we shouldn't
	erroneously hit this timeout if qemu bombs (only if it is stuck in some
	infinite loop).

	qemu: Properly report a startup timeout error
	The timeout errors were unconditionally being overwritten by the less
	helpful 'unable to start guest' error.

	test: Fake security driver support in capabilities
	Having some value in capabilities helps testing this stuff in
	virt-manager.

2010-02-10  Daniel P. Berrange  <berrange@redhat.com>

	Annotate some virConnectPtr as mandatory non-null
	Use the ATTRIBUTE_NONNULL annotation to mark some virConnectPtr
	args as mandatory non-null so the compiler can warn of mistakes

	* src/conf/domain_event.h: All virConnectPtr args must be non-null
	* src/qemu/qemu_conf.h: qemudBuildCommandLine and
	  qemudNetworkIfaceConnect() must be given non-null connection
	* tests/qemuxml2argvtest.c: Provide a non-null (dummy) connection to
	  qemudBuildCommandLine()

	Remove virConnectPtr from secret XML APIs
	The virConnectPtr is no longer required for error reporting since
	that is recorded in a thread local. Remove use of virConnectPtr
	from all APIs in secret_conf.{h,c} and update all callers to
	match

	Remove virConnectPtr from interface XML APIs
	The virConnectPtr is no longer required for error reporting since
	that is recorded in a thread local. Remove use of virConnectPtr
	from all APIs in interface_conf.{h,c} and update all callers to
	match

	Remove virConnectPtr from CPU XML APIs
	The virConnectPtr is no longer required for error reporting since
	that is recorded in a thread local. Remove use of virConnectPtr
	from all APIs in cpu_conf.{h,c} and update all callers to
	match

	Remove virConnectPtr from storage APIs & driver
	The virConnectPtr is no longer required for error reporting since
	that is recorded in a thread local. Remove use of virConnectPtr
	from all APIs in storage_conf.{h,c} and storage_encryption_conf.{h,c}
	and update all callers to match

	Remove virConnectPtr from all node device XML APIs
	The virConnectPtr is no longer required for error reporting since
	that is recorded in a thread local. Remove use of virConnectPtr
	from all APIs in node_device_conf.{h,c} and update all callers to
	match

	Remove virConnectPtr from network XML APis
	The virConnectPtr is no longer required for error reporting since
	that is recorded in a thread local. Remove use of virConnectPtr
	from all APIs in network_conf.{h,c} and update all callers to
	match

	Remove virConnectPtr from USB/PCI device iterators
	All callers now pass a NULL virConnectPtr into the USB/PCi device
	iterator functions. Therefore the virConnectPtr arg can now be
	removed from these functions

	* src/util/hostusb.h, src/util/hostusb.c: Remove virConnectPtr
	  from usbDeviceFileIterate
	* src/util/pci.c, src/util/pci.h: Remove virConnectPtr arg from
	  pciDeviceFileIterate
	* src/qemu/qemu_security_dac.c, src/security/security_selinux.c: Update
	  to drop redundant virConnectPtr arg

	Fix generation of floppy disk arg for QEMU's -global arg
	* src/qemu/qemu_conf.c: Fix ',' vs '.' typo in floppy disk arg

	Fix compile error in Xen proxy from virConnectPtr changes
	* proxy/libvirt_proxy.c: Remove 'conn' arg to virDomainDefFormat

	Convert qemu command line flags to 64-bit int
	The QEMU flags are commonly stored as a signed or unsigned int,
	allowing only 31 flags. This limit is rather close, so to aid
	future patches, change it to a 64-bit int

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h, src/qemu/qemu_driver.c,
	  tests/qemuargv2xmltest.c, tests/qemuhelptest.c, tests/qemuxml2argvtest.c:
	  Use 'unsigned long long' for QEMU flags

	Remove use of virConnectPtr from security driver APIs
	The virConnectPtr is no longer required for error reporting since
	that is recorded in a thread local. Remove use of virConnectPtr
	from all APIs in security_driver.{h,c} and update all callers to
	match

	Remove virConnectPtr from all domain XML parsing/formatting APIs

	Remove virConnectPtr from LXC driver

	Remove passing of virConnectPtr throughout QEMU driver

	Fix security driver configuration
	The security driver was mistakenly initialized before the QEMU
	config file was loaded. This prevents it being turned off again.
	The capabilities XML was also getting the wrong security driver
	name, due to the stacked driver arrangement.

	* src/qemu/qemu_driver.c: Fix initialization order and capabilities
	  model name

2010-02-10  Jim Meyering  <meyering@redhat.com>

	virAsprintf: remove its warn_unused_result attribute
	* src/util/util.h (virAsprintf): Remove ATTRIBUTE_RETURN_CHECK, since
	it is perfectly fine to ignore the return value, now that the pointer
	is guaranteed to be set to NULL upon failure.
	* src/util/storage_file.c (absolutePathFromBaseFile): Remove now-
	unnecessary use of ignore_value.

	absolutePathFromBaseFile: avoid an unnecessary use of assert
	* src/util/storage_file.c (absolutePathFromBaseFile): While this use
	of virAsprintf is slightly cleaner than using stpncpy(stpcpy(...,
	it does impose an artificial limitation on the length of the base_file
	name.  Rather than asserting that it does not exceed INT_MAX, return
	NULL when it does.

2010-02-10  Daniel Veillard  <veillard@redhat.com>

	Escape strings serialized in XML
	* src/conf/node_device_conf.c: string saved into XML should be escaped
	  with the use of virBufferEscapeString()

2010-02-09  Jiri Denemark  <jdenemar@redhat.com>

	Create raw storage files with O_DSYNC
	When creating preallocated large raw files opening them with O_DSYNC
	prevents long delays in reading because cache pages can be immediately
	reused without writing them on a disk first.

2010-02-09  Daniel P. Berrange  <berrange@redhat.com>

	Re-generate remote protocol files for new APIs
	Re-generate remote protocol files for changes in commit
	daeb6f6b40432f74150c96fa99ef12df31344fbb

	* daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h,
	  daemon/remote_dispatch_table.h, src/remote/remote_protocol.c,
	  src/remote/remote_protocol.h: Re-generate files

2010-02-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	Remove conn parameter from USB functions
	It was used for error reporting only.

	Remove conn parameter from JSON error macro

	Remove conn parameter from PCI functions
	It was used for error reporting only.

	Remove conn parameter from Linux stats functions
	It was used for error reporting only.

	Remove conn parameter from storage file functions
	It was used for error reporting only.

	Remove conn parameter from util functions
	It was used for error reporting only.

	Remove conn parameter from virXPath* functions
	It was used for error reporting only.

	Remove conn parameter from virReportSystemError

	Remove conn parameter from virReportOOMError

2010-02-09  Jim Fehlig  <jfehlig@novell.com>

	Modify virsh commands
	Change all virsh commands that invoke virDomain{Attach,Detach}Device()
	to use virDomain{Attach,Detach}DeviceFlags() instead.

	Add a "--persistent" flag to these virsh commands, allowing user to
	specify that the domain persisted config be modified as well.

	V2: Only invoke virDomain{Attach,Detach}DeviceFlags() if
	"--persistent" flag is specified.  Otherwise invoke
	virDomain{Attach,Detach}Device() to retain current behavior.

	domain{Attach,Detach}DeviceFlags handler for drivers
	Implementation of domain{Attach,Detach}DeviceFlags handlers
	in the drivers.

	Server side dispatcher
	Server side dispatcher for Domain{Attach,Detach}DeviceFlags.

	Remote driver
	Implementation of Domain{Attach,Detach}DeviceFlags in remote driver.

	Wire protocol format
	Definition of wire protocol format for
	virDomain{Attach,Detach}DeviceFlags.

	Public API Implementation
	Implementation of public API for virDomain{Attach,Detach}DeviceFlags.

	V2: Don't break remote compatibility with older libvirtd

	Internal API
	Definition of internal API for virDomain{Attach,Detach}DeviceFlags.

	Public API
	Definition of public API for virDomain{Attach,Detach}DeviceFlags.

	V2: Adjust libvrt_public.syms to anticipated 0.7.7 release.

	doc: restrict virDomain{Attach,Detach}Device to active domains
	virDomain{Attach,Detach}Device is now only permitted on active
	domains.  Explicitly state this restriction in the API
	documentation.

	V2: Only change doc, dropping the hunk that forced the restriction
	    in libvirt frontend.

2010-02-06  Jim Meyering  <meyering@redhat.com>

	build: update gnulib submodule to latest
	* .gnulib: This fixes a warning in test-gettimeofday.c,
	seen via "make check".  Reported by Daniel Veillard.

2010-02-05  Jim Meyering  <meyering@redhat.com>

	(absolutePathFromBaseFile): fix up preceding commit
	When configured with --enable-gcc-warnings, it didn't even compile.
	* src/util/storage_file.c: Include <assert.h>.
	(absolutePathFromBaseFile): Assert that converting size_t to int is valid.
	Reverse length/string args to match "%.*s".
	Explicitly ignore the return value of virAsprintf.

	absolutePathFromBaseFile: don't leak when first arg contains no "/"
	* src/util/storage_file.c: Include "dirname.h".
	(absolutePathFromBaseFile): Rewrite not to leak, and to require
	fewer allocations.
	* bootstrap (modules): Add dirname-lgpl.
	* .gnulib: Update submodule to the latest.

	sexpr_string: avoid leak on OOM error path
	* src/xen/sexpr.c (sexpr_string): Free sexpr buffer upon allocation
	failure.

	virDomainChrDefParseXML: don't leak upon invalid input
	* src/conf/domain_conf.c (virDomainChrDefParseXML): Don't leak a
	virDomainChrDef buffer upon "unknown target type for char device" error.

	virExecWithHook: avoid leak on OOM error path
	* src/util/util.c (virExecWithHook): Free argv_str string before
	returning upon failure to allocate space for environment.

	cgroup.c: don't leak mem+FD upon OOM
	* src/util/cgroup.c (virCgroupDetectPlacement): Close the mapping
	FILE* also upon error.

	cgroup.c: avoid unconditional leaks
	* src/util/cgroup.c (virCgroupCpuSetInherit) [HAVE_MNTENT_H]:
	Don't leak CPU-set inheritance value strings.

2010-02-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	website: Add a 1em right margin
	This stops the text and pre-boxes from touching the right border.

	storage: Replace storageLog with VIR_ERROR

	opennebula: Remove unnecessary casts

	esx: Remove unnecessary casts

	cpu conf: Use virBufferFreeAndReset instead of virBufferContentAndReset and VIR_FREE

	docs: Refer to virReportOOMError in the HACKING file
	Instead of refering to __virRaiseError(VIR_ERROR_NO_MEMORY).

	esx: Cleanup preprocessing structure in esxVI_EnsureSession

	docs: Emphasize that devices have to be inside the <devices> element
	Also cleanup indentation of domain XML examples.

2010-02-04  Doug Goldstein  <cardoe@gentoo.org>

	virt-pki-validate contains unexpanded SYSCONFDIR variable
	* tools/virt-pki-validate.in: use an automake variable instead of a
	  shell variable so the resulting shell actually work

2010-02-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.7.6
	* configure.ac docs/news.html.in libvirt.spec.in: version bump and doc
	  updates
	* po/*.po*: updated and regenerated the localizations

2010-02-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix restore of QEMU guests with PCI device reservation
	When restoring from a saved guest image, the XML would already
	contain the PCI slot ID of the IDE controller & video card.
	The attempt to explicitly reserve this upfront would thus fail
	everytime.

	* src/qemu/qemu_conf.c: Reserve IDE controller / video card
	  slot at time of need, rather than upfront

2010-02-04  Laine Stump  <laine@laine.org>

	Another fork() log locking cleanup in file creation
	Similar fix as previous one but for fork() usage when creating
	a file or directory

	* src/util/util.c: virLogLock() and virLogUnlock() around fork()
	  in virFileCreate() and virDirCreateSimple()

2010-02-04  Cole Robinson  <crobinso@redhat.com>

	Fix log locking problem when using fork() in the library
	Ad pointed out by Dan Berrange:
	So if some thread in libvirtd is currently executing a logging call,
	while another thread calls virExec(), that other thread no longer
	exists in the child, but its lock is never released. So when the
	child then does virLogReset() it deadlocks.

	The only way I see to address this, is for the parent process to call
	virLogLock(), immediately before fork(), and then virLogUnlock()
	afterwards in both parent & child. This will ensure that no other
	thread
	can be holding the lock across fork().

	* src/util/logging.[ch] src/libvirt_private.syms: export virLogLock() and
	  virLogUnlock()
	* src/util/util.c: lock just before forking and unlock just after - in
	  both parent and child.

2010-02-03  David Allan  <dallan@redhat.com>

	Fix locking for udev device add/remove
	The original udev node device backend neglected to lock the driverState
	struct containing the device list when adding and removing devices
	* src/node_device/node_device_udev.c: add necessary locks in
	  udevRemoveOneDevice() and udevAddOneDevice()

2010-02-03  Jim Meyering  <meyering@redhat.com>

	interface_conf.c: don't use a negative value as allocation size
	* src/conf/interface_conf.c (virInterfaceDefParseProtoIPv4): If
	virXPathNodeSet returns -1, indicate failure by returning -1 right away.
	(virInterfaceDefParseProtoIPv6): Likewise.

	virStoragePoolSourceListNewSource: avoid unconditional leak
	* src/conf/storage_conf.c (virStoragePoolSourceListNewSource):
	Remove an unused (and leaked) allocation.

	xs_internal.c: don't use a negative value as allocation size
	* src/xen/xs_internal.c (xenStoreDomainIntroduced): Don't use -1
	as an allocation size upon xenStoreNumOfDomains failure.
	(xenStoreDomainReleased): Likewise.

2010-02-03  Daniel P. Berrange  <berrange@redhat.com>

	Ensure QEMU DAC security driver is activated at all times
	If the primary security driver (SELinux/AppArmour) was disabled
	then the secondary QEMU DAC security driver was also disabled.
	This is mistaken, because the latter must be active at all times

	* src/qemu/qemu_driver.c: Ensure DAC driver is always active

2010-02-03  Jim Meyering  <meyering@redhat.com>

	xen_hypervisor.c: remove all "domain == NULL" tests, ...
	* src/xen/xen_hypervisor.c: Remove all "domain == NULL" tests.
	* src/xen/xen_hypervisor.h: Instead, use ATTRIBUTE_NONNULL to
	mark each "domain" parameter as "known always to be non-NULL".

	xen_hypervisor.c: avoid NULL deref for NULL domain argument
	* src/xen/xen_hypervisor.c (xenHypervisorGetVcpus): Don't attempt
	to diagnose an unlikely NULL-domain or NULL-domain->conn error.

2010-02-03  Daniel P. Berrange  <berrange@redhat.com>

	Tweak USB hostdevice XML handling
	When attaching a USB host device based on vendor/product, libvirt
	will resolve the vendor/product into a device/bus pair. This means
	that when printing XML we should allow device/bus info to be printed
	at any time if present

	* src/conf/domain_conf.c, docs/schemas/domain.rng: Allow USB device
	  bus info alongside vendor/product

	Fix QEMU hotplug device alias assignment
	To allow devices to be hot(un-)plugged it is neccessary to ensure
	they all have a unique device aliases. This fixes the hotplug
	methods to assign device aliases before invoking the monitor
	commands which need them

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Expose methods
	  for assigning device aliases for disks, host devices and
	  controllers
	* src/qemu/qemu_driver.c: Assign device aliases when hotplugging
	  all types of device
	* tests/qemuxml2argvdata/qemuxml2argv-hostdev-pci-address-device.args,
	  tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address-device.args:
	  Update for changed hostdev naming scheme

	Disable QEMU monitor IO debugging by default

	Re-arrange QEMU device alias assignment code
	This patch re-arranges the QEMU device alias assignment code to
	make it easier to call into the same codeblock when performing
	device hotplug. The new code has the ability to skip over already
	assigned names to facilitate hotplug

	* src/qemu/qemu_driver.c: Call qemuAssignDeviceNetAlias()
	  instead of qemuAssignNetNames
	* src/qemu/qemu_conf.h: Export qemuAssignDeviceNetAlias()
	  instead of qemuAssignNetNames
	* src/qemu/qemu_driver.c: Merge the legacy disk/network alias
	  assignment code into the main methods

	Remove direct storage of hostnet_name & vlan
	The current way of assigning names to the host network backend and
	NIC device in QEMU was over complicated, by varying naming scheme
	based on the NIC model and backend type. This simplifies the naming
	to simply be 'net0' and 'hostnet0', allowing code to easily determine
	the host network name and vlan based off the primary device alias
	name 'net0'. This in turn allows removal of alot of QEMU specific
	code from the XML parser, and makes it easier to assign new unique
	names for NICs that are hotplugged

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Remove hostnet_name
	  and vlan fields from virNetworkDefPtr
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h, src/qemu/qemu_driver.c:
	  Use a single network alias naming scheme regardless of NIC type
	  or backend type. Determine VLANs from the alias name.
	* tests/qemuxml2argvdata/qemuxml2argv-net-eth-names.args,
	  tests/qemuxml2argvdata/qemuxml2argv-net-virtio-device.args,
	  tests/qemuxml2argvdata/qemuxml2argv-net-virtio-netdev.args: Update
	  for new simpler naming scheme

	Remove use of -netdev arg with QEMU
	The QEMU 0.12.x tree has the -netdev command line argument, but not
	corresponding monitor command. We can't enable the former, without
	the latter since it will break hotplug/unplug.

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Disable -netdev usage
	  until 0.13 at earliest
	* tests/qemuxml2argvtest.c: Add test for -netdev syntax
	* tests/qemuxml2argvdata/qemuxml2argv-net-virtio-netdev.args,
	  tests/qemuxml2argvdata/qemuxml2argv-net-virtio-netdev.xml: Test
	  data files for -netdev syntax

	Assign PCI addresses before hotplugging devices
	PCI disk, disk controllers, net devices and host devices need to
	have PCI addresses assigned before they are hot-plugged

	* src/qemu/qemu_conf.c: Add APIs for ensuring a device has an
	  address and releasing unused addresses
	* src/qemu/qemu_driver.c: Ensure all devices have addresses
	  when hotplugging.

	Rewrite way QEMU PCI addresses are allocated
	The current QEMU code allocates PCI addresses incrementally starting
	at 4. This is not satisfactory because the user may have given some
	addresses in their XML config, which need to be skipped over when
	allocating addresses to remaining devices.

	It is thus neccessary to maintain a list of already allocated PCI
	addresses and then only allocate ones that remain unused. This is
	also required for domain device hotplug to work properly later.

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Add APIs for creating
	  list of existing PCI addresses, and allocating new addresses.
	  Refactor address assignment to use this code
	* src/qemu/qemu_driver.c: Pull PCI address assignment up into the
	  qemuStartVMDaemon() method, as a prelude to moving it into the
	  'define' method. Update list of allocated addresses when connecting
	  to a running VM at daemon startup.
	* tests/qemuxml2argvtest.c, tests/qemuargv2xmltest.c,
	  tests/qemuxml2xmltest.c: Remove USB product test since all
	  passthrough is done based on address
	* tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-product.args,
	  tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-product.xml: Kil
	  unused data files

	Introduce generic virDomainDeviceInfo iterator function
	The virDomainDeviceInfoIterate() function will provide a
	convenient way to iterate over all devices in a domain.

	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/libvirt_private.syms: Add virDomainDeviceInfoIterate()
	  function.

	Make hotplug use new device_add where possible
	Since QEMU startup uses the new -device argument, the hotplug
	code needs todo the same. This converts disk, network and
	host device hotplug to use the device_add command

	* src/qemu/qemu_driver.c: Use new device_add monitor APIs
	  whereever possible

	Introduce internal QEMU monitor APIs for drive + device hotadd
	The way QEMU is started has been changed to use '-device' and
	the new style '-drive' syntax. This needs to be mirrored in
	the hotplug code, requiring addition of two new APIs.

	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Define APIs
	  qemuMonitorAddDevice() and qemuMonitorAddDrive()
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
	  Implement the new monitor APIs

2010-02-02  Daniel P. Berrange  <berrange@redhat.com>

	Split out QEMU code for building PCI/USB hostdev arg values
	To allow for better code reuse from hotplug methods, the code for
	generating PCI/USB hostdev arg values is split out into separate
	methods

	* qemu/qemu_conf.h, qemu/qemu_conf.c: Introduce new APis for
	  qemuBuildPCIHostdevPCIDevStr, qemuBuildUSBHostdevUsbDevStr
	  and qemuBuildUSBHostdevDevStr

	Standard internal API syntax for building QEMU command line arguments
	All the helper functions for building command line arguments
	now return a 'char *', instead of acepting a 'char **' or
	virBufferPtr argument

	* qemu/qemu_conf.c: Standardize syntax for building args
	* qemu/qemu_conf.h: Export all functions for building args
	* qemu/qemu_driver.c: Update for changed syntax for building
	  NIC/hostnet args

2010-02-02  Jim Meyering  <meyering@redhat.com>

	libvirtd.c: avoid closing a negative socket file descriptor
	* daemon/libvirtd.c (qemudListenUnix): Close socket only if non-negative.

	storage_backend.c: avoid closing a negative file descriptor
	* src/storage/storage_backend.c (virStorageBackendRunProgRegex):
	Don't close a negative (read-only) file descriptor.

	avoid a probable EINVAL from lseek
	* src/qemu/qemu_driver.c (qemudLogReadFD): Don't pass a negative
	offset (from a preceding failed attempt to seek to EOF) to this use
	of lseek.

2010-02-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	udev: Don't let strtoul parse USB busnum and devnum as octal
	udevGetUintProperty was called with base set to 0 for busnum and devnum.
	With base 0 strtoul parses the number as octal if it start with a 0. But
	busnum and devnum are decimal and udev returns them padded with leading
	zeros. So strtoul parses them as octal. This works for certain decimal
	values like 001-007, but fails for values like 008.

	Change udevProcessUSBDevice to use base 10 for busnum and devnum.

2010-02-02  Jim Meyering  <meyering@redhat.com>

	util.c (two more): don't use a negative value as allocation size
	* src/util/util.c (virGetUserID, virGetGroupID): In the unlikely event
	that sysconf(_SC_GETPW_R_SIZE_MAX) fails, don't use -1 as the size in
	the subsequent allocation.

	json.c: avoid an unconditional leak from most qemuMonitorJSON* functions
	* src/util/json.c (virJSONValueFree): Free the "value" pointer, too.

	avoid format-related warnings
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextGetAllPCIAddresses):
	Use %s.
	* src/storage/storage_backend_iscsi.c (virStorageBackendCreateIfaceIQN):
	Likewise.
	* tools/virsh.c (cmdSecretSetValue): Likewise.

2010-02-02  Eric Blake  <ebb9@byu.net>

	maint: avoid excess parens in STREQ
	* src/internal.h (STREQ, STRCASEEQ, STRNEQ, STRCASENEQ, STREQLEN)
	(STRCASEEQLEN, STRNEQLEN, STRCASENEQLEN, STRPREFIX): Avoid
	redundant parenthesis.
	* examples/domain-events/events-c/event-test.c (STREQ): Likewise.
	* src/storage/parthelper.c (STREQ): Likewise.

2010-02-02  Jiri Denemark  <jdenemar@redhat.com>

	Move models/nmodels mismatch checking one level up

2010-02-01  Jiri Denemark  <jdenemar@redhat.com>

	Log flags in virConnectCompareCPU
	* src/libvirt.c: extend the debug statement to log flags too

2010-02-01  Chris Lalancette  <clalance@redhat.com>

	Fix PCI host reattach on domain detach.
	Similar to the race fixed by
	be34c3c7efbb1ea8999530f98b99c5dde3793f84, make sure
	to wait around for KVM to release the resources from
	a hot-detached PCI device before attempting to
	rebind that device to the host driver.

2010-02-01  Matthew Booth  <mbooth@redhat.com>

	Clarify controllers -device string in QEMU driver
	The QEMU driver contained code to generate a -device string for piix4-ide, but
	wasn't using it. This change removes this string generation. It also adds a
	comment explaining why IDE and FDC controllers don't generate -device strings.

	The change also generates an error if a sata controller is specified for a QEMU
	domain, as this isn't supported.

	* src/qemu/qemu_conf.c: Remove VIR_DOMAIN_CONTROLLER_TYPE_IDE handler in
	  qemuBuildControllerDevStr(). Ignore IDE and FDC controllers. Error if
	  SATA controller is discovered. Add comments.

2010-02-01  Chris Lalancette  <clalance@redhat.com>

	Fix up a comment in virHashUpdateEntry

	Look in /usr/libexec for the qemu-kvm binary.
	On RHEL-5 the qemu-kvm binary is located in /usr/libexec.
	To reduce confusion for people trying to run upstream libvirt
	on RHEL-5 machines, make the qemu driver look in /usr/libexec
	for the qemu-kvm binary.

	To make this work, I modified virFindFileInPath to handle an
	absolute path correctly.  I also ran into an issue where
	NULL was sometimes being passed for the file parameter
	to virFindFileInPath; it didn't crash prior to this patch
	since it was building paths like /usr/bin/(null).  This
	is non-standard behavior, though, so I added a NULL
	check at the beginning.

2010-01-30  Eric Blake  <ebb9@byu.net>

	maint: fix spelling error in hacking
	* HACKING: STRCASEEQ is case insensitive.
	* docs/hacking.html.in: Likewise.

2010-01-30  Jim Meyering  <meyering@redhat.com>

	util.c (virGetUserEnt): don't use a negative value as allocation size
	* src/util/util.c (virGetUserEnt): In the unlikely event that
	sysconf(_SC_GETPW_R_SIZE_MAX) fails, don't use -1 as the size in
	the subsequent allocation.

2010-01-28  Jim Fehlig  <jfehlig@novell.com>

	Support Xen 4.0 sysctl version 7
	xen-unstable c/s 20762 bumped XEN_SYSCTL_INTERFACE_VERSION to 7.  The
	interface change does not affect libvirt, other than xenHypervisorInit()
	failing since version 7 is not tried.

	The attached patch accommodates the upcoming Xen 4.0 release by checking
	for XEN_SYSCTL_INTERFACE_VERSION 7.  If found, it sets
	XEN_DOMCTL_INTERFACE_VERSION to 6, which is also new to Xen 4.0.

2010-01-27  Matthew Booth  <mbooth@redhat.com>

	Add missing sata controller type to domain.rng
	* docs/schemas/domain.rng: Add sata controller type

2010-01-27  Jim Meyering  <meyering@redhat.com>

	cpu_x86.c: avoid NULL-deref for invalid arguments
	* src/cpu/cpu_x86.c (x86Decode): Do not dereference NULL
	when "models" is NULL and nmodels is 1 or greater.

	portability to non-glibc: don't use realpath(..., NULL)
	it causes a NULL-dereference on some systems like Solaris 10.
	* src/node_device/node_device_linux_sysfs.c. Include <stdlib.h>.
	(get_sriov_function): Use canonicalize_file_name, not realpath.
	* bootstrap (modules): Add canonicalize-lgpl.

	pci.c: correct an erroneous expression
	* src/util/pci.c (pciDeviceDownstreamLacksACS): Fix a typo
	that rendered a subexpression always false.

2010-01-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	udev: Set the state driver name

	Remove undefined symbols from libvirt_private.syms

	udev: Remove event handle on shutdown
	This fixes a segfault when the event handler is called after shutdown
	when the global driver state is NULL again.

	Also fix a locking issue in an error path.

	Don't call disabled timer callbacks in event-test.c
	This fixes a segfault in the remote driver that occurs for example when
	the event-test is run inside a domain-0 and libvirtd is also running.

	esx: Output error details from libcurl

	Add missing function parameter documentation

2010-01-26  Jim Meyering  <meyering@redhat.com>

	hostusb: closedir only if non-NULL; rename labels: s/error/cleanup/
	* src/util/hostusb.c (usbSysReadFile): Rename labels s/error/cleanup/
	(usbFindBusByVendor): Likewise.  And closedir only if non-NULL.

2010-01-26  Laine Stump  <laine@laine.org>

	Cleanup of large buffer on stack in virFileMakePath
	virFileMakePath is a recursive function that was creates a buffer
	PATH_MAX bytes long for each recursion (one recursion for each element
	in the path). This changes it to have no buffers on the stack, and to
	allocate just one buffer total, no matter how many elements are in the
	path. Because the modified algorithm requires a char* to be passed in
	rather than const char *, it is now 2 functions - a toplevel API
	function that remains identical in function, and a 2nd helper function
	called for the recursions, which 1) doesn't allocate anything, and 2)
	takes a char* arg, so it can modify the contents.
	* src/util/util.c: rewrite virFileMakePath

2010-01-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Stop passing around virConnectPtr for error reporting

2010-01-26  Chris Lalancette  <clalance@redhat.com>

	Revert "Fix libvirtd restart for domains with PCI passthrough devices"
	This reverts commit cdc42d0a4865199a941d330dbb6ca1ef426323ae.
	As DanB pointed out, this patch is actually wrong.  The real
	bug that was causing me to see this problem is a bug
	introduced in a RHEL-5 libvirt snapshot, and I'm going to
	fix the real bug there.

	Fix a crash when restarting libvirtd.
	If you shutdown libvirtd while a domain with PCI
	devices is running, then try to restart libvirtd,
	libvirtd will crash.

	This happens because qemuUpdateActivePciHostdevs() is calling
	pciDeviceListSteal() with a dev of 0x0 (NULL), and then trying
	to dereference it.  This patch fixes it up so that
	qemuUpdateActivePciHostdevs() steals the devices after first
	Get()'ting them, avoiding the crash.

	Fix two instances of misspelled 'pseudo'

2010-01-26  Jim Meyering  <meyering@redhat.com>

	qemuMonitorTextAttachDrive: avoid two leaks
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextAttachDrive): Most other
	failures in this function would "goto cleanup", but one mistakenly
	returned directly, skipping the cleanup and resulting in a leak.
	In addition, iterating the "try_command" loop would clobber, and
	thus leak, the "cmd" allocated on the first iteration,
	so be careful to free it in addition to "reply" beforehand.

2010-01-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Search binaries in PATH instead of hardcoding /usr/bin

2010-01-26  Daniel P. Berrange  <berrange@redhat.com>

	Implement QMP support for extracting CPU thread ID
	The KVM build of QEMU includs the thread ID of each vCPU in the
	'query-cpus' output. This is required for pinning guests to
	particular host CPUs

	* src/qemu/qemu_monitor_json.c: Extract 'thread_id' from CPU info

	Misc fixes to QMP monitor support for QEMU
	* src/util/json.c, src/util/json.h: Declare returned strings
	  to be const
	* src/qemu/qemu_monitor.c: Wire up JSON mode for qemuMonitorGetPtyPaths
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h: Fix
	  const correctness. Add missing error message in the function
	  qemuMonitorJSONGetAllPCIAddresses. Add implementation of the
	  qemuMonitorGetPtyPaths function calling 'query-chardev'.

	Add some missing include files which break build in certain platforms
	Two files were using functions from <sys/stat.h> but not including
	in. Most of the time they got this automatically via another header,
	but certain build flag combinations can reveal the problem

	* src/lxc/lxc_container.c, src/node_device/node_device_linux_sysfs.c:
	  Add <sys/stat.h>

	Fix setup of compatability serial devices from console device
	The <console> tag is supposed to result in addition of a single
	<serial> device for HVM guests. The 'targetType' attribute was
	missing though causing the compatibility code to add a second
	<console> device

	* src/conf/domain_conf.c: Set targetType for serial device

2010-01-26  Jim Meyering  <meyering@redhat.com>

	usbGetDevice: don't leak a "usbDevice" buffer on failure path
	* src/util/hostusb.c (usbGetDevice): Free "dev" when returning NULL.

	qemuMonitorTextGetMemoryStats: plug a leak on an error path
	* src/qemu/qemu_monitor_text.c (qemuMonitorCommandWithHandler):
	Always free *reply, upon failure.

2010-01-25  Jim Meyering  <meyering@redhat.com>

	usbFindBusByVendor: don't leak a DIR buffer and FD
	* src/util/hostusb.c (usbFindBusByVendor): Don't leak a DIR buffer
	and file descriptor.

2010-01-25  Eric Blake  <ebb9@byu.net>

	Start modernizing configure
	* configure.ac: reanmed configura.in, use AC_CONFIG_HEADERS instead of
	  AM_CONFIG_HEADER

2010-01-23  Chris Lalancette  <clalance@redhat.com>

	Fix libvirtd restart for domains with PCI passthrough devices
	When libvirtd shuts down, it places a <state/> tag in the XML
	state file it writes out for guests with PCI passthrough
	devices.  For devices that are attached at bootup time, the
	state tag is empty.  However, at libvirtd startup time, it
	ignores anything with a <state/> tag in the XML, effectively
	hiding the guest.
	This patch remove the check for VIR_DOMAIN_XML_INTERNAL_STATUS
	when parsing the XML.
	* src/conf/domain_conf.c: remove VIR_DOMAIN_XML_INTERNAL_STATUS
	  flag check in virDomainHostdevSubsysPciDefParseXML()

	qemu: Fix race between device rebind and kvm cleanup
	Certain hypervisors (like qemu/kvm) map the PCI bar(s) on
	the host when doing device passthrough.  This can lead to a race
	condition where the hypervisor is still cleaning up the device while
	libvirt is trying to re-attach it to the host device driver.  To avoid
	this situation, we look through /proc/iomem, and if the hypervisor is
	still holding onto the bar (denoted by the string in the matcher variable),
	then we can wait around a bit for that to clear up.

	v2: Thanks to review by DV, make sure we wait the full timeout per-device

2010-01-22  Chris Lalancette  <clalance@redhat.com>

	Fix device assignment with root devices
	The patches to add ACS checking to PCI device passthrough
	introduced a bug.  With the current code, if you try to
	passthrough a device on the root bus (i.e. bus 0), then
	it denies the passthrough.  This is because the code in
	pciDeviceIsBehindSwitchLackingACS() to check for a parent
	device doesn't take into account the possibility of the
	root bus.  If we are on the root bus, it means we
	legitimately can't find a parent, and it also means that
	we don't have to worry about whether ACS is enabled.
	Therefore return 0 (indicating we don't lack ACS) from
	pciDeviceIsBehindSwitchLackingACS().

	Add a rule to check for uses of readlink.

	Use virFileResolveLink instead of readlink in AppArmor

	Fix a compile warning in parthelper.c

2010-01-22  Taizo ITO  <taizo.ito@hde.co.jp>

	Add virConnectGetVersion Python API
	adds a new python API call for retrieving the running
	hypervisor version used by a connection: virConnectGetVersion

	* python/generator.py: skip virConnectGetVersion from autogenerated
	* python/libvirt-override-api.xml python/libvirt-override.c: define
	  direct native bindings

2010-01-22  Jamie Strandboge  <jamie@canonical.com>

	Remove AppArmor compile warnings
	* src/security/security_apparmor.c: unused variable in
	  AppArmorSetSecurityAllLabel and unused parameter in
	  AppArmorReleaseSecurityLabel

2010-01-22  Chris Lalancette  <clalance@redhat.com>

	Remove unused PROC_MOUNT_BUF_LEN #define

2010-01-22  Daniel Veillard  <veillard@redhat.com>

	Update polish translation and regenerate localizations

2010-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Add docs about new mailing list
	* docs/contact.html.in: Document new users mailing list

2010-01-21  Adam Litke  <agl@us.ibm.com>

	domMemoryStats / qemu: Fix parsing of unknown stats
	Fix a small problem with the qemu memory stats parsing algorithm.  If qemu
	reports a stat that libvirt does not recognize, skip past it so parsing can
	continue.  This corrects a potential infinite loop in the parsing code that can
	only be triggered if new statistics are added to qemu.

	* src/qemu/qemu_monitor_text.c: qemuMonitorParseExtraBalloonInfo add a
	  skip for extra ','

2010-01-21  David Allan  <dallan@redhat.com>

	Corrected log level of WWN path message
	* src/node_device/node_device_linux_sysfs.c: open_wwn_file() the
	  VIR_ERROR resllay should be just a VIR_DEBUG

2010-01-21  Daniel Veillard  <veillard@redhat.com>

	Fix an error when looking for devices in syspath
	* src/node_device/node_device_udev.c: udevSetupSystemDev() only print the
	  error message if lookup failed in both DMI_DEVPATH and DMI_DEVPATH_FALLBACK

2010-01-21  Dan Kenigsberg  <danken@redhat.com>

	Allow surrounding whitespace in uuid
	* src/util/uuid.c: extend virUUIDParse to allow leading and trailing
	  spaces in UUIDs

2010-01-21  Jim Meyering  <meyering@redhat.com>

	fix "make distcheck" failure
	* tests/Makefile.am (qemuhelpdata): Add qemu-0.12.1.

	avoid more format-related warnings
	* src/qemu/qemu_conf.c (qemuBuildDriveStr): Use "%s".
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetGuestPCIAddress):
	(qemuMonitorJSONGetGuestDriveAddress): Likewise.

	avoid format-related warnings
	* src/conf/domain_conf.c (virDomainDeviceInfoParseXML): Use "%s".

2010-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix off-by-1 in SCSI drive hotplug
	The loop looking for the controller associated with a SCI drive had
	an off by one, causing it to miss the last controller.

	* src/qemu/qemu_driver.c: Fix off-by-1 in searching for SCSI
	  drive hotplug

	Fix leak in hotplug code in QEMU driver
	The hotplug code in QEMU was leaking memory because although the
	inner device object was being moved into the main virDomainDefPtr
	config object, the outer container virDomainDeviceDefPtr was not.

	 * src/qemu/qemu_driver.c: Clarify code to show that the inner
	   device object is owned by the main domain config upon
	   successfull attach.

	Add configuration option to turn off dynamic permissions management
	Add the ability to turn off dynamic management of file permissions
	for libvirt guests.

	* qemu/libvirtd_qemu.aug: Support 'dynamic_ownership' flag
	* qemu/qemu.conf: Document 'dynamic_ownership' flag.
	* qemu/qemu_conf.c: Load 'dynamic_ownership' flag
	* qemu/test_libvirtd_qemu.aug: Test 'dynamic_ownership' flag

	Fix security driver calls in hotplug cleanup paths
	The hotplug code was not correctly invoking the security driver
	in error paths. If a hotplug attempt failed, the device would
	be left with VM permissions applied, rather than restored to the
	original permissions. Also, a CDROM media that is ejected was
	not restored to original permissions. Finally there was a bogus
	call to set hostdev permissions in the hostdev unplug code

	* qemu/qemu_driver.c: Fix security driver usage in hotplug/unplug

	Add missing call to re-attach host devices if VM startup fails
	If there is a problem with VM startup, PCI devices may be left
	assigned to pci-stub / pci-back. Adding a call to reattach
	host devices in the cleanup path is required.

	* qemu/qemu_driver.c: qemuDomainReAttachHostDevices() when
	  VM startup fails

	Switch QEMU driver over to use the DAC security driver
	Remove all the QEMU driver calls for setting file ownership and
	process uid/gid. Instead wire in the QEMU DAC security driver,
	stacking it ontop of the primary SELinux/AppArmour driver.

	* qemu/qemu_driver.c: Switch over to new DAC security driver

	Introduce a new DAC security driver for QEMU
	This new security driver is responsible for managing UID/GID changes
	to the QEMU process, and any files/disks/devices assigned to it.

	* qemu/qemu_conf.h: Add flag for disabling automatic file permission
	  changes
	* qemu/qemu_security_dac.h, qemu/qemu_security_dac.c: New DAC driver
	  for QEMU guests
	* Makefile.am: Add new files

	Introduce a stacked security driver impl for QEMU
	* qemu/qemu_conf.h: Add securityPrimaryDriver and
	  securitySecondaryDriver fields to 'struct qemud_driver'
	* Makefile.am: Add new files
	* qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A
	  simple stacked security driver

	Pull initial disk labelling out into libvirtd instead of exec hook
	Pulling the disk labelling code out of the exec hook, and into
	libvirtd will allow it to access shared state in the daemon. It
	will also make debugging & error reporting easier / more reliable.

	* qemu/qemu_driver.c: Move initial disk labelling calls up into
	  libvirtd. Add cleanup of disk labels upon failure

	Fix leak of allocated security label
	If a VM fails to start, we can't simply free the security label
	strings, we must call the domainReleaseSecurityLabel() method
	otherwise the reserved 'mcs' level will be leaked in SElinux

	* src/qemu/qemu_driver.c: Invoke domainReleaseSecurityLabel()
	  when domain fails to start

	Refactor setup & cleanup of security labels in security driver
	The current security driver architecture has the following
	split of logic

	 * domainGenSecurityLabel

	    Allocate the unique label for the domain about to be started

	 * domainGetSecurityLabel

	    Retrieve the current live security label for a process

	 * domainSetSecurityLabel

	    Apply the previously allocated label to the current process
	    Setup all disk image / device labelling

	 * domainRestoreSecurityLabel

	    Restore the original disk image / device labelling.
	    Release the unique label for the domain

	The 'domainSetSecurityLabel' method is special because it runs
	in the context of the child process between the fork + exec.

	This is require in order to set the process label. It is not
	required in order to label disks/devices though. Having the
	disk labelling code run in the child process limits what it
	can do.

	In particularly libvirtd would like to remember the current
	disk image label, and only change shared image labels for the
	first VM to start. This requires use & update of global state
	in the libvirtd daemon, and thus cannot run in the child
	process context.

	The solution is to split domainSetSecurityLabel into two parts,
	one applies process label, and the other handles disk image
	labelling. At the same time domainRestoreSecurityLabel is
	similarly split, just so that it matches the style. Thus the
	previous 4 methods are replaced by the following 6 new methods

	 * domainGenSecurityLabel

	    Allocate the unique label for the domain about to be started
	    No actual change here.

	 * domainReleaseSecurityLabel

	   Release the unique label for the domain

	 * domainGetSecurityProcessLabel

	   Retrieve the current live security label for a process
	   Merely renamed for clarity.

	 * domainSetSecurityProcessLabel

	   Apply the previously allocated label to the current process

	 * domainRestoreSecurityAllLabel

	    Restore the original disk image / device labelling.

	 * domainSetSecurityAllLabel

	    Setup all disk image / device labelling

	The SELinux and AppArmour drivers are then updated to comply with
	this new spec. Notice that the AppArmour driver was actually a
	little different. It was creating its profile for the disk image
	and device labels in the 'domainGenSecurityLabel' method, where as
	the SELinux driver did it in 'domainSetSecurityLabel'. With the
	new method split, we can have consistency, with both drivers doing
	that in the domainSetSecurityAllLabel method.

	NB, the AppArmour changes here haven't been compiled so may not
	build.

	Make security drivers responsible for checking dynamic vs static labelling
	The QEMU driver is doing 90% of the calls to check for static vs
	dynamic labelling. Except it is forgetting todo so in many places,
	in particular hotplug is mistakenly assigning disk labels. Move
	all this logic into the security drivers themselves, so the HV
	drivers don't have to think about it.

	* src/security/security_driver.h: Add virDomainObjPtr parameter
	  to virSecurityDomainRestoreHostdevLabel and to
	  virSecurityDomainRestoreSavedStateLabel
	* src/security/security_selinux.c, src/security/security_apparmor.c:
	  Add explicit checks for VIR_DOMAIN_SECLABEL_STATIC and skip all
	  chcon() code in those cases
	* src/qemu/qemu_driver.c: Remove all checks for VIR_DOMAIN_SECLABEL_STATIC
	  or VIR_DOMAIN_SECLABEL_DYNAMIC. Add missing checks for possibly NULL
	  driver entry points.

2010-01-21  David Allan  <dallan@redhat.com>

	Implement support for multi IQN
	Allows the initiator to use a variety of IQNs rather than just the
	system IQN when creating iSCSI pools.
	* docs/schemas/storagepool.rng: extends the syntax with <iqn name="..."/>
	* src/conf/storage_conf.[ch]: read and stores the iqn name
	* src/storage/storage_backend_iscsi.[ch]: implement the IQN selection
	  when detected

2010-01-21  Jiri Denemark  <jdenemar@redhat.com>

	Let make fail when XHTML validation fails

2010-01-21  Laine Stump  <laine@laine.org>

	Fix uses of virFileMakePath
	* src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c
	  src/network/bridge_driver.c src/qemu/qemu_driver.c
	  src/uml/uml_driver.c: virFileMakePath returns 0 for success, or the
	  value of errno on failure, so error checking should be to test
	  if non-zero, not if lower than 0

	Create storage pool directories with proper uid/gid/mode
	Previously the uid/gid/mode in the xml was ignored when creating new
	storage pool directories. This commit attempts to honor the requested
	permissions, and spits out an error if it can't.

	Note that when creating the directory, the rest of the path leading up
	to the final element is created using current uid/gid/mode, and the
	final element gets the settings from xml. It is NOT an error for the
	directory to already exist; in this case, the perms for the existing
	directory are just set (if necessary).

	* src/storage/storage_backend_fs.c: update the virStorageBackendFileSystemBuild
	  function to check the directory hierarchy separately then create the
	  leaf directory with the right attributes

	Create storage volumes directly with desired uid/gid
	In order to avoid problems trying to chown files that were created by
	root on a root-squashing nfs server, fork a new process that setuid's
	to the desired uid before creating the file. (It's only done this way
	if the pool containing the new volume is of type 'netfs', otherwise
	the old method of creating the file followed by chown() is used.)

	This changes the semantics of the "create_func" slightly - previously
	it was assumed that this function just created the file, then the
	caller would chown it to the desired uid. Now, create_func does both
	operations.

	There are multiple functions that can take on the role of create_func:

	createFileDir - previously called mkdir(), now calls virDirCreate().
	virStorageBackendCreateRaw - previously called open(),
	                             now calls virFileCreate().
	virStorageBackendCreateQemuImg - use virRunWithHook() to setuid/gid.
	virStorageBackendCreateQcowCreate - same.
	virStorageBackendCreateBlockFrom - preserve old behavior (but attempt
	                                   chown when necessary even if not root)

	* src/storage/storage_backend.[ch] src/storage/storage_backend_disk.c
	  src/storage/storage_backend_fs.c src/storage/storage_backend_logical.c
	  src/storage/storage_driver.c: change the create_func implementations,
	  also propagate the pool information to be able to detect NETFS ones.

	New utility functions virFileCreate and virDirCreate
	These functions create a new file or directory with the given
	uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
	forking a new process, calling setuid/setgid in the new process, and
	then creating the file. This is better than simply calling open then
	fchown, because in the latter case, a root-squashing nfs server would
	create the new file as user nobody, then refuse to allow fchown.

	If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
	creating the file/dir, then chowning is is used. This gives better
	results in cases where the parent directory isn't on a root-squashing
	NFS server, but doesn't give permission for the specified uid/gid to
	create files. (Note that if the fork/setuid method fails to create the
	file due to access privileges, the parent process will make a second
	attempt using this simpler method.)

	If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
	existing file/directory will not cause an error; in this case, the
	function will simply set the permissions of the file/directory to
	those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
	existing file/directory is considered (and reported as) an error.

	Return from both of these functions is 0 on success, or the value of
	errno if there was a failure.

	* src/util/util.[ch]: add the 2 new util functions

	Add virRunWithHook util function
	* src/util/util.[ch]: similar to virExecWithHook, but waits for child to
	  exit. Useful for doing things like setuid after the fork but before the
	  exec.

2010-01-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	Unset copied environment variables in qemuxml2argvtest
	The test expected all environment variables copied in qemudBuildCommandLine
	to have known values. So all of them have to be either set to a known value
	or be unset. SDL_VIDEODRIVER and QEMU_AUDIO_DRV are not handled at all but
	should be handled. Unset both, otherwise the test will fail if they are set
	in the testing environment.

	* src/qemu/qemu_conf.c: add a comment about copied environment variables
	  and qemuxml2argvtest
	* tests/qemuxml2argvtest.c: unset SDL_VIDEODRIVER and QEMU_AUDIO_DRV

	qemu: Don't allocate zero bytes

2010-01-21  Jim Meyering  <meyering@redhat.com>

	clean-up: remove unnecessary closedir call
	* src/node_device/node_device_linux_sysfs.c (get_virtual_functions_linux):
	Remove unnecessary closedir.  Spotted by Dave Allan.

	node_device_linux_sysfs.c: avoid opendir/fd leak on error path
	* src/node_device/node_device_linux_sysfs.c(get_virtual_functions_linux):
	Don't leak a DIR buffer and file descriptor on error path.

	domain_conf.c: avoid a leak and the need for "cleanup:" block
	* src/conf/domain_conf.c (virDomainChrDefFormat): Plug a leak on
	an error path, and at the same time, eliminate the need for a
	"cleanup:" block.  Before, the "return -1" after the switch
	would leak an "addr" string.  Now, by reversing the port,addr-
	getting blocks we can free "addr" immediately and skip the goto.

2010-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Make all bitfields unsigned ints to avoid unexpected values in casts
	The 'int virInterfaceIsActive()' method was directly returning the
	value of the 'int active:1' bitfield in virIntefaceDefPtr. A bitfield
	with a signed integer, will hold the values 0 and -1, not 0 and +1
	as might be expected. This meant that virInterfaceIsActive() was
	always returning -1 when the interface was active, not +1 & thus all
	callers thought an error had occurred. To protect against this kind
	of mistake again, change all bitfields to be unsigned ints

	* daemon/libvirtd.h, src/conf/domain_conf.h, src/conf/interface_conf.h,
	  src/conf/network_conf.h: Change bitfields to unsigned int.

	Fix QEMU driver custom domain status XML extensions
	Invoking the virConnectGetCapabilities() method causes the QEMU
	driver to rebuild its internal capabilities object. Unfortunately
	it was forgetting to register the custom domain status XML hooks
	again.

	To avoid this kind of error in the future, the code which builds
	capabilities is refactored into one single method, which can be
	called from all locations, ensuring reliable rebuilds.

	* src/qemu/qemu_driver.c: Fix rebuilding of capabilities XML and
	  guarentee it is always consistent

2010-01-20  Jiri Denemark  <jdenemar@redhat.com>

	Document cpu-compare command in virsh man page

	Document <cpu> elements in capabilities and domain XML

2010-01-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: Remove outdated information about remote limitations

2010-01-20  Jim Meyering  <meyering@redhat.com>

	logging: confirm that we want to ignore a write error
	* src/util/logging.c (virLogMessage): Include "ignore-value.h".
	Use it to ignore the return value of safewrite.
	Use STDERR_FILENO, rather than "2".
	* bootstrap (modules): Add ignore-value.
	* gnulib: Update to latest, for ignore-value that is now LGPLv2+.

	xen_driver: don't leak a parsed-config buffer
	* src/xen/xen_driver.c (xenUnifiedDomainXMLFromNative): Also
	free "conf" before returning.

2010-01-20  Laine Stump  <laine@laine.org>

	Update interface.rng and xml test files to match netcf 0.1.5
	The RNG now supports IPv6 and bonds attached to bridges, along with
	some other minor tweaks. All test files from netcf have been copied to
	the test directory and added to the xml2xml and schema tests (and they
	all pass, of course ;-)

	Support bond interfaces attached to bridges in interface xml.
	This was accomplished in xml parsing by doing away with the
	stripped-down virInterfaceBareDef object, and just always using
	virInterfaceDef, but with restrictions in certain places (eg, the type
	of subordinate interface allowed in parsing depends on the parent
	interface).

	xml formatting was similarly adjusted. In addition, the formatting
	functions keep track of the level of interface nesting, and insert
	extra leading spaces on each line accordingly (using %*s).

	The only change in formatted xml from previous (aside frmo supporting
	new combinations of interface types) is that the subordinate ethernet
	interfaces take up 2 lines rather than one, eg:

	   <interface type='ethernet' name='eth0'>
	   </interface>

	instead of:

	   <interface type='ethernet' name='eth0'/>

	Allow empty bridges in interface xml.

	Support delay property in interface bridge xml.

2010-01-20  Jim Meyering  <meyering@redhat.com>

	storage_conf: plug a leak on OOM error path
	* src/conf/storage_conf.c (virStoragePoolSourceListNewSource):
	Free just-allocated "source" upon VIR_REALLOC_N failure.

2010-01-20  Jiri Denemark  <jdenemar@redhat.com>

	Remove superfluous new lines from messages
	I noticed some debug messages are printed with an empty lines after
	them. This patch removes these empty lines from all invocations of the
	following macros:
	    VIR_DEBUG
	    VIR_DEBUG0
	    VIR_ERROR
	    VIR_ERROR0
	    VIR_INFO
	    VIR_WARN
	    VIR_WARN0

	Use pciDeviceIsAssignable in qemu driver

	Tests for ACS in PCIe switches
	New pciDeviceIsAssignable() function for checking whether a given PCI
	device can be assigned to a guest was added. Currently it only checks
	for ACS being enabled on all PCIe switches between root and the PCI
	device. In the future, it could be the right place to check whether a
	device is unbound or bound to a stub driver.

2010-01-19  Daniel Veillard  <veillard@redhat.com>

	Add Jiri Denemark <jdenemar@redhat.com> to commiters

2010-01-19  Jiri Denemark  <jdenemar@redhat.com>

	Allow for CPU topology specification without model
	Currently CPU topology may only be specified together with CPU model:
	    <cpu match='exact'>
	        <model>name</model>
	        <topology sockets='1' cores='2' threads='3'/>
	    </cpu>

	This patch allows for CPU topology specification without the need for
	also specifying CPU model:
	    <cpu>
	        <topology sockets='1' cores='2' threads='3'/>
	    </cpu>

	'match' attribute and 'model' element are made optional with the
	restriction that 'match' attribute has to be set when 'model' is
	present.

	Add debug messages for CPU incompatibility
	When comparing incompatible CPUs, the reason for this incompatibility is
	logged as a debug message.

	Take disabled/forced CPU features into account
	When comparing x86 CPUs, features with 'disabled' policy were mistakenly
	required to be supported by the host CPU.

	Likewise, features with 'force' policy which were supported by host CPU
	would make CPUs incompatible if 'strict' match was used by guest CPU.

	This patch fixes both issues.

	Implement CPU topology support for QEMU driver
	QEMU's command line equivalent for the following domain XML fragment
	    <vcpus>2</vcpus>
	    <cpu ...>
	        ...
	        <topology sockets='1' cores='2', threads='1'/>
	    </cpu>

	is

	    -smp 2,sockets=1,cores=2,threads=1

	This syntax was introduced in QEMU-0.12.

	Version 2 changes:
	- -smp argument build split into a separate function
	- always add ",sockets=S,cores=C,threads=T" to -smp if qemu supports it
	- use qemuParseCommandLineKeywords for command line parsing

	Version 3 changes:
	- ADD_ARG_LIT => ADD_ARG and line reordering in qemudBuildCommandLine
	- rebased

	Enhance qemuParseCommandLineKeywords
	Current version expects name=value,... list and when an incorrect string
	such as "a,b,c=d" would be parsed as "a,b,c" keyword with "d" value
	without reporting any error, which is probably not the expected
	behavior.

	This patch adds an extra argument called allowEmptyValue, which if
	non-zero will permit keywords with no value; "a,b=c,,d=" will be parsed
	as follows:
	    keyword value
	    "a"     NULL
	    "b"     "c"
	    ""      NULL
	    "d"     ""

	In case allowEmptyValue is zero, the string is required to contain
	name=value pairs only; retvalues is guaranteed to contain non-NULL
	pointers. Now, "a,b,c=d" will result in an error.

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Convert VirtIO balloon over to -device syntax
	Replace

	   -balloon virtio

	With

	   -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3

	This allows it to get correct assigned PCI address as declared in
	previous patch

	 * src/qemu/qemu_conf.c: Convert Virtio ballon to -device and
	   give it an explicit PCI address
	 * tests/qemuxml2argvdata/qemuxml2argv-*args: Add in virtio balloon
	   where appropriate

	Auto-assign PCI addresses
	Instead of relying on QEMU to assign PCI addresses and then querying
	them with 'info pci', manually assign all PCI addresses before starting
	the guest.  These addresses are not stable across reboots. That will
	come in a later patch

	NB, the PIIX3 (IDE, FDC, ISA-Bridge) will always have slot 1 and
	VGA will always have slot 2. We declare the Virtio Balloon gets
	slot 3, and then all remaining slots are for configured devices.

	* src/qemu/qemu_conf.c: If -device is supported, then assign all PCI
	  addresses when building the command line
	* src/qemu/qemu_driver.c: Don't query monitor for PCI addresses if
	  they have already been assigned
	* tests/qemuxml2argvdata/qemuxml2argv-hostdev-pci-address-device.args,
	  tests/qemuxml2argvdata/qemuxml2argv-net-virtio-device.args,
	  tests/qemuxml2argvdata/qemuxml2argv-sound-device.args,
	  tests/qemuxml2argvdata/qemuxml2argv-watchdog-device.args: Update
	  to include PCI slot/bus information

	Pass -vga none if no video card specified
	QEMU always configures a VGA card. If no video card is included in
	the libvirt XML, it is neccessary to explicitly turn off the default
	using -vga none

	* src/qemu/qemu_conf.c: Pass -vga none if no video card is configured
	* tests/qemuargv2xmltest.c, tests/qemuxml2argvtest.c: Test for
	  handling -vga none.
	* tests/qemuxml2argvdata/qemuxml2argv-nographics-vga.args,
	  tests/qemuxml2argvdata/qemuxml2argv-nographics-vga.xml: Test
	  data files

	Add support for explicit -sdl flag to QEMU
	Not all QEMU builds default to SDL graphics for their display.
	Newer QEMU now has an explicit -sdl flag, which we can use to
	explicitly request SDL intead of relying on the default. This
	protects libvirt against unexpected changes in graphics default

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Probe for -sdl
	  flag and use it if it is found
	* tests/qemuhelptest.c: Add SDL flag to tests

	Convert guestfwd to -device, and add -sdl explicit args
	The old syntax was

	   -chardev SOMECONFIG
	   -nic user,guestfwd=tcp:IP:PORT-chardev:CHARDEV

	The new syntax is

	   -chardev SOMECONFIG
	   -netdev user,guestfwd=tcp:IP:PORT,chardev=ID,id=user-ID

	Convert PCI device assignment over to -device
	The old syntax is

	  -pcidevice host=BUS:SLOT:FUNCTION

	The new syntax is

	  -device pci-assign,host=BUS:SLOT:FUNCTION,addr=<PCI SLOT>,id=host0

	Convert USB input devices to -device

	Convert USB hostdevices over to -device
	The old syntax was

	   -usbdevice host:PRODUCT:VENDOR

	Or

	   -usbdevice host:BUS.DEV

	The new syntax is

	   -device usb-host,product=PRODUCT,vendor=VENDOR

	Or

	   -device usb-host,hostbus=BUS,hostaddr=DEV

	Convert USB disks over to -device
	The previous syntax was severely limited in its options

	  -usbdevice disk:/home/berrange/output.img

	The new syntax is the same as for other disk types

	  -drive file=/home/berrange/output.img,if=none,id=usb-1,index=1
	  -device usb-storage,drive=usb-1

	Again, the index= arg is wrong here, and will be removed in a
	later merge

	Convert NICs over to use -device & -netdev where possible
	The current syntax uses a pair of args

	   -net nic,macaddr=52:54:00:56:6c:55,vlan=3,model=pcnet,name=pcnet.0
	   -net user,vlan=3,name=user.0

	The new syntax does not  need the vlan craziness anymore, and
	so has a simplified pair of args

	   -netdev user,id=user.0
	   -device pcnet,netdev=user.0,id=pcnet.0,mac=52:54:00:56:6c:55,addr=<PCI SLOT>

	Convert disk drive over to use -device where available
	The current preferred syntax for disk drives uses

	  -drive file=/vms/plain.qcow,if=virtio,index=0,boot=on,format=qcow

	The new syntax splits this up into a pair of linked args

	  -drive file=/vms/plain.qcow,if=none,id=drive-virtio-0,format=qcow2
	  -device virtio-blk-pci,drive=drive-virtio-0,id=virtio-0,addr=<PCI SLOT>

	SCSI/IDE devices also get a bus property linking them to the
	controller

	  -device scsi-disk,drive=drive-scsi0-0-0,id=scsi0-0-0,bus=scsi0.0,scsi-id=0
	  -device ide-drive,drive=drive-ide0-0-0,id=ide0-0-0,bus=ide0,unit=0

	Convert audio devices over to -device syntax
	The current syntax for audio devices is a horrible multiplexed
	arg

	    -soundhw sb16,pcspk,ac97

	The new syntax is

	    -device sb16,id=sound0

	or

	    -device AC97,id=sound1,addr=<PCI SLOT>

	NB, pcspk still uses the old -soundhw syntax

	Convert watchdog to -device
	The current syntax for watchdogs is

	    -watchdog i6300esb

	The new syntax will now be

	    -device i6300esb,id=watchdogNN,addr=<PCI-SLOT>

	Convert character devices over to use -device
	The current character device syntax uses either

	  -serial tty,path=/dev/ttyS2

	Or

	  -chardev tty,id=serial0,path=/dev/ttyS2 -serial chardev:serial0

	With the new -device support, we now prefer

	  -chardev file,id=serial0,path=/tmp/serial.log -device isa-serial,chardev=serial0

	This patch changes the existing -chardev syntax to use this new
	scheme, and fallbacks to the old plain -serial syntax for old
	QEMU.

	The monitor device changes to

	  -chardev socket,id=monitor,path=/tmp/test-monitor,server,nowait -mon chardev=monitor

	In addition, this patch adds --nodefaults, which kills off the
	default serial, parallel, vga and nic devices. THis avoids the
	need for us to explicitly turn each off

	Assign device aliases for all devices at startup
	When starting a guest, give every device a unique alias. This will
	be used for the 'id' parameter in -device args in later patches.
	It can also be used to uniquely identify devices in the monitor

	For old QEMU without -device, assign disk names based on QEMU's
	historical naming scheme.

	* src/qemu/qemu_conf.c: Assign unique device aliases
	* src/qemu/qemu_driver.c: Remove obsolete qemudDiskDeviceName
	  and use the device alias in eject & blockstats commands

2010-01-18  Jim Meyering  <meyering@redhat.com>

	storage_backend_fs.c: do not ignore probe failure
	* src/storage/storage_backend_fs.c (virStorageBackendFileSystemRefresh):
	Correct parentheses.  The documented intent is to ignore non-regular
	files, yet due to a parenthesization error all errors were handled
	that way.

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Probe for -device and use -nodefaults
	Probe for the new -device flag and if available set the -nodefaults
	flag, instead of using -net none, -serial none or -parallel none.
	Other device types will be converted to use -device in later patches.
	The -nodefaults flag will help avoid unwelcome surprises from future
	QEMU releases

	* src/qemu/qemu_conf.c: Probe for -device. Add -nodefaults flag.
	  Remove -net none, -serial none or -parallel none
	* src/qemu/qemu_conf.h: Define QEMU_CMD_FLAG_DEVICE
	* tests/qemuhelpdata/qemu-0.12.1: New data file for 0.12.1 QEMU
	* tests/qemuhelptest.c: Test feature extraction from 0.12.1 QEMU

	Add device info to serial, parallel, channel, input & fs devices
	Although the serial, parallel, chanel, input & fs devices do
	not have PCI address info, they can all have device aliases.
	Thus it neccessary to associate the virDomainDeviceInfo data
	with them all.

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Add hooks for
	  parsing / formatting device info for serial, parallel, channel
	  input and fs devices.
	* docs/schemas/domain.rng: Associate device info with character
	  devices, input & fs device

	Introduce device aliases
	This patch introduces the support for giving all devices a short,
	unique name, henceforth known as a 'device alias'.  These aliases
	are not set by the end user, instead being assigned by the hypervisor
	if it decides it want to support this concept.

	The QEMU driver sets them whenever using the -device arg syntax
	and uses them for improved hotplug/hotunplug. it is the intent
	that other APIs (block / interface stats & device hotplug) be
	able to accept device alias names in the future.

	The XML syntax is

	   <alias name="video0"/>

	This may appear in any type of device that supports device info.

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Add a 'alias'
	  field to virDomainDeviceInfo struct & parse/format it in XML
	* src/libvirt_private.syms: Export virDomainDefClearDeviceAliases
	* src/qemu/qemu_conf.c: Replace use of "nic_name" field with the
	  standard device alias
	* src/qemu/qemu_driver.c: Clear device aliases at shutdown

	Clear assigned PCI devices at shutdown
	The PCI device addresses are only valid while the VM is running,
	since they are auto-assigned by QEMU. After shutdown they must
	all be cleared. Future QEMU driver enhancement will allow for
	persistent PCI address assignment

	* src/conf/domain_conf.h, src/conf/domain_conf.c, src/libvirt_private.syms
	  Add virDomainDefClearPCIAddresses() method for wiping out auto assigned
	  PCI addresses
	* src/qemu/qemu_driver.c: Clear PCI addresses at VM shutdown

	Auto-add disk controllers based on defined disks
	Existing applications using libvirt are not aware of the disk
	controller concept. Thus, after parsing the <disk> definitions
	in the XML, it is neccessary to create <controller> elements
	to satisfy all requested disks, as per their defined drive
	addresses

	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/libvirt_private.syms: Add virDomainDefAddDiskControllers()
	  method for populating disk controllers, and call it after
	  parsing disk definitions.
	* src/qemu/qemu_conf.c: Call virDomainDefAddDiskControllers()
	  when doing ARGV -> XML conversion
	* tests/qemuxml2argvdata/qemuxml2argv*.xml: Add disk controller
	  data to all data files which don't have it already

	Avoid free'ing a constant string in chardev lookup code
	 * src/qemu/qemu_monitor_text.c: Don't free const string in
	   qemuMonitorTextGetPtyPaths()

	Remove restriction on duplicated sound devices in parser
	It is perfectly acceptable to have multiple sound devices of
	same type in guest configuration. If the underlying hypervisor
	does not like this, it is its job to complain, not the XML
	parser's

	* src/conf/domain_conf.c: Remove hack which deleted duplicated
	  sound device models.
	* tests/xml2sexprdata/xml2sexpr-fv-sound.xml: Remove duplicate
	  models

	Detect PCI addresses at QEMU startup
	Hotunplug of devices requires that we know their PCI address. Even
	hotplug of SCSI drives, required that we know the PCI address of
	the SCSI controller to attach the drive to. We can find this out
	by running 'info pci' and then correlating the vendor/product IDs
	with the devices we booted with.

	Although this approach is somewhat fragile, it is the only viable
	option with QEMU < 0.12, since there is no way for libvirto set
	explicit PCI addresses when creating devices in the first place.
	For QEMU > 0.12, this code will not be used.

	* src/qemu/qemu_driver.c: Assign all dynamic PCI addresses on
	  startup of QEMU VM, matching vendor/product IDs
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  API for fetching PCI device address mapping

	Properly support SCSI drive hotplug
	The current SCSI hotplug support attaches a brand new SCSI controller
	for every disk. This is broken because the semantics differ from those
	used when starting the VM initially. In the latter case, each SCSI
	controller is filled before a new one is added.

	If the user specifies an high drive index (sdazz) then at initial
	startup, many intermediate SCSI controllers may be added with no
	drives.

	This patch changes SCSI hotplug so that it exactly matches the
	behaviour of initial startup. First the SCSI controller number is
	determined for the drive to be hotplugged. If any controller upto
	and including that controller number is not yet present, it is
	attached. Then finally the drive is attached to the last controller.

	NB, this breaks SCSI hotunplug, because there is no 'drive_del'
	command in current QEMU. Previous SCSI hotunplug was broken in
	any case because it was unplugging the entire controller, not
	just the drive in question.

	A future QEMU will allow proper SCSI hotunplug of a drive.

	This patch is derived from work done by Wolfgang Mauerer on disk
	controllers.

	* src/qemu/qemu_driver.c: Fix SCSI hotplug to add a drive to
	 the correct controller, instead of just attaching a new
	  controller.
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  support for 'drive_add' command

2010-01-18  Wolfgang Mauerer  <wolfgang.mauerer@siemens.com>

	Implement SCSI controller hotplug/unplug for QEMU
	This patch allows for explicit hotplug/unplug of SCSI controllers.
	Ordinarily this is not required, since QEMU/libvirt will attach
	a new SCSI controller whenever one is required. Allowing explicit
	hotplug of controllers though, enables the caller to specify a
	static PCI address, instead of auto-assigning the next available
	PCI slot. Or it will when we have static PCI addressing.

	This patch is derived from Wolfgang Mauerer's disk controller
	patch series.

	* src/qemu/qemu_driver.c: Support hotplug & unplug of SCSI
	  controllers
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  new API for attaching PCI SCSI controllers

2010-01-18  Jim Meyering  <meyering@redhat.com>

	vbox_tmpl.c: remove useless array-is-non-NULL comparisons
	* src/vbox/vbox_tmpl.c (vboxStorageVolDelete): Remove always-true
	array-is-non-NULL test.  git grep 'key\[.*\];'|grep -F .h
	src/datatypes.h:    char key[PATH_MAX];
	(vboxStorageVolGetInfo): Likewise.
	(vboxStorageVolGetXMLDesc): Likewise.
	(vboxStorageVolGetPath): Likewise.
	(vboxDomainDefineXML): Likewise. (but now with "mac[]")

	lxc_driver: remove useless comparison
	* src/lxc/lxc_driver.c (lxcSetupInterfaces): Remove always-true
	array-is-non-NULL test.  git grep 'mac\[.*\];'|grep -F .h
	src/conf/domain_conf.h:    unsigned char mac[VIR_MAC_BUFLEN];

	build: update gnulib submodule to latest

	gnulib added a new syntax-check test: use $(VAR), not @VAR@
	The latter is not officially "wrong", but *is* terribly anachronistic.
	I think automake documentation or comments call that syntax obsolescent.
	* cfg.mk (_makefile_at_at_check_exceptions): Exempt @SCHEMADIR@
	and @SYSCONFDIR@ uses -- there are no Makefile variables for those.
	* docs/Makefile.am: Use $(INSTALL), not @INSTALL@.
	* examples/dominfo/Makefile.am: Similar.
	* examples/domsuspend/Makefile.am: Similar.
	* proxy/Makefile.am: Similar.
	* python/Makefile.am: Similar.
	* python/tests/Makefile.am: Similar.
	* src/Makefile.am: Similar.
	* tests/Makefile.am: Similar.

	storage_backend.h: include required headers
	* src/storage/storage_backend.h: Include <stdint.h>.

	esx_vi_types.c: include required headers
	* src/esx/esx_vi_types.c: Include <stdint.h>.

	vbox: include required headers
	* src/vbox/vbox_driver.c: Include <stdint.h> <unistd.h> <sys/types.h>.

	cpu_x86_data.h: include required header
	* src/cpu/cpu_x86_data.h: Include <stdint.h>.

	util.c: include required header, no longer masked by gnulib
	Until recently, some gnulib-generated replacement headers
	included *other* headers that were not strictly necessary,
	thus masking the need in this file for an explicit <stdlib.h>.
	* src/util/util.c: Include <stdlib.h> for declarations of e.g.,
	strtol, random_r, getenv, etc.

2010-01-18  Jiri Denemark  <jdenemar@redhat.com>

	Use closest CPU model when decoding from CPUID
	Current implementation of x86Decode() used for CPUID -> model+features
	translation does not always select the closest CPU model. When walking
	through all models from cpu_map.xml the function considers a new
	candidate as a better choice than a previously selected candidate only
	if the new one is a superset of the old one. In case the new candidate
	is closer to host CPU but lacks some feature comparing to the old
	candidate, the function does not choose well.

	This patch changes the algorithm so that the closest model is always
	selected. That is, the model which requires the lowest number of
	additional features to describe host CPU.

2010-01-18  Diego Elio Pettenò  <flameeyes@gmail.com>

	Change detection of xen so that it's actually automatic rather than forced.
	This ensures that ./configure will work fine if xen development packages
	are not around, rather than fail. When passing ./configure --with-xen, the
	lack of xen development packages become fatal.

	Standardise ./configure --help options reporting.
	Always use AC_HELP_STRING for the help text for options at ./configure,
	so that the output is properly aligned.

	Use proper quadrigraphs for outputting the brackets.

	Always use autoconf-style [default=$foo] output to state the default, both
	where it was stated before and where it wasn't.

	This time, include Matthias Bolte notes regarding defaults, and removing
	PFX specification from phyp.

2010-01-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Use log output for pty assignment if 'info chardev' is unavailable
	qemudFindCharDevicePTYsMonitor reports an error if 'info chardev' didn't
	provide information for a requested device, even if the log output parsing
	had found the pty path for that device. This makes pty assignment fail for
	older QEMU/KVM versions. For example KVM 72 on Debian doesn't support
	'info chardev', so qemuMonitorTextGetPtyPaths cannot parse any useful
	information and the hash for device-id-to-pty-path mapping stays empty.

	Make qemudFindCharDevicePTYsMonitor report an error only if the log output
	parsing and the 'info chardev' parsing failed to provide the pty path.

	esx: Add VNC support
	* src/conf/domain_conf.c: add defaults for the video device
	* src/esx/esx_vmx.[ch]: add VNC support to the VMX handling
	* tests/vmx2xmltest.c, tests/xml2vmxtest.c: add tests for the VNC support

	esx: Make the domain part of the hostname optional
	Before the driver assumed that there is always a domain part. That's
	not true. Now the domain part is handled as optional.

	esx: Add stubs for secondary driver types
	This stops libvirt from probing for a libvirtd on the ESX server and
	sets the base for the implementation of the secondary drivers.

2010-01-18  David Jorm  <dfj@dfj.bne.redhat.com>

	BZs 528709 548485

2010-01-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix validation of news.html

2010-01-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix build of Xen proxy daemon
	* src/conf/domain_conf.c: Allow virDomainDeviceInfoIsSet,
	  virDomainDeviceInfoClear & virDomainDeviceInfoFormat when
	  building Xen proxy

	Remove obsolete comment in QEMU JSON code
	* src/qemu/qemu_monitor_json.c: We fill in the PCI function number
	   now, so remove obsolete XXX comment

	Specify bus/unit instead of index for disks with QEMU
	The current code for using -drive simply sets the -drive 'index'
	parameter. QEMU internally converts this to bus/unit depending
	on the type of drive. This does not give us precise control over
	the bus/unit assignment though. This change switches over to make
	libvirt explicitly calculate the bus/unit number.

	In addition bus/unit/index are actually irrelevant for VirtIO
	disks, since each virtio disk is a separate PCI device. No disk
	controller is involved.

	Doing the conversion to bus/unit in libvirt allows us to correctly
	attach SCSI controllers when required.

	* src/qemu/qemu_conf.c: Specify bus/unit instead of index for
	  disks
	* tests/qemuxml2argvdata/qemuxml2argv-disk*.args: Switch over from
	  using index=NNNN, to bus=NN, unit=NN for SCSI/IDE/Floppy disks

	Split code for building QEMU -drive arg in separate method
	To enable it to be called from multiple locations, split out
	the code for building the -drive arg string. This will be needed
	by later patches which do drive hotplug, the conversion to use
	-device, and the conversion to controller/bus/unit addressing

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Add qemuBuildDriveStr
	  for building -drive arg string

	Convert monitor over to use virDomainDeviceAddress
	Convert the QEMU monitor APIs over to use virDomainDeviceAddress
	structs for passing addresses in/out, instead of individual bits.
	This makes the number of parameters smaller & easier to deal with.
	No functional change

	* src/qemu/qemu_driver.c, src/qemu/qemu_monitor.c,
	  src/qemu/qemu_monitor.h, src/qemu/qemu_monitor_text.c,
	  src/qemu/qemu_monitor_text.h: Change monitor hotplug APIs to
	  take an explicit address ptr for all host/guest addresses

2010-01-16  Jim Fehlig  <jfehlig@novell.com>

	Minor fixes for API extension doc
	Update the API Extensions doc to reflect new source directory layout.

2010-01-16  Wolfgang Mauerer  <wolfgang.mauerer@siemens.com>

	Add new domain device: "controller"
	This augments virDomainDevice with a <controller> element
	that is used to represent disk controllers (e.g., scsi
	controllers). The XML format is given by

	  <controller type="scsi" index="<num>">
	     <address type="pci" domain="0xNUM" bus="0xNUM" slot="0xNUM"/>
	  </controller>

	where type denotes the disk interface (scsi, ide,...), index
	is an integer that identifies the controller for association
	with disks, and the <address> element specifies the controller
	address on the PCI bus as described in previous commits
	The address element can be omitted; in this case, an address
	will be assigned automatically.

	Most of the code in this patch is from Wolfgang Mauerer's
	previous disk controller series

	 * docs/schemas/domain.rng: Define syntax for <controller>
	   XML element
	 * src/conf/domain_conf.c, src/conf/domain_conf.h: Define
	   virDomainControllerDef struct, and routines for parsing
	   and formatting XML
	* src/libvirt_private.syms: Add virDomainControllerInsert
	   and virDomainControllerDefFree

2010-01-16  Daniel P. Berrange  <berrange@redhat.com>

	Set default disk controller/bus/unit props
	When parsing the <disk> element specification, if no <address>
	is provided for the disk, then automatically assign one based on
	the <target dev='sdXX'/> device name. This provides for backwards
	compatability with existing applications using libvirt, while also
	allowing new apps to have complete fine grained control.

	* src/conf/domain_conf.h, src/conf/domain_conf.c,
	  src/libvirt_private.syms: Add virDomainDiskDefAssignAddress()
	  for assigning a controller/bus/unit address based on disk target
	* src/qemu/qemu_conf.c: Call virDomainDiskDefAssignAddress() after
	  generating XML from ARGV
	* tests/qemuxml2argvdata/*.xml: Add in drive address information
	  to all XML files

	Add address info to sound, video and watchdog devices
	Add the virDomainDeviceAddress information to the sound, video
	and watchdog devices. This means all of them gain the new XML
	element

	  <address .... />

	This brings them upto par with disk/net/hostdev devices which
	already have address info

	* src/conf/domain_conf.h: Add virDomainDeviceAddress to sound,
	  video & watchdog device struts.
	* src/conf/domain_conf.c: Hook up parsing/formatting for
	  virDomainDeviceAddress in sound, video & watchdog devices
	* docs/schemas/domain.rng: Associate device address info
	  with sound, video & watchdog

	Extend the virDomainDeviceAddress struture to allow disk controller addresses
	Introduce a new structure

	      struct _virDomainDeviceDriveAddress {
	        unsigned int controller;
	        unsigned int bus;
	        unsigned int unit;
	      };

	and plug that into virDomainDeviceAddress and generates XML that
	looks like

	  <address type='drive' controller='1' bus='0' unit='5'/>

	This syntax will be used by the QEMU driver to explicitly control
	how drives are attached to the bus

	* src/conf/domain_conf.h, src/conf/domain_conf.c: Parsing and
	  formatting of drive addresses
	* docs/schemas/domain.rng: Define new address format for drives

	Introduce a standardized data structure for device addresses
	All guest devices now use a common device address structure
	summarized by:

	  enum virDomainDeviceAddressType {
	    VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE,
	    VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI,
	  };

	  struct _virDomainDevicePCIAddress {
	    unsigned int domain;
	    unsigned int bus;
	    unsigned int slot;
	    unsigned int function;
	  };

	  struct _virDomainDeviceInfo {
	    int type;
	    union {
	        virDomainDevicePCIAddress pci;
	    } addr;
	  };

	This replaces the anonymous structs in Disk/Net/Hostdev data
	structures. Where available, the address is *always* printed
	in the XML file, instead of being hidden in the internal state
	file.

	  <address type='pci' domain='0x0000' bus='0x1e' slot='0x07' function='0x0'/>

	The structure definition is based on Wolfgang Mauerer's disk
	controller patch series.

	* docs/schemas/domain.rng: Define the <address> syntax and
	  associate it with disk/net/hostdev devices
	* src/conf/domain_conf.h, src/conf/domain_conf.c,
	  src/libvirt_private.syms: APIs for parsing/formatting address
	  information. Also remove the QEMU specific 'pci_addr' attributes
	* src/qemu/qemu_driver.c: Replace use of 'pci_addr' attrs with
	  new standardized format.

	Make test suite output less verbose
	Only print out '.' for each test case, full test output can be
	re-enabled with VIR_TEST_VERBOSE=1, or VIR_TEST_DEBUG=XXXX

	Sample output now looks like

	  TEST: statstest
	        ........................................ 40
	        ...................................      75  OK
	  PASS: statstest
	  TEST: qparamtest
	        ................................         32  OK
	  PASS: qparamtest
	  TEST:
	        ............                             12  OK

2010-01-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix compilation of virt-aa-helper.c
	Commit 5073aa994af460e775cb3e548528e28d7660fcc8 added an additional
	'}' to a case block that messed up the block structure of the get_files
	function.

2010-01-15  Jim Meyering  <meyering@redhat.com>

	xen: do not report a write-to-Xen-daemon failure as a read failure
	* src/xen/xend_internal.c (wr_sync): Correct the diagnostic.

2010-01-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix linkage of virt-aa-helper to libgnu.a

2010-01-14  Cole Robinson  <crobinso@redhat.com>

	util: Make sure virExec hook failures are raised
	With the introduction virDispatchError, hook function errors are
	never sent through the error callback, so users will never see
	these messages.

	Fix this by calling virDispatchError after hook failure.

	Implement path lookup for USB by vendor:product
	Based off how QEMU does it, look through /sys/bus/usb/devices/* for
	matching vendor:product info, and if found, use info from the surrounding
	files to build the device's /dev/bus/usb path.

	This fixes USB device assignment by vendor:product when running qemu
	as non-root (well, it should, but for some reason I couldn't reproduce
	the failure people are seeing in [1], but it appears to work properly)

	[1] https://bugzilla.redhat.com/show_bug.cgi?id=542450

	daemon: Don't blindly unregister domain events
	The daemon will attempt to unregister domain events on client disconnect,
	even if no events were ever registered. This raises an unneeded error.

	Track in the qemu_client structure if events have been registered, and
	check this when performing cleanup.

	daemon: Fix various error reporting issues
	Many node device calls weren't properly relaying error messages, and
	domain event registeration was not checking for error.

	events: Report errors on failure

2010-01-13  Cole Robinson  <crobinso@redhat.com>

	node_device: udev: Fix memory leak
	We are setting the same property two different ways without
	free'ing in between. Just drop the second assignment.

	node_device: udev: Enumerate floppy devices
	There are quite a few differences between how udev exposes legacy
	and USB floppy devs, but this patch takes care of both variants.

	node_device: udev: Use base 16 for product/vendor
	udev doesn't prefix USB product/vendor info with '0x', so the
	strtol conversions were wrong for the product field (vendor already
	set the correct base). Make the change for PCI product/vendor as
	well to be safe.

	This fixes USB device assignment via virt-manager.

	util: Remove logging handlers in virExec
	This allows debug statements and raised errors in hook functions to
	actually be logged somewhere (stderr). Users can enable debugging in the
	daemon and now see more info in /var/log/libvirt/...

2010-01-13  Jim Fehlig  <jfehlig@novell.com>

	Fix migration in xend driver
	Upstream xen has changed parameters to the migration operation
	several times over the past 18 months.  Changeset 17553 removed
	the resouce parameter,  Changesets 17709, 17753, and 20326 added
	ssl, node, and change_home_server parameters respectively.

	Fortunately, testing has revealed that xend will fail the
	operation if a parameter is missing but happily honor it if
	unknown parameters are provided.  Thus all currently supported
	parameters can be provided, satisfying current xend but not
	regressing older versions.

2010-01-13  Cole Robinson  <crobinso@redhat.com>

	Commit bootstrap .gitignore additions

2010-01-12  Cole Robinson  <crobinso@redhat.com>

	qemu: Disable errors in qemudShutdownVMDaemon

	libvirt.c: Preserve MigratePerform failure

	qemu: migrate: Save MigratePerform error in MigrateFinish.
	This way we won't squash the original error report in
	MigratePerform, as is done for P2P and Tunneled migration.

	virterror: Add virSetError
	Can be used to re-set an old error, which may have been squashed by
	other functions (like cleanup routines). Will be used in subsequent patches

2010-01-12  Daniel P. Berrange  <berrange@redhat.com>

	Ensure error handling callback functions are called from safe context
	The virRaiseErrorFull() may invoke the error handler callback
	functions an application has registered. This is not good
	because the connection object may not be available at this
	point, and the caller may be holding locks. This creates a
	problem if the error handler calls back into libvirt.

	The solutuon is to move invocation of the handler into the
	final cleanup code in the public API entry points, where it
	is guarenteed to have safe state.

	* src/libvirt.c: Invoke virDispatchError() in all error paths
	* src/util/virterror.c: Remove virSetConnError/virSetGlobalError,
	  replacing with virDispatchError(). Move invocation of the
	  error callbacks into virDispatchError() instead of the
	  virRaiseErrorFull function which is not in a safe context

	Revert 7aee22939f7f67a60e24472e5acc40b3b5b9d152
	Revert commit 7aee22939f7f67a60e24472e5acc40b3b5b9d152 since it
	is mistakenly adding an extra parameter to virsh that does not
	belong there.

2010-01-12  David Jorm  <dfj@dfj.bne.redhat.com>

	cpu_shares parameter limit documented

2010-01-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	Document the domain XML cache attribute for disk devices

	qemu: Fix a memory leak in qemudExtractTTYPath
	qemudWaitForMonitor calls qemudReadLogOutput with qemudFindCharDevicePTYs
	as callback. qemudFindCharDevicePTYs calls qemudExtractTTYPath to assign
	a string to chr->data.file.path. Afterwards qemudWaitForMonitor may call
	qemudFindCharDevicePTYsMonitor that overwrites chr->data.file.path without
	freeing the old value. This results in leaking the memory allocated by
	qemudExtractTTYPath.

	Report an OOM error if the strdup in qemudFindCharDevicePTYsMonitor fails.

2010-01-11  Guido Günther  <agx@sigxcpu.org>

	Also look for dmi information in /sys/class
	older kernels such as 2.6.26 have it there.

2010-01-11  Laine Stump  <laine@laine.org>

	Fix UUID random generator to use /dev/random
	Only use pseudo-random generator for uuid if using /dev/random fails.
	* src/util/uuid.c: The original code. would only print the warning
	  message if using /dev/random failed, but would still go ahead and call
	  virUUIDGeneratePseudoRandomBytes in all cases anyway.

2010-01-09  Jim Meyering  <meyering@redhat.com>

	avoid another "make distcheck" failure
	* docs/Makefile.am (uninstall-local): Separate $$f from preceding
	dir name with a "/" and use $$(basename $$f) rather than $$f, since
	some values of $$f are prefixed with devhelp/.

	avoid newly-introduced test failure
	* tests/qemuxml2argvdata/qemuxml2argv-hugepages.args: Update
	expected output to match, now that we use -mem-prealloc.

	proxy_internal.c: mark "request" parameter as nonnull
	* src/xen/proxy_internal.c (xenProxyCommand): Mark "request"
	as an always-non-NULL parameter.

	don't test "res == NULL" after we've already dereferenced "res"
	* src/xen/proxy_internal.c (xenProxyCommand): "res" is known to be
	non-NULL at that point, so remove the "res == NULL" guard.

	fix 7 "make check" test failures in non-srcdir build
	* tests/capabilityschematest: Define and use $srcdir.
	* tests/domainschematest: Likewise.
	* tests/interfaceschematest: Likewise.
	* tests/networkschematest: Likewise.
	* tests/nodedevschematest: Likewise.
	* tests/storagepoolschematest: Likewise.
	* tests/storagevolschematest: Likewise.

2010-01-09  Jim Meyering  <jim@meyering.net>

	let "configure --disable-shared" work once again
	Without this change, ./autogen.sh --disable-shared && make would
	evoke a "can not build a shared library" failure for libvirtmod.la
	due to the new use of libtool's -shared link option in
	python/Makefile.am.  Now, --disable-shared also
	disables building python.

	* configure.in: Make --disable-shared imply --without-python and
	silently override --with-python.
	Improved by: Diego Elio Pettenò <flameeyes@gmail.com>

2010-01-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Dump the raw response in case of an SOAP fault
	Currently only the faultcode and faultstring are deserialized, the
	detail part is ignored. The implementation of many new SOAP types
	would be necessary to deserialize the detail part correctly. As an
	intermediate solution the raw response is dumped to the debug log.

	esx: Warn if the ESX server is in maintenance mode

	Replace old CVS references with GIT

2010-01-08  Daniel Veillard  <veillard@redhat.com>

	Qemu: ask for memory preallocation with large pages
	The -mem-prealloc flag should be used when using large pages
	This ensures qemu tries to allocate all required memory immediately,
	rather than when first used. The latter mode will crash qemu
	if hugepages aren't available when accessed, while the former
	should gracefully fallback to non-hugepages.

	* src/qemu/qemu_conf.c: add -mem-prealloc flag to qemu command line
	  when using large pages

2010-01-08  Jim Fehlig  <jfehlig@novell.com>

	xen hypervisor: xen domctl version 6
	xen-unstable c/s 20685 changed the domctl interface, adding a field to
	xen_domctl_getdomaininfo structure.  This additional field causes stack
	corruption in libvirt.  xen-unstable c/s 20711 rightly bumped the domctl
	interface version so it is at least possible to handle the new field.
	This change accounts for shr_pages field added to xen_domctl_getdomaininfo
	structure.

2010-01-07  Jim Meyering  <meyering@redhat.com>

	network/bridge_driver.c: avoid potential NULL-dereference
	* src/network/bridge_driver.c (networkBuildDnsmasqArgv): Correct
	test for NULL *argv.

2010-01-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	virsh: Use VIR_FREE instead of free
	virsh uses other parts of the internal API already, so use VIR_FREE also.

	virsh: Add persistent history using libreadline

	esx: Fix 'vpx' MAC address range and allow arbitrary MAC addresses
	The MAC addresses with 00:50:56 prefix are split into several ranges:

	  00:50:56:00:00:00 - 00:50:56:3f:ff:ff  'static' range (manually assigned)
	  00:50:56:80:00:00 - 00:50:56:bf:ff:ff  'vpx' range (assigned by a VI Client)

	Erroneously the 'vpx' range was assumed to be larger and to occupy the
	remaining addresses of the 00:50:56 prefix that are not part of the 'static'
	range.

	00:50:56 was used as prefix for generated MAC addresses, this is not possible
	anymore, because there are gaps in the allowed ranges. Therefore, change the
	prefix to 00:0c:29 which is the prefix for auto generated MAC addresses anyway.

	Allow arbitrary MAC addresses to be used and set the checkMACAddress VMX option
	to false in case the MAC address doesn't fall into any predefined range.

	* docs/drvesx.html.in: update website accordingly
	* src/esx/esx_driver.c: set the auto generation prefix to 00:0c:29
	* src/esx/esx_vmx.c: fix MAC address range handling and allow arbitrary MAC
	  addresses
	* tests/vmx2xml*, tests/xml2vmx*: add some basic MAC address range tests

	esx: Fix deserialization for VI API calls CancelTask and UnregisterVM

	esx: Fix and improve the libcurl debug callback
	The data passed to the callback is not guaranteed to be zero terminated,
	take care of that by coping the data and adding a zero terminator.

	Also dump the data for other types than CURLINFO_TEXT.

	Set CURLOPT_VERBOSE to 1 so the debug callback is called when enabled.

	esx: Don't warn about an empty URI path

	esx: Also allow virtualHW version 4 for ESX 4.0
	A domain with virtualHW version 4 is allowed on an ESX 4.0 server.
	If a domain is migrated from an ESX 3.5 server to an ESX 4.0 server
	then the virtualHW version stays the same. So a ESX 4.0 server can
	host domains with virtualHW version 4.

	Don't free an uninitalized pointer in update_driver_name()
	This invalid free results in heap corruption. Some symptoms I saw
	because of this were libvirtd crashing and virt-manager hanging
	while trying to enumerate devices.

2010-01-07  Jim Meyering  <meyering@redhat.com>

	xend_internal: don't let invalid input provoke NULL dereference
	* src/xen/xend_internal.c (xenDaemonOpen_unix): Do not dereference
	a NULL "conn".  Move first deref to follow the "conn == NULL" test.

2010-01-07  Adam Litke  <agl@us.ibm.com>

	qemu: Always enable the virtio balloon driver
	The behavior for the qemu balloon device has changed.  Formerly, a virtio
	balloon device was provided by default.  Now, '-balloon virtio' must be
	specified on the command line to enable it.  This patch causes libvirt to
	add '-balloon virtio' to the command line whenever the -balloon option is
	available.
	* src/qemu/qemu_conf.c src/qemu/qemu_conf.h: check for the new flag and
	  add "-baloon vitio" to qemu command when needed
	* tests/qemuhelptest.c: add the new flag for detection

2010-01-07  David Allan  <dallan@redhat.com>

	Don't update vol details after build
	This patch removes the call to vol update after the volume build completes.
	The update call is currently meaningless anyway because the vol build is passed
	a copy of the definition, so the update result is thrown away.  More
	importantly, if the user specified a selinux label for the volume, the update
	call results in a double free of the label
	* src/storage/storage_backend_fs.c: remove the update call

2010-01-07  Diego Elio Pettenò  <flameeyes@gmail.com>

	Disable building of static Python module
	* python/Makefile.am: python modules are loaded at runtime so the static
	  version is not needed, avoid building it

2010-01-07  Matthew Booth  <mbooth@redhat.com>

	Fix parsing of 'info chardev' line endings
	This change makes the 'info chardev' parser ignore any trailing
	whitespace on a line. This fixes a specific problem handling a '\r\n'
	line ending.

	* src/qemu/qemu_monitor_text.c: Ignore trailing whitespace in
	  'info chardev' output.

2010-01-06  Jim Meyering  <meyering@redhat.com>

	vbox_tmpl.c: don't leak a domain pointer upon failure to create
	* src/vbox/vbox_tmpl.c (vboxDomainCreateXML): "Unref" the domain
	upon failure.  Patch by Matthias Bolte.

	vbox_tmpl.c: avoid NULL deref upon vboxDomainCreateXML failure
	* src/vbox/vbox_tmpl.c (vboxDomainCreateXML): Don't call
	vboxDomainUndefine on a NULL "dom".

	qemu_driver.c: remove useless, warning-provoking test
	* src/qemu/qemu_driver.c (qemudDomainMigratePrepare2): Remove useless
	test of always-non-NULL uri_out parameter.  Use ATTRIBUTE_NONNULL to
	inform tools.

	qemu_driver.c: avoid NULL dereference upon disk-op failure
	* src/qemu/qemu_driver.c (qemudDomainAttachDevice): Call
	virCgroupDenyDevicePath only if cgroup is non-NULL.

2010-01-05  Jim Meyering  <meyering@redhat.com>

	openvz_conf.c: don't dereference NULL upon failure
	* src/openvz/openvz_conf.c (openvzLoadDomains): Avoid NULL deref
	of "dom".

2009-12-28  Matthias Bolte  <matthias.bolte@googlemail.com>

	Distribute vmx2xml and xml2vmx test data files

2009-12-24  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.7.5

2009-12-23  Daniel Veillard  <veillard@redhat.com>

	Update and regenerate localizations
	upate of as.po bn_IN.po de.po es.po gu.po hi.po kn.po ml.po mr.po or.po
	pa.po pl.po ru.po ta.po te.po zh_CN.po and regeneration

2009-12-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	The secret driver is stateful, link it directly to libvirtd
	All other stateful drivers are linked directly to libvirtd
	instead of libvirt.so. Link the secret driver to libvirtd too.

	* daemon/Makefile.am: link the secret driver to libvirtd
	* daemon/libvirtd.c: add #ifdef WITH_SECRETS blocks
	* src/Makefile.am: don't link the secret driver to libvirt.so
	* src/libvirt_private.syms: remove the secretRegister symbol

	Remove undefined symbols from libvirt_private.syms
	MinGW's ld gives an error when trying to export undefined symbols.

	boolean shadows a typedef in rpcndr.h when compiled with MinGW
	Alter the offending variable names to fix this.

2009-12-23  Jiri Denemark  <jdenemar@redhat.com>

	Rename DATADIR to PKGDATADIR to fix win32 build
	* src/Makefile.am src/cpu/cpu_map.c: rename in Makefile and in the
	  cpu map loading code

	Move cpu_map.xml to -client RPM
	All the cpu code is part of libvirt library and it might be used by
	drivers which do not require libvirtd to be running.

2009-12-23  Daniel Veillard  <veillard@redhat.com>

	convert missing server entry points into unsupported errors
	If using a remote access, sometimes an RPC entry point is not
	available, and currently we just end up with a raw:
	    error: unknown procedure: xxx
	error, while this should be more cleanly reported as an unsupported
	entry point like for local access

	* src/remote/remote_driver.c: convert missing remote entry points into
	  the unsupported feature error

2009-12-22  Olivier Fourdan  <ofourdan@redhat.com>

	fix some error report when on remote access
	When querying about a domain from 0.3.3 (or RHEL 5.3) domain located
	on a 0.6.3 (RHEL-5) machine, the errors are not properly reported.
	This patch from Olivier Fourdan <ofourdan@redhat.com> , slightly
	modified to not change the semantic when the domain os details cannot
	be provided

	* src/xen/proxy_internal.c src/xen/xen_hypervisor.c: add some missing
	  error reports

2009-12-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix undefined reference to 'close_used_without_including_unistd_h'
	Found while trying to cross-compile libvirt on Fedora 12 for Windows.
	gnulib redefines 'close' to 'close_used_without_including_unistd_h'
	in sys/socket.h if winsock2.h is present and unistd.h has not been
	included before sys/socket.h. Reorder some includes to fix this.

	Fix argument type of virProcessInfoSetAffinity dummy function

	Define ATTRIBUTE_SENTINEL for GCC < 4.0 too
	ATTRIBUTE_SENTINEL was defined for GCC >= 4.0 only, resulting in
	compile errors when using GCC < 4.0.

	Fix compilation  with configure --disable-nls

	cpu: Fix memory leaks in x86FeatureLoad and x86ModelLoad
	Also backup and restore the original ctxt->node value in x86FeatureLoad.

	Fix configure check for SASL
	The option --with-sasl defaults to 'check', but an inverted test logic
	lets the SASL check fail with an error instead of disabling SASL.
	Fix the test logic so SASL support gets disabled if SASL is missing and
	--with-sasl is set to check.

	Fix GnuTLS pkg-config check
	The testlogic for $PKG_CONFIG was inverted, checking for an empty string
	before using PKG_CHECK_MODULES. Use -x instead of -z and add an else branch
	to the if checking for $GNUTLS_FOUND = no to add -lgcrypt in case the
	GnuTLS libraries are detected by pkg-config.

	Report an error if no XDR library can be found

2009-12-22  Daniel P. Berrange  <berrange@redhat.com>

	Disable JSON mode monitor until QEMU is more mature
	* src/qemu/qemu_conf.h: Remove QEMU_CMD_FLAG_0_12 and just leave
	  the lone JSON flag
	* src/qemu/qemu_conf.c: Enable JSON on QEMU 0.13 or later, but
	  leave it disabled for now

2009-12-22  Jiri Denemark  <jdenemar@redhat.com>

	Only probe for CPU models if required
	* src/qemu/qemu_conf.c: CPU models should be probed only if the
	  a guest's XML contains CPU model, not each time a qemu command line
	  is generated.

2009-12-22  Daniel Veillard  <veillard@redhat.com>

	Add some people missing from the AUTHORS list

2009-12-22  Jiri Denemark  <jdenemar@redhat.com>

	Add cpu_map.xml to libvirt.spec
	* libvirt.spec.in: embbed it in the main libvirt binary rpm

	Install cpu_map.xml
	* src/Makefile.am: install it in $(pkgdatadir) i.e. /usr/share/libvirt/
	  usually

2009-12-22  Chris Lalancette  <clalance@redhat.com>

	Make Xen VT-d PCI attach/detach work
	The Xen code for making HVM VT-d PCI passthrough attach and detach
	wasn't working properly:

	1)  In xenDaemonAttachDevice(), we were always trying to reconfigure
	a PCI passthrough device, even the first time we added it.  This was
	because the code in virDomainXMLDevID() was not checking xenstore for
	the existence of the device, and always returning 0 (meaning that
	the device already existed).

	2)  In xenDaemonDetachDevice(), we were trying to use "device_destroy"
	to detach a PCI device.  While you would think that is the right
	method to call, it's actually wrong for PCI devices.  In particular,
	in upstream Xen (and soon in RHEL-5 Xen), device_configure is actually
	used to destroy a PCI device.

	To fix the attach
	problem I add a lookup into xenstore to see if the device we are
	trying to attach already exists.  To fix the detach problem I change
	it so that for PCI detach (only), we use device_configure with the
	appropriate sxpr to do the detachment.

	* src/xen/xend_internal.c: don't use device_destroy for PCI devices
	  and fix the other issues.
	* src/xen/xs_internal.c src/xen/xs_internal.h: add
	  xenStoreDomainGetPCIID()

2009-12-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix detection of JSON when restarting libvirtd
	The XML XPath for detecting JSON in the running VM statefile was
	wrong causing all VMs to get JSON mode enabled at libvirtd restart.

	In addition if a VM was running a JSON enabled QEMU once, and then
	altered to point to a non-JSON enabled QEMU later the 'monJSON'
	flag would not get reset to 0.

	* src/qemu/qemu_driver.c: Fix setting/detection of JSON mode

2009-12-21  Adam Litke  <agl@us.ibm.com>

	Document the dommemstat command in the virsh man page
	* tools/virsh.pod: Provide a basic mention of the dommemstat command in
	  the virsh man page.

2009-12-21  Daniel Veillard  <veillard@redhat.com>

	Change virsh dommemstats command to dommemstat
	As Paul Jenner pointed out all other statistics commands use the
	singular form

	* tools/virsh.c: rename dommemstats to dommemstat as well as function
	  name and associated structures

2009-12-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix reporting of TLS connection errors
	The code for connecting to a server tries each socket in turn
	until it finds one that connects. Unfortunately for TLS sockets
	if it connected, but failed TLS handshake it would treat that
	as a failure to connect, and try the next socket. This is bad,
	it should have reported the TLS failure immediately.

	$ virsh -c qemu://somehost.com/system
	error: unable to connect to libvirtd at 'somehost.com': Invalid argument
	error: failed to connect to the hypervisor

	$ ./tools/virsh -c qemu://somehost.com/system
	error: server certificate failed validation: The certificate hasn't got a known issuer.
	error: failed to connect to the hypervisor

	 * src/remote/remote_driver.c: Stop trying to connect if the
	   TLS handshake fails

2009-12-21  Daniel Veillard  <veillard@redhat.com>

	Fix typo in qemudDomainAttachHostPciDevice()
	* src/qemu/qemu_driver.c: The 'if' statement is supposed to check return
	  value of pci = pciGetDevice(conn, ...); , but check uses if (!dev),
	  fix it

2009-12-20  Adam Litke  <agl@us.ibm.com>

	python: Add python bindings for virDomainMemoryStats
	Enable virDomainMemoryStats in the python API.  dom.memoryStats() will return a
	dictionary containing the supported statistics.  A dictionary is required
	because the meaining of each quantity cannot be inferred from its index in a
	list.

	* python/generator.py: reenable bindings for this entry point
	* python/libvirt-override-api.xml python/libvirt-override.c: the
	  generator can't handle this new function, add the new binding,
	  and the XML description

	Add a new command dommemstats for virDomainMemoryStats
	Define a new command 'dommemstats' to report domain memory statistics.  The
	output format is inspired by 'domblkstat' and 'domifstat' and consists of
	tag/value pairs, one per line.  The command can complete successfully and
	print no output if virDomainMemoryStats is supported by the driver, but not
	the guest operating system.

	Sample output:
	swap_in 0
	swap_out 0
	major_fault 54
	minor_fault 58259
	unused 487680
	available 502472

	All stats referring to a quantity of memory (eg. all above except major and
	minor faults) represent the quantity in KBytes.

	* tools/virsh.c: implements the new command

	Add domainMemoryStats support to remote driver
	Use a dynamically sized xdr_array to pass memory stats on the wire.  This
	supports the addition of future memory stats and reduces the message size
	since only supported statistics are returned.

	* src/remote/remote_protocol.x: provide defines for the new entry point
	* src/remote/remote_driver.c daemon/remote.c: implement the client and
	  server side
	* daemon/remote_dispatch_args.h daemon/remote_dispatch_prototypes.h
	  daemon/remote_dispatch_ret.h daemon/remote_dispatch_table.h
	  src/remote/remote_protocol.c src/remote/remote_protocol.h: generated
	  stubs

	Implements domainMemStats in the qemu driver
	Support for memory statistics reporting is accepted for qemu inclusion.
	Statistics are reported via the monitor command 'info balloon' as a comma
	seprated list:

	(qemu) info balloon
	balloon: actual=1024,mem_swapped_in=0,mem_swapped_out=0,major_page_faults=88,minor_page_faults=105535,free_mem=1017065472,total_mem=1045229568

	Libvirt, qemu, and the guest operating system may support a subset of the
	statistics defined by the virtio spec.  Thus, only statistics recognized by
	components will be reported.

	* src/qemu/qemu_driver.c src/qemu/qemu_monitor_text.[ch]: implement the
	  new entry point by using info balloon monitor command

	domMemoryStats: Add public symbol to libvirt API
	* src/libvirt.c: implement the main entry point
	* src/libvirt_public.syms: add it to the exported symbols

	Add new API virDomainMemoryStats to header and drivers
	Set up the types for the domainMemoryStats function and insert it into the
	virDriver structure definition.  Because of static initializers, update
	every driver and set the new field to NULL.

	* include/libvirt/libvirt.h.in: new API
	* src/driver.h src/*/*_driver.c src/vbox/vbox_tmpl.c: add the new
	  entry to the driver structure
	* python/generator.py: fix compiler errors, the actual python binding is
	  implemented later

2009-12-19  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add more links to external documentation

	esx: Destroy virtual machine on a vCenter if available
	If a virtual machine is destroyed on a ESX server then immediately
	undefining this virtual machine on a vCenter may fail, because the
	vCenter has not been informed about the status change yet. Therefore,
	destroy a virtual machine on a vCenter if available, so the vCenter
	is up-to-date when the virtual machine should be undefined.

	esx: Undefine virtual machine on a vCenter if available
	Undefining a virtual machine on an ESX server leaves a orphan on the
	vCenter behind. So undefine a virtual machine on a vCenter if available
	to fix this problem.

	esx: Don't warn about '/' paths

	esx: Use occurrence enum to specify expected result of a SOAP call
	Also move XPath expression composition into esxVI_Context_Execute().

	esx: Fix occurence typo

	esx: Extend documentation about 'vcenter' and add some about 'auto_answer'

	esx: Extend vCenter query parameter
	If an ESX host is managed by a vCenter, it knows the IP address of the
	vCenter. Setting the vCenter query parameter to * allows to connect to the
	vCenter known to an ESX host without the need to specify its IP address
	or hostname explicitly.

	esx: Removed unused inttypes.h include

	esx: Replace libxml1 'xmlChildrenNode' with libxml2 'children'

	esx: Use more suitable error code in esxVI_LookupVirtualMachineByUuid()

	esx: Improve domain lookup by UUID
	esxDomainLookupByUUID() and esxDomainIsActive() lookup a domain by asking
	ESX for all known domains and searching manually for the one with the
	matching UUID. This is inefficient. The VI API allows to lookup by UUID
	directly: FindByUuid().

	* src/esx/esx_driver.c: change esxDomainLookupByUUID() and esxDomainIsActive()
	  to use esxVI_LookupVirtualMachineByUuid(), also reorder some functions to
	  keep them in sync with the driver struct

	esx: Add automatic question handling
	Questions can block tasks, to handle them automatically the driver can answers
	them with the default answer. The auto_answer query parameter allows to enable
	this automatic question handling.

	* src/esx/README: add a detailed explanation for automatic question handling
	* src/esx/esx_driver.c: add automatic question handling for all task related
	  driver functions
	* src/esx/esx_util.[ch]: add handling for the auto_answer query parameter
	* src/esx/esx_vi.[ch], src/esx/esx_vi_methods.[ch], src/esx/esx_vi_types.[ch]:
	  add new VI API methods and types and additional helper functions for
	  automatic question handling

	Fix compilation with gcrypt < 1.4.2
	Commit 33a198c1f6a4a1bc7f34d50a31032e03bec10fee increased the gcrypt
	version requirement to 1.4.2 because the GCRY_THREAD_OPTION_VERSION
	define was added in this version.

	The configure script doesn't check for the gcrypt version. To support
	gcrypt versions < 1.4.2 change the virTLSThreadImpl initialization
	to use GCRY_THREAD_OPTION_VERSION only if it's defined.

2009-12-19  Diego Elio Pettenò  <flameeyes@gmail.com>

	Don't mix LDFLAGS and LIBS in the configure script
	* configure.in: If you pass libraries in the LDFLAGS variable, and then
	  try AC_CHECK_FUNCS to find whether a function is present or not,
	  it'll fail badly when using the --as-needed linker flag. Instead,
	  pass the libraries through the LIBS library, so that they are passed
	  after the conftest.c source file and the tests are done properly.

	Don't make it possible to define HAVE_HAL but not enable it in automake
	* configure.in: With the previous logic, if libhal_get_all_devices
	  function was not found, HAVE_HAL would be defined for the preprocessor
	  but it wouldn't be enabled in automake conditionals, causing the final
	  link to fail with missing references to HAL entries.

2009-12-18  Jiri Denemark  <jdenemar@redhat.com>

	Implement virsh command 'cpu-compare'
	* tools/virsh.c: provide a way to us teh new API with virsh

	Implement CPU selection in QEMU driver
	* src/qemu/qemu_conf.c src/qemu/qemu_conf.h src/qemu/qemu_driver.c:
	  add the new entry point, extend capabilities and code to interract
	  with qemu

	Adds CPU map for models and features
	* src/cpu/cpu_map.xml: newdescription file
	* src/Makefile.am: include it in dist

	Adds CPU selection infrastructure
	Each driver supporting CPU selection must fill in host CPU capabilities.
	When filling them, drivers for hypervisors running on the same node as
	libvirtd can use cpuNodeData() to obtain raw CPU data. Other drivers,
	such as VMware, need to implement their own way of getting such data.
	Raw data can be decoded into virCPUDefPtr using cpuDecode() function.

	When implementing virConnectCompareCPU(), a hypervisor driver can just
	call cpuCompareXML() function with host CPU capabilities.

	For each guest for which a driver supports selecting CPU models, it must
	set the appropriate feature in guest's capabilities:

	    virCapabilitiesAddGuestFeature(guest, "cpuselection", 1, 0)

	Actions needed when a domain is being created depend on whether the
	hypervisor understands raw CPU data (currently CPUID for i686, x86_64
	architectures) or symbolic names has to be used.

	Typical use by hypervisors which prefer CPUID (such as VMware and Xen):

	- convert guest CPU configuration from domain's XML into a set of raw
	  data structures each representing one of the feature policies:

	    cpuEncode(conn, architecture, guest_cpu_config,
	              &forced_data, &required_data, &optional_data,
	              &disabled_data, &forbidden_data)

	- create a mask or whatever the hypervisor expects to see and pass it
	  to the hypervisor

	Typical use by hypervisors with symbolic model names (such as QEMU):

	- get raw CPU data for a computed guest CPU:

	    cpuGuestData(conn, host_cpu, guest_cpu_config, &data)

	- decode raw data into virCPUDefPtr with a possible restriction on
	  allowed model names:

	    cpuDecode(conn, guest, data, n_allowed_models, allowed_models)

	- pass guest->model and guest->features to the hypervisor

	* src/cpu/cpu.c src/cpu/cpu.h src/cpu/cpu_generic.c
	  src/cpu/cpu_generic.h src/cpu/cpu_map.c src/cpu/cpu_map.h
	  src/cpu/cpu_x86.c src/cpu/cpu_x86.h src/cpu/cpu_x86_data.h
	* configure.in: check for CPUID instruction
	* src/Makefile.am: glue the new files in
	* src/libvirt_private.syms: add new private symbols
	* po/POTFILES.in: add new cpu files containing translatable strings

	Remote driver CPU flags support
	* src/remote/remote_driver.c: add the new entry point

	CPU flags wire protocol format and server side
	* src/remote/remote_protocol.x: update with new entry point
	* daemon/remote.c: add the new server dispatcher
	* daemon/remote_dispatch_args.h daemon/remote_dispatch_prototypes.h
	  daemon/remote_dispatch_ret.h daemon/remote_dispatch_table.h
	  src/remote/remote_protocol.c src/remote/remote_protocol.h: regenerated

	Public API implementation
	* src/libvirt.c: adds the public entry point virConnectCompareCPU()

	Adds the internal driver API
	* src/driver.h: add an extra entry point in the structure
	* src/esx/esx_driver.c src/lxc/lxc_driver.c src/opennebula/one_driver.c
	  src/openvz/openvz_driver.c src/phyp/phyp_driver.c src/qemu/qemu_driver.c
	  src/remote/remote_driver.c src/test/test_driver.c src/uml/uml_driver.c
	  src/vbox/vbox_tmpl.c src/xen/xen_driver.c: add NULL entry points for
	  all drivers

	New public API definition virConnectCompareCPU()
	* include/libvirt/libvirt.h.in: add it in the public API as
	  well as the new flags
	* src/libvirt_public.syms: export it

2009-12-18  Daniel Veillard  <veillard@redhat.com>

	Fixes syntax-check with previous commit
	* po/POTFILES.in: adds src/conf/cpu_conf.c in teh set of files with
	  translatable content
	* src/conf/cpu_conf.c: remove an unused include

2009-12-18  Jiri Denemark  <jdenemar@redhat.com>

	XML parsing/formating code for CPU flags
	* include/libvirt/virterror.h src/util/virterror.c: add new domain
	  VIR_FROM_CPU for errors
	* src/conf/cpu_conf.c src/conf/cpu_conf.h: new parsing module
	* src/Makefile.am proxy/Makefile.am: include new files
	* src/conf/capabilities.[ch] src/conf/domain_conf.[ch]: reference
	  new code
	* src/libvirt_private.syms: private export of new entry points

	XML schema for CPU flags
	XML schema for CPU flags

	Firstly, CPU topology and model with optional features have to be
	advertised in host capabilities:

	    <host>
	        <cpu>
	            <arch>ARCHITECTURE</arch>
	            <features>
	                <!-- old-style features are here -->
	            </features>
	            <model>NAME</model>
	            <topology sockets="S" cores="C" threads="T"/>
	            <feature name="NAME"/>
	        </cpu>
	        ...
	    </host>

	Secondly, drivers which support detailed CPU specification have to
	advertise
	it in guest capabilities:

	    <guest>
	    ...
	    <features>
	            <cpuselection/>
	        </features>
	    </guest>

	And finally, CPU may be configured in domain XML configuration:

	<domain>
	    ...
	    <cpu match="MATCH">
	        <model>NAME</model>
	        <topology sockets="S" cores="C" threads="T"/>
	        <feature policy="POLICY" name="NAME"/>
	    </cpu>
	</domain>

	Where MATCH can be one of:
	    - 'minimum'     specified CPU is the minimum requested CPU
	    - 'exact'       disable all additional features provided by host CPU
	    - 'strict'      fail if host CPU doesn't exactly match

	POLICY can be one of:
	    - 'force'       turn on the feature, even if host doesn't have it
	    - 'require'     fail if host doesn't have the feature
	    - 'optional'    match host
	    - 'disable'     turn off the feature, even if host has it
	    - 'forbid'      fail if host has the feature

	'force' and 'disable' policies turn on/off the feature regardless of its
	availability on host. 'force' is unlikely to be used but its there for
	completeness since Xen and VMWare allow it.

	'require' and 'forbid' policies prevent a guest from being started on a host
	which doesn't/does have the feature. 'forbid' is for cases where you disable
	the feature but a guest may still try to access it anyway and you don't want
	it to succeed.

	'optional' policy sets the feature according to its availability on host.
	When a guest is booted on a host that has the feature and then migrated to
	another host, the policy changes to 'require' as we can't take the feature
	away from a running guest.

	Default policy for features provided by host CPU but not specified in domain
	configuration is set using match attribute of cpu tag. If 'minimum' match is
	requested, additional features will be treated as if they were specified
	with 'optional' policy. 'exact' match implies 'disable' policy and 'strict'
	match stands for 'forbid' policy.

	* docs/schemas/capability.rng docs/schemas/domain.rng: extend the
	  RelaxNG schemas to add CPU flags support

2009-12-18  Daniel P. Berrange  <berrange@redhat.com>

	Initialize gcrypt threading
	GNUTLS uses gcrypt for its crypto functions. gcrypt requires
	that the app/library initializes threading before using it.
	We don't want to force apps using libvirt to know about
	gcrypt, so we make virInitialize init threading on their
	behalf. This location also ensures libvirtd has initialized
	it correctly. This initialization is required even if libvirt
	itself were only using one thread, since another non-libvirt
	library (eg GTK-VNC) could also be using gcrypt from another
	thread

	* src/libvirt.c: Register thread functions for gcrypt
	* configure.in: Add -lgcrypt to linker flags

	Fix bug in storage driver accessing wrong private data
	* src/storage/storage_driver.c: Fix IsPersistent() and IsActivE()
	  methods on storage pools to use 'storagePrivateData' instead
	  of 'privateData'. Also fix naming convention of objects

2009-12-16  Jim Meyering  <meyering@redhat.com>

	esx_vi.c: do not call through NULL function pointer
	* src/esx/esx_vi.c (esxVI_List_CastFromAnyType): For invalid
	inputs, fail right away.  Do not "goto failure" where a NULL
	input pointer would be dereferenced.

	esx_util.c: avoid NULL deref for invalid inputs
	* src/esx/esx_util.c (esxUtil_ParseDatastoreRelatedPath): Return
	right away for invalid inputs, rather than using them (which would
	dereference NULL pointers) in clean-up code.

2009-12-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Don't goto failure for invalid arguments in VMX code
	This also fixes a NULL-deref of virtualDev in esxVMX_ParseSCSIController
	found by Jim Meyering.

	Fix memory leak in qemudBuildCommandLine

2009-12-16  Jim Meyering  <meyering@redhat.com>

	avoid calling exit with a constant; use EXIT_* instead
	This appeases a new gnulib-provided "syntax-check".
	* daemon/libvirtd.c (main): Use EXIT_FAILURE, not 1.
	* proxy/libvirt_proxy.c (main): Likewise, and EXIT_SUCCESS, not 0.
	* tests/conftest.c (main): Likewise.
	* tests/reconnect.c (main): Likewise.
	* tests/testutils.h (EXIT_AM_SKIP): Define.
	* tests/nodeinfotest.c (mymain): Use EXIT_AM_SKIP, not 77.
	* tests/qemuargv2xmltest.c: Likewise.
	* tests/qemuxml2xmltest.c: Likewise.
	* tests/virshtest.c (mymain): Likewise.

	maint: remove from VC two gnulib-provided files
	* build-aux/link-warning.h: Remove file from version control.
	* build-aux/mktempd: Likewise.
	* build-aux/.gitignore: Adjust.

	avoid malfunction when virFileResolveLink is applied to non-POSIX FS
	The virFileResolveLink utility function relied on the POSIX guarantee
	that stat.st_size of a symlink is the length of the value.  However,
	on some types of file systems, it is invalid, so do not rely on it.
	Use gnulib's areadlink module instead.
	* bootstrap (modules): Add areadlink.
	* src/util/util.c: Include "areadlink.h".
	Let areadlink perform the readlink and malloc.
	* configure.in (AC_CHECK_FUNCS): Remove readlink.  No need,
	since it's presence is guaranteed by gnulib.

	build: update gnulib submodule to latest

	xm_internal.c: remove misleading dead code
	* src/xen/xm_internal.c (xenXMConfigGetULong): Remove useless and
	misleading test (always false) for val->str == NULL before code that
	always dereferences val->str.  "val" comes from virConfGetValue, and
	at that point, val->str is guaranteed to be non-NULL.
	(xenXMConfigGetBool): Likewise.
	* src/util/conf.c (virConfSetValue): Ensure that vir->str is never NULL,
	not even if someone tries to set such a value via virConfSetValue.

	libvirt.c: don't let a NULL "cpumaps" argument provoke a NULL-deref
	* src/libvirt.c (virDomainGetVcpus): Describe new, stronger
	requirement on "maplen"s relationship to "cpumaps".

2009-12-15  Jim Meyering  <meyering@redhat.com>

	qemu migration: avoid NULL-deref given an invalid input
	* src/qemu/qemu_driver.c (doNonTunnelMigrate): Don't let a
	NULL "uri_out" provoke a NULL-dereference in doNativeMigrate:
	supply omitted goto-after-qemudReportError.

	qemu_driver.c: don't unlink(NULL) on OOM error path
	* src/qemu/qemu_driver.c (qemudDomainMigratePrepareTunnel): Upon an
	out of memory error, we would end up with unixfile==NULL and attempt
	to unlink(NULL).  Skip the unlink when it's NULL.

	remote_driver.c: also zero out ->saslDecodedOffset member
	* src/remote/remote_driver.c (remoteIOReadMessage): ...rather than
	zeroing out priv->saslDecodedLength twice.

	qemu_driver.c: avoid double free on error path
	* src/qemu/qemu_driver.c (qemudDomainMigrateFinish2): Set
	"event" to NULL after qemuDomainEventQueue frees it, so a
	subsequent free (after endjob label) upon qemuMonitorStartCPUs
	failure does not cause a double free.

	libvirtd: avoid a NULL dereference on error path
	* daemon/libvirtd.c (qemudDispatchServer): Since "client" may be
	NULL in the "cleanup:" block, free client->rx only when it's not.

2009-12-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix and improve domain xml video element description
	The description mismatched the actual structure since the video element
	was introduced. The nvram attribute is actually called vram. Specify the
	unit of the vram attribute.

	Fix install location for Python bindings
	Commit 66137344feb488ea87b0d92f3c03844d9a7a7786 changed the Python detection
	mechanism in configure to use AM_PATH_PYTHON. This results in a changed
	install location for the Python bindings, at least on Fedora 12 64bit systems.

	Before this commit libvirt.py and libvirtmod.so were installed to

	  /usr/lib64/python2.6/site-packages

	After this commit they are installed to

	  /usr/lib/python2.6/site-packages

	Mixed Python packages (containing *.py and *.so files) should be installed to
	the pyexecdir directory detected by AM_PATH_PYTHON.

	This restores the install location from before the AM_PATH_PYTHON commit.

	* configure.in: remove unnecessary pythondir export
	* python/Makefile.am: switch from pythondir to pyexecdir

2009-12-14  Daniel Veillard  <veillard@redhat.com>

	Relax the allowed values for machine type in schema
	* docs/schemas/domain.rng: don't try to validate based on a list, open
	  up the machine type to a regexp allowing a-z A-Z 0-9 _ - and .

2009-12-14  Jim Meyering  <meyering@redhat.com>

	virsh: avoid double-free
	* tools/virsh.c (vshCommandParse): Avoid double-free of "tkdata".
	Set it to NULL immediately after free in the (cmd == NULL) case,
	just as in the other case, in case the final free(tkdata) is
	triggered by a syntax error.

	node_device_driver.c: don't write beyond EOB for 4K-byte symlink
	* src/node_device/node_device_driver.c (update_driver_name): The
	previous code would write one byte beyond the end of the 4KiB
	stack buffer when presented with a symlink value of exactly that
	length (very unlikely).  Remove the automatic buffer and use
	virFileResolveLink in place of readlink.  Suggested by Daniel Veillard.

2009-12-14  Matthew Booth  <mbooth@redhat.com>

	Fix owner and group in example volume XML
	The owner and group in the documentation examples were confusingly given as
	'0744'. They should be numeric uid and gid. Changed the examples to use the
	default uid and gid assigned to qemu in F12.

	* docs/formatstorage.html.in: Change example owner and group in volume XML

2009-12-14  Daniel Veillard  <veillard@redhat.com>

	add missing doc for device <shareable/> option

2009-12-14  Laine Stump  <laine@laine.org>

	Eliminate failure to delete empty storage pools
	* src/storage/storage_backend_fs.c: virStorageBackendFileSystemDelete
	  was incorrectly calling unlink() in an attempt to remove a directory.
	  It should be calling rmdir() instead.

2009-12-14  Jiri Denemark  <jdenemar@redhat.com>

	Fix use of virEventAddHandleImpl()
	src/node_device/node_device_udev.c was using a function available only
	on the daemon code, fix this and use the function available globally

	* src/node_device/node_device_udev.c: replace use of virEventAddHandleImpl
	  by virEventAddHandle

2009-12-14  Matthew Booth  <mbooth@redhat.com>

	Cleanup temporary #define after use
	* src/qemu/qemu_driver.c: #undef LOOKUP_PTYS after use in
	  qemudFindCharDevicePTYsMonitor()

2009-12-14  Dave Allan  <dallan@redhat.com>

	Implement --pool option for virsh vol-path
	This patch fixes the problem reported in:

	https://bugzilla.redhat.com/show_bug.cgi?id=509306

	The bug reporter says that vol-delete does not support the --pool
	option, but that's not the case in the current head.  This patch makes
	vol-path behave the same way as vol-delete

	* tools/virsh.c: Modified vol-path to use the same logic as vol-delete,
	  allowing the syntax: virsh vol-path --pool testdirpool testvol0

2009-12-14  Cole Robinson  <crobinso@redhat.com>

	nodedev: Add removable storage 'media_label' prop
	Provides the CDROM label for current media. Only implemented for the
	udev backend.

2009-12-14  Dave Allan  <dallan@redhat.com>

	expose SR IOV physical/virtual function relationships
	exposes the relationships between physical
	and virtual functions on SR IOV capable devices.

2009-12-14  Paolo Bonzini  <pbonzini@redhat.com>

	Fix possible NULL pointer dereference
	If there are no references remaining to the object, vm is set to NULL
	and vm->persistent cannot be accessed.  Fixed by this trivial patch.

	* src/qemu/qemu_driver.c (qemudDomainCoreDump): Avoid possible
	  NULL pointer dereference on --crash dump.

2009-12-14  Jamie Strandboge  <jamie@canonical.com>

	add AppArmor test and examples to dist
	tests/virt-aa-helper-test and examples/apparmor are not included in
	official tarballs, but should be. Attached is a patch to fix that
	which works when apparmor is and is not available.

2009-12-14  Paolo Bonzini  <pbonzini@redhat.com>

	add --live support to "virsh dump"
	This is trivial for QEMU since you just have to not stop the vm before
	starting the dump.  And for Xen, you just pass the flag down to xend.

	* include/libvirt/libvirt.h.in (virDomainCoreDumpFlags): Add VIR_DUMP_LIVE.
	* src/qemu/qemu_driver.c (qemudDomainCoreDump): Support live dumping.
	* src/xen/xend_internal.c (xenDaemonDomainCoreDump): Support live dumping.
	* tools/virsh.c (opts_dump): Add --live. (cmdDump): Map it to VIR_DUMP_LIVE.

	add --crash support to "virsh dump"
	This patch adds the --crash option (already present in "xm dump-core")
	to "virsh dump".  virDomainCoreDump already has a flags argument, so
	the API/ABI is untouched.

	* include/libvirt/libvirt.h.in (virDomainCoreDumpFlags): New flag for
	  CoreDump
	* src/test/test_driver.c (testDomainCoreDump): Do not crash
	  after dump unless VIR_DUMP_CRASH is given.
	* src/qemu/qemu_driver.c (qemudDomainCoreDump): Shutdown the domain
	  instead of restarting it if --crash is passed.
	* src/xen/xend_internal.c (xenDaemonDomainCoreDump): Support --crash.
	* tools/virsh.c (opts_dump): Add --crash.
	  (cmdDump): Map it to flags for virDomainCoreDump and pass them.

	fix various breakages in qemu Dump command
	1) qemuMigrateToCommand uses ">>" so we have to truncate the file
	before starting the migration;

	2) the command wasn't updated to chown the driver and set/restore
	the security lavels;

	3) the VM does not have to be resumed if migration fails;

	4) the file is not removed when migration fails.

	* src/qemu/qemu_driver.c (qemuDomainCoreDump): Truncate file before
	  dumping, set/restore ownership and security labels for the file.

2009-12-14  Daniel Veillard  <veillard@redhat.com>

	Fix a couple of problems in last patch
	Those were pointed by DanB in his review but not yet fixed

	* src/qemu/qemu_driver.c: qemudWaitForMonitor() use EnterMonitorWithDriver()
	  and ExitMonitorWithDriver() there
	* src/qemu/qemu_monitor_text.c: checking fro strdu failure and hash
	  table add error in qemuMonitorTextGetPtyPaths()

2009-12-14  Matthew Booth  <mbooth@redhat.com>

	Get QEMU pty paths from the monitor
	This change makes the QEMU driver get pty paths from the output of the
	monitor 'info chardev' command. This output is structured, and contains
	both the name of the device and the path on the same line. This is
	considerably more reliable than parsing the startup log output, which
	requires the parsing code to know which order QEMU will print pty
	information in.

	Note that we still need to parse the log output as the monitor itself
	may be on a pty. This should be rare, however, and the new code will
	replace all pty paths parsed by the log output method once the monitor
	is available.

	* src/qemu/qemu_monitor.(c|h) src/qemu_monitor_text.(c|h): Implement
	  qemuMonitorGetPtyPaths().
	* src/qemu/qemu_driver.c: Get pty path information using
	  qemuMonitorGetPtyPaths().

	Extract the assigned pty device for QEmu channels
	* src/qemu/qemu_driver.c: Parse pty devices for channels

	Make QEMU driver use -chardev everywhere if available
	Change -monitor, -serial and -parallel output to use -chardev if it is
	available.
	* src/qemu/qemu_conf.c: Update qemudBuildCommandLine to use -chardev where
	  available.
	* tests/qemuxml2argvtest.c tests/qemuxml2argvdata/: Add -chardev equivalents
	  for all current serial and parallel tests.

2009-12-14  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Suppress cgroup error message on sucess startup
	Even if qemudStartVMDaemon suceeds, an error was logged such as
	'qemuRemoveCgroup:1778 : internal error Unable to find cgroup for'.
	This is because qemudStartVMDaemon calls qemuRemoveCgroup to
	ensure that old cgroup does not remain. This workaround makes
	sense but leaving an error message may confuse users.
	* src/qemu/qemu_driver.c: a an option to the function to suppress the
	  error being logged

2009-12-11  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix reference leak in remoteDispatchStorageVolCreateXmlFrom

	Fix memory leak in virStorageBackendCopyToFD

2009-12-11  Daniel Veillard  <veillard@redhat.com>

	Fix 'make syntax-check' after iptables.c cleanup

2009-12-11  Paolo Bonzini  <pbonzini@redhat.com>

	retrieve paused/running state at migration start
	This patch fixes the bug where paused/running state is not
	transmitted during migration.  As a result, in the QEMU driver
	for example the machine was always started on the destination
	end.

	In order to do so, just read the state and if it is appropriate and
	set the VIR_MIGRATE_PAUSED flag.

	* src/libvirt.c (virDomainMigrateVersion1, virDomainMigrateVersion2):
	  Automatically add VIR_MIGRATE_PAUSED when appropriate.
	* src/xen/xend_internal.c (xenDaemonDomainMigratePerform): Give a nicer
	  error message when migration of paused domains is attempted.

	add virsh --suspend arg to migrate command
	This adds a new flag, VIR_MIGRATE_PAUSED, that mandates pausing
	the migrated VM before starting it.

	* include/libvirt/libvirt.h.in (virDomainMigrateFlags): Add VIR_MIGRATE_PAUSED.
	* src/qemu/qemu_driver.c (qemudDomainMigrateFinish2): Handle VIR_MIGRATE_PAUSED.
	* tools/virsh.c (opts_migrate): Add --suspend. (cmdMigrate): Handle it.
	* tools/virsh.pod (migrate): Document it.

	fix migration of paused vms upon failure
	This makes a small change on the failed-migration path.  Up to now,
	all VMs that failed non-live migration after the "stop" command
	were restarted.  This must not be done when the VM was paused in
	the first place.

	* src/qemu/qemu_driver.c (qemudDomainMigratePerform): Do not restart
	  a paused VM that fails migration.  Set paused state after "stop",
	  reset it after failure.

2009-12-11  Diego Elio Pettenò  <flameeyes@gmail.com>

	Small change of RNG syntax for domain
	* docs/schemas/domain.rng: As trang seems to bug with <optional><oneOrMore>
	  replace it with <zeroOrMore>

2009-12-11  Richard Jones  <rjones@redhat.com>

	qemu driver: Fix segfault in libvirt/libvirtd when uri->path is NULL.
	See also:
	https://bugzilla.redhat.com/show_bug.cgi?id=545400#c1

2009-12-11  Diego Elio Pettenò  <flameeyes@gmail.com>

	Fix a wellformedness problem in secret.rng
	* docs/schemas/secret.rng: ref tag for usagevolume wasn't closed

2009-12-10  Mark McLoughlin  <markmc@redhat.com>

	remove iptablesReloadRules() and related code
	We don't use this method of reloading rules anymore, so we can just
	kill the code.

	This simplifies things a lot because we no longer need to keep a
	table of the rules we've added.

	* src/util/iptables.c: kill iptablesReloadRules()

	remove all traces of lokkit support
	Long ago we tried to use Fedora's lokkit utility in order to register
	our iptables rules so that 'service iptables restart' would
	automatically load our rules.

	There was one fatal flaw - if the user had configured iptables without
	lokkit, then we would clobber that configuration by running lokkit.

	We quickly disabled lokkit support, but never removed it. Let's do
	that now.

	The 'my virtual network stops working when I restart iptables' still
	remains. For all the background on this saga, see:

	  https://bugzilla.redhat.com/227011

	* src/util/iptables.c: remove lokkit support

	* configure.in: remove --enable-lokkit

	* libvirt.spec.in: remove the dirs used only for saving rules for lokkit

	* src/Makefile.am: ditto

	* src/libvirt_private.syms, src/network/bridge_driver.c,
	  src/util/iptables.h: remove references to iptablesSaveRules

	reload iptables rules on libvirtd restart
	This is the expected behaviour, I think - reloading libvirtd should
	be a subset of restarting it.

	Note, we reload the rules after we've determined which networks
	are active (because we only add the rules for active networks)
	and before we start autostart networks (to avoid re-adding the
	rules).

	* src/network/bridge_driver.c: reload iptables rules on startup

	reload iptables rules simply by re-adding them
	Currently, when we add iptables rules, we keep them on a list so that
	we can easily reload them on e.g. 'service libvirtd reload'.

	However, we don't save this list to disk, so if libvirtd is restarted
	we lose the ability to reload the rules.

	The fix is simple - just re-add the damn things on reload.

	Note, we delete the rules before re-adding them, just like the current
	behaviour of iptRulesReload().

	* src/network/bridge_driver.c: re-add the iptables rules on reload.

2009-12-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add virBufferFreeAndReset() and replace free()
	Replace free(virBufferContentAndReset()) with virBufferFreeAndReset().
	Update documentation and replace all remaining calls to free() with
	calls to VIR_FREE(). Also add missing calls to virBufferFreeAndReset()
	and virReportOOMError() in OOM error cases.

2009-12-09  Jim Fehlig  <jfehlig@novell.com>

	Plumb domain description tag in xend backend
	xen-unstable changesets 20321 and 20521 added support for
	description in xend domain config.  This patch extends that
	support in xend backend.
	* src/xen/xend_internal.c: add parse and output of domain description

2009-12-09  Richard Jones  <rjones@redhat.com>

	Update location of C# bindings.

2009-12-09  Daniel P. Berrange  <berrange@redhat.com>

	Make QEMU text monitor parsing more robust
	The QEMU 0.10.0 release (and possibly other 0.10.x) has a bug where
	it sometimes/often forgets to display the initial monitor greeting
	line, soley printing a (qemu).  This in turn confuses the text
	console parsing because it has a '(qemu)' it is not expecting. The
	confusion results in a negative malloc. Bad things follow.

	This re-writes the text console handling to be more robust. The key
	idea is that it should only look for a (qemu), once it has seen the
	original command echo'd back. This ensures it'll skip the bogus stray
	(qemu) with broken QEMUs.

	* src/qemu/qemu_monitor.c: Add some (disabled) debug code
	* src/qemu/qemu_monitor_text.c: Re-write way command replies
	  are detected

	Fix virDomainObj ref handling in QEMU driver
	Since the monitor I/O is processed out of band from the main
	thread(s) invoking monitor  commands, the virDomainObj may be
	deleted by the I/O thread. The qemuDomainObjBeginJob takes an
	extra reference to protect against final deletion, but this
	reference is released by the corresponding EndJob call. THus
	after the EndJob call it may not be valid to reference the
	virDomainObj any more. To allow callers to detect this, the
	EndJob call is changed to return the remaining reference count.

	* src/conf/domain_conf.c: Make virDomainObjUnref return the
	  remaining reference count
	* src/qemu/qemu_driver.c: Avoid referencing virDomainObjPtr
	  after qemuDomainObjEndJob if it has been deleted.

2009-12-09  Daniel Veillard  <veillard@redhat.com>

	Fix the news file non-ascii characters
	by adding an explicit HTML encoding meta description

2009-12-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	Use AM_PATH_PYTHON and python-config to detect Python configuration
	Using AM_PATH_PYTHON solves the site-packages directory problem. At least
	in Ubuntu with Python 2.6 and later site-packages is renamed to dist-packages
	and site-packages is not part of sys.path anymore. So installing the libvirt
	Python bindings to site-packages renders them unusable, because they can be
	imported from there without manually including site-packages into sys.path.

	AM_PATH_PYTHON detects the correct site-packages/dist-packages directory.

	python-config --includes gives the correct include path for the Python header
	files. The old probing code stays there as fallback mechanism.

	* configure.in: use AM_PATH_PYTHON and python-config
	* python/Makefile.am: remove -I because PYTHON_INCLUDES contains it now

	Add missing commas to the 0.7.4 news section

2009-12-08  Daniel Veillard  <veillard@redhat.com>

	Change generated HTML to UTF-8 encoding
	* docs/ChangeLog.xsl docs/newapi.xsl docs/site.xsl: change all
	  stylesheets to output UTF-8 HTML instead of ISO Latin 1 which was
	  breaking on some people names.

	Avoid an type-punned pointer aliasing pbm
	Fix this warning, there is no need to use an intermediate,
	different array pointer.
	network.c: In function 'getIPv6Addr':
	network.c:50: warning: dereferencing type-punned pointer will break strict-aliasing rules
	* src/util/network.c: avoid an intermediary pointer cast

2009-12-08  Daniel P. Berrange  <berrange@redhat.com>

	Hook up JSON monitor to emit basic lifecycle events
	* src/qemu/qemu_monitor_json.c: Hook up reset, shutdown,
	  poweroff and stop events

	Add QEMU monitor callbacks for basic lifecycle events
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add callbacks
	  for reset, shutdown, poweroff and stop events. Add convenience
	  methods for emiting those events

	Switch over to passing a callback table to QEMU monitor
	With addition of events there will be alot of callbacks.
	To avoid having to add many APIs to register callbacks,
	provide them all at once in a big table

	* src/qemu/qemu_driver.c: Pass in a callback table to QEMU
	  monitor code
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h Replace
	  the EOF and disk secret callbacks with a callback table

	Support for JSON mode monitor
	Initial support for the new QEMU monitor protocol  using JSON
	as the data encoding format instead of plain text

	* po/POTFILES.in: Add src/qemu/qemu_monitor_json.c
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Hack to turn on QMP
	  mode. Replace with a version number check on >= 0.12 later
	* src/qemu/qemu_monitor.c: Delegate to json monitor if enabled
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h: Add
	  impl of QMP protocol
	* src/Makefile.am: Add src/qemu/qemu_monitor_json.{c,h}

	Introduce callbacks for serializing domain object private data to XML
	Now that drivers are using a private domain object state blob,
	the virDomainObjFormat/Parse methods are no longer able to
	directly serialize all neccessary state to/from XML. It is
	thus neccessary to introduce a pair of callbacks fo serializing
	private state.

	The code for serializing vCPU PIDs and the monitor device
	config can now move out of domain_conf.c and into the
	qemu_driver.c where they belong.

	* src/conf/capabilities.h: Add callbacks for serializing private
	  state to/from XML
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Remove the
	  monitor, monitor_chr, monitorWatch, nvcpupids and vcpupids
	  fields from virDomainObjPtr. Remove code that serialized
	  those fields
	* src/libvirt_private.syms: Export virXPathBoolean
	* src/qemu/qemu_driver.c: Add callbacks for serializing monitor
	  and vcpupid data to/from XML
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Pass monitor
	  char device config into qemuMonitorOpen directly.

	Switch LXC driver to use a private data blob for virDomainObj state
	* src/lxc/lxc_driver.c: Introduce lxcDomainObjPrivate for storing
	  monitor device state

	Switch UML driver to use a private data blob for virDomainObj state
	* src/uml/uml_driver.c: Introduce umlDomainObjPrivateData for storing
	  monitor device state. Remove unneccessary VIR_FREE on vcpupids

	Pull code to start CPUs executing out of qemudInitCpuAffinity()
	The code to start CPUs executing has nothing todo with CPU
	affinity masks, so pull it out of the qemudInitCpuAffinity()
	method and up into qemudStartVMDaemon()

	* src/qemu/qemu_driver.c: Pull code to start CPUs executing out
	  of qemudInitCpuAffinity()

	Add a 'format' arg to qemuMonitorChangeMedia() since JSON will support it
	The current QEMU disk media change does not support setting the
	disk format. The new JSON monitor will support this, so add an
	extra parameter to pass this info in

	* src/qemu/qemu_driver.c: Pass in disk format when changing media
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
	  Add a 'format' arg to qemuMonitorChangeMedia()

	Fix migration cancellation for QEMU
	* src/qemu/qemu_monitor_text.c: Add missing underscore in the
	  migrate_cancel monitor command impl

	Move qemuMonitorEscape + migrate status enum into shared monitor code
	The qemuMonitorEscape() method, and the VIR_ENUM for migration
	status will be needed by the JSON monitor too, so move that code
	into the shared qemu_monitor.c file instead of qemu_monitor_text.c

	* src/qemu/qemu_monitor.h: Declare qemuMonitorMigrationStatus enum
	  and qemuMonitorEscapeArg and qemuMonitorEscapeShell methods
	* src/qemu/qemu_monitor.c: Implement qemuMonitorMigrationStatus enum
	  and qemuMonitorEscapeArg and qemuMonitorEscapeShell methods
	* src/qemu/qemu_monitor_text.c: Remove above methods/enum

	Fix crash when deleting monitor while a command is in progress
	If QEMU shuts down while we're in the middle of processing a
	monitor command, the monitor will be freed, and upon cleaning
	up we attempt to do  qemuMonitorUnlock(priv->mon) when priv->mon
	is NULL.

	To address this we introduce proper reference counting into
	the qemuMonitorPtr object, and hold an extra reference whenever
	executing a command.

	* src/qemu/qemu_driver.c: Hold a reference on the monitor while
	  executing commands, and only NULL-ify the priv->mon field when
	  the last reference is released
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Add reference
	  counting to handle safe deletion of monitor objects

2009-12-08  Guido Günther  <agx@sigxcpu.org>

	udev_device_get_devpath might return NULL
	Fix crash on strdup in that case.

2009-12-08  Daniel Veillard  <veillard@redhat.com>

	Fix a compilation failure if yajl not avail
	configure:     yajl: no
	CC     libvirt_util_la-json.lo
	util/json.c:32:27: error: yajl/yajl_gen.h: No such file or directory
	util/json.c:33:29: error: yajl/yajl_parse.h: No such file or directory

	* src/util/json.c: remove the includes if yajl not configured in

2009-12-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix compilation for configure --disable-nls

	vbox: Update IIDs from version 3.1-beta2 to 3.1-final
	This solves the 'nsIEventQueue object is null' error when trying
	to connect to a VirtualBox 3.1 hypervisor instance.

2009-12-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix ReprotError vs ReportError typo in JSON code
	* src/util/json.c: Fix ReprotError typo when YAJL is not available

	Fix inverted conditional test in configure.ac check for yajl
	* configure.in: Fix inverted conditional test when yajl is not
	  found

2009-12-07  Daniel P. Berrange  <berrange@redhat.com>

	Introduce a simple API for handling JSON data
	This introduces simple API for handling JSON data. There is
	an internal data structure 'virJSONValuePtr' which stores a
	arbitrary nested JSON value (number, string, array, object,
	nul, etc).  There are APIs for constructing/querying objects
	and APIs for parsing/formatting string formatted JSON data.

	This uses the YAJL library for parsing/formatting from

	 http://lloyd.github.com/yajl/

	* src/util/json.h, src/util/json.c: Data structures and APIs
	  for representing JSON data, and parsing/formatting it
	* configure.in: Add check for yajl library
	* libvirt.spec.in: Add build requires for yajl
	* src/Makefile.am: Add json.c/h
	* src/libvirt_private.syms: Export JSON symbols to drivers

	Add --system flag to autogen.sh to make it easy to build with right prefix
	Add a --system flag to autogen.sh which gets turned into the args
	--prefix=/usr --sysconfdir=/etc --localstatedir=/var to make it
	easy to build with settings that match an RPM build

	* autogen.sh: Add --system flag

2009-12-05  Jiri Denemark  <jdenemar@redhat.com>

	Export all symbols from xml.h for internal use
	Some of the very useful calls for XML parsing provided by util/xml.[ch]
	were not exported as private symbols. This patch fixes this.

2009-12-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Use virIndexToDiskName() in vboxGenerateMediumName()

2009-12-05  Jiri Denemark  <jdenemar@redhat.com>

	Tests for interface type/model configuration
	add a set of tests for Xen interface type and model configurations

2009-12-04  Jiri Denemark  <jdenemar@redhat.com>

	Support for interface model='netfront'
	Xen HVM guests with PV drivers end up with two network interfaces for
	each configured interface. One of them being emulated by qemu and the
	other one paravirtual. As this might not be desirable, the attached
	patch provides a way for users to specify that only paravirtual network
	interface should be presented to the guest.

	The configuration was inspired by qemu/kvm driver, for which users can
	specify model='virtio' to use paravirtual network interface.

	The patch adds support for model='netfront' which results in
	type=netfront instead of type=ioemu (or nothing for newer xen versions)
	in guests native configuration. Xen's qemu ignores interfaces with
	type != ioemu and only paravirtual network device will be seen in the
	guest.

	Four possible configuration scenarios follow:

	- no model specified in domain's XML
	    - libvirt will behave like before this change; it will set
	      type=ioemu for HVM guests on xen host which is not newer than
	      XEND_CONFIG_MAX_VERS_NET_TYPE_IOEMU
	    - covered by existing tests

	- PV guest, any model
	    - no functional change, model is passed as is (and ignored by the
	      hypervisor)
	    - covered by existing tests (e.g., *-net-e1000.*)
	- HVM guest, model=netfront
	    - type is set to "netfront", model is not specified
	    - covered by new *-net-netfront.* tests

	- HVM guest, model != netfront
	    - type is set to "ioemu", model is passed as is
	    - covered by new *-net-ioemu.* tests

	The fourth scenario feels like a regression for xen newer than
	XEND_CONFIG_MAX_VERS_NET_TYPE_IOEMU as users who had a model specified
	in their guest's configuration won't see a paravirtual interface in
	their guests any more. On the other hand, the reason for specifying a
	model is most likely the fact that they want to use such model which
	implies emulated interface. Users of older xen won't be affected at all
	as their xen provides paravirtual interface regardless of the type used.

	- src/xen/xend_internal.c: add netfront support for the xend backend
	- src/xen/xm_internal.c: add netfront support for the XM serialization too

2009-12-04  Pritesh Kothari  <pritesh.kothari@sun.com>

	vbox: Add support for version 3.1
	Also fixed serial port configuration which was broken due to recent
	change in virDomainChrDef where targetType was newly added.

	* src/Makefile.am: add new files
	* src/vbox/vbox_driver.c: add case for version 3.1
	* src/vbox/vbox_tmpl.c: refactor common patterns into macros, support for
	  version 3.1, serial port configuration fix
	* src/vbox/vbox_CAPI_v3_1.h, src/vbox/vbox_V3_1.c: generated code

2009-12-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add virIndexToDiskName and fix mapping gap
	esxVMX_IndexToDiskName handles indices up to 701. This limit comes
	from a mapping gap in virDiskNameToIndex:

	  sdzy -> 700
	  sdzz -> 701
	  sdaaa -> 728
	  sdaab -> 729

	This line in virDiskNameToIndex causes this gap:

	  idx = (idx + i) * 26;

	Fixing it by altering this line to:

	  idx = (idx + (i < 1 ? 0 : 1)) * 26;

	Also add a new version of virIndexToDiskName that handles the inverse
	mapping for arbitrary indices.

	* src/esx/esx_vmx.[ch]: remove esxVMX_IndexToDiskName
	* src/util/util.[ch]: add virIndexToDiskName and fix mapping gap
	* tests/esxutilstest.c: update test to verify that the gap is fixed

	Fix some locking issues
	* src/conf/domain_conf.c: don't call virDomainObjUnlock twice
	* src/qemu/qemu_driver.c: relock driver lock if an error occurs in
	  qemuDomainObjBeginJobWithDriver, enter/exit monitor with driver
	  in qemudDomainSave

2009-12-03  Daniel Veillard  <veillard@redhat.com>

	Fix missing background color

2009-12-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix event test timer checks on kernels with HZ=100
	On kernels with HZ=100, the resolution of sleeps in poll() is
	quite bad. Doing a precise check on the expiry time vs the
	current time will thus often thing the timer has not expired
	even though we're within 10ms of the expected expiry time. This
	then causes another pointless sleep in poll() for <10ms. Timers
	do not need to have such precise expiration, so we treat a timer
	as expired if it is within 20ms of the expected expiry time. This
	also fixes the eventtest.c test suite on kernels with HZ=100

	* daemon/event.c: Add 20ms fuzz when checking for timer expiry

2009-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in QEMU driver webpage
	* docs/drvqemu.html.in: Fix typo describing URI driver protocol

2009-11-30  Paolo Bonzini  <pbonzini@redhat.com>

	Add another SENTINEL attribute
	* src/xen/xend_internal.c (xend_op): Add ATTRIBUTE_SENTINEL.

2009-11-27  Wolfgang Mauerer  <wolfgang.mauerer@siemens.com>

	Clarify documentation for private symbols
	The instruction "See Makefile.am" in libvirt.private_syms
	always makes me think that this file is autogenerated
	and should not be touched manually. This patch spares
	every reader of libvirt.private_syms the hassle of
	reading Makefile.am before augmenting libvirt.private_syms.

	Fix help message
	The configuration file setting is overriden by -f or --config, but
	not with -c

2009-11-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix threading problems in python bindings
	* libvirt-override.c: Add many missing calls to allow threading
	  when entering C code, otherwise python blocks & then deadlocks
	  when we have an async event to dispatch back into python code.
	  Fix return value check for virDomainPinVcpu binding.

	Supress annoying libcap-ng errors from valgrind
	* tests/.valgrind.supp: Ignore capng problems

	Fix two leaks in test driver
	* src/test/test_driver.c: Fix leak of vcpu info, and nodedevice
	  info

	Free cgroup device ACL list on driver shutdown
	* src/qemu/qemu_driver.c: Free cgroup ACLs

2009-11-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	xen: Fix unconditional freeing in xenDaemonListDefinedDomains()
	Commit 790f0b3057787bb64da8c46c111ff8d3eff7b2af causes the contents of
	the names array to be freed even on success, resulting in no listing of
	defined but inactive Xen domains.

	Spotted by Jim Fehlig

2009-11-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix default disk type when parsing QEMU argv
	* src/qemu/qemu_conf.c: Fix default disk type to be 'FILE'
	  again, after previous commit accidentally changed it

2009-11-24  Gerhard Stenzel  <gerhard.stenzel@de.ibm.com>

	remove port filter when network device is detached
	* src/qemu/qemu_driver.c: remove the port filter if the network device
	  is detached via virDomainDetachDevice.

2009-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Support QEMU's virtual FAT block device driver
	Introduce a new type="dir"  mode for <disks> that allows use of
	QEMU's  virtual FAT block device driver. eg

	    <disk type='dir' device='floppy'>
	      <source dir='/tmp/test'/>
	      <target dev='fda' bus='fdc'/>
	      <readonly/>
	    </disk>

	gets turned into

	  -drive file=fat:floppy:/tmp/test,if=floppy,index=0

	Only read-only disks are supported with virtual FAT mode

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Add type="dir"
	* docs/schemas/domain.rng: Document new disk type
	* src/xen/xend_internal.c, src/xen/xm_internal.c: Raise error for
	  unsupported disk types
	* tests/qemuxml2argvdata/qemuxml2argv-disk-cdrom-empty.args: Fix
	  empty disk file handling
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-fat.args,
	  tests/qemuxml2argvdata/qemuxml2argv-disk-drive-fat.xml,
	  tests/qemuxml2argvdata/qemuxml2argv-floppy-drive-fat.args,
	  tests/qemuxml2argvdata/qemuxml2argv-floppy-drive-fat.xml
	  tests/qemuxml2argvtest.c: Test QEMU vitual FAT driver
	* src/qemu/qemu_conf.c: Support generating fat:/some/dir type
	  disk args
	* src/security/security_selinux.c: Temporarily skip labelling
	  of directory based disks

	Alternate CPU affinity impl to cope with NR_CPUS > 1024
	The cpu_set_t type can only cope with NR_CPUS <= 1024, beyond this
	it is neccessary to use alternate CPU_SET maps with a dynamically
	allocated CPU map

	* src/util/processinfo.c: Support new unlimited size CPU set type

	Pull schedular affinity code out into a separate module
	* src/Makefile.am: Add processinfo.h/processinfo.c
	* src/util/processinfo.c, src/util/processinfo.h: Module providing
	  APIs for getting/setting process CPU affinity
	* src/qemu/qemu_driver.c: Switch over to new APIs for schedular
	  affinity
	* src/libvirt_private.syms: Export virProcessInfoSetAffinity
	  and virProcessInfoGetAffinity to internal drivers

	Ignore docs/ directory for strcmp() syntax check
	* .x-sc_prohibit_strcmp_and_strncmp: Ignore docs/

2009-11-23  Dan Kenigsberg  <danken@redhat.com>

	Fix news.html validation

2009-11-21  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.7.4
	0.7.3 was broken

	* configure.in docs/news.html.in: release of 0.7.4
	* configure.in libvirt.spec.in: require netcf >= 0.1.4
	* src/Makefile.am: node_device/node_device_udev.h was missing from
	  NODE_DEVICE_DRIVER_UDEV_SOURCES breaking compilation on platforms with
	  udev

	Release of libvirt-0.7.3
	* configure.in docs/news.html.in libvirt.spec.in: describe new release
	* po/*.po*: regenerate

2009-11-20  Daniel P. Berrange  <berrange@redhat.com>

	Enable udev instead of hal on F12 / RHEL-6 or later
	HAL has been deprecated since F12 and RHEL-6, so if building on
	these platforms, switch on the udev driver instead

	* libvirt.spec.in: Activate udev on F12/RHEL6

2009-11-20  Cole Robinson  <crobinso@redhat.com>

	Document overriding domain interface target
	* docs/formatdomain.html.in: document that vnet and vif are reserved
	  names and will be ignored if manually specified.

	python: Actually implement list*Interfaces bindings
	* python/generator.py python/libvirt-override-api.xml
	  python/libvirt-override.c: implement the bindings for
	  virConnectListInterfaces() and virConnectListDefinedInterfaces()

2009-11-20  Daniel Veillard  <veillard@redhat.com>

	514532 Fix man page, most operation are synchronous
	* tools/virsh.pod: the man page was stating that most operations
	  are asynchronous while in fact most of them are synchronous except
	  domain shutdown, setvcpus and setmem.

	504262 Check for duplicated UUID in XM Xen defines
	* src/xen/xm_internal.c: the XM driver was not checking for previously
	  defined UUID on new defines. Similar to virDomainObjIsDuplicate()
	  behaviour.

	512069 fix domain XML schemas for backward compatibility
	For backward compatibility we used to add the tty path as
	a tty attribute on console of type pty, duplicating the value
	now found in source/@path, but the Relax-NG grammar wasn't
	extended for this
	    <console type='pty' tty='/dev/pts/8'>
	      <source path='/dev/pts/8'/>
	      <target port='0'/>
	    </console>

	* docs/schemas/domain.rng: allow an optional tty attribute
	  containing a devicePath

2009-11-20  Steve Yarmie  <steve.yarmie@gmail.com>

	qemu-kvm needs -enable-kvm flag for VT optimization
	Recent qemu releases require command option '-enable-qemu' in order
	for the kvm functionality be activated. Libvirt needs to pass this flag
	to qemu when starting a domain. Note that without the option,
	even if both the kernel and qemu support KVM, KVM will not be activated
	and VMs will be very slow.

	* src/qemu/qemu_conf.h src/qemu/qemu_conf.c: parse the extra command
	  line option from help and add it when running kvm
	* tests/qemuhelptest.c: this modified the flags output for qemu-0.10.5
	  and qemu-kvm-0.11.0-rc2 regression tests

	fix deprecated iptables command syntax
	* src/util/iptables.c: `--option !  this` is deprecated in favor of
	  `! --option this` syntax, change the output command accordingly

2009-11-19  Dave Allan  <dallan@redhat.com>

	remove sysfs_path and parent_sysfs_path from XML
	Erroneously included the sysfs_path and parent_sysfs_path elements in
	the node device xml, they were not supposed to show up there

	* src/conf/node_device_conf.c: remove the output of the 2 fields

	Removing devicePath member from dev struct
	I realized that I inadvertently added a member to the def struct to
	contain each device's sysfs path when there was an existing member in the
	dev struct for "OS specific path to device metadat, eg sysfs"  Since the
	udev backend needs to record the sysfs path while it's in the process of
	creating the device, before the dev struct gets allocated, I chose to
	remove the member from the dev struct.

	* src/conf/node_device_conf.c src/conf/node_device_conf.h
	  src/node_device/node_device_driver.c src/node_device/node_device_hal.c
	  src/node_device/node_device_udev.c: remove devicePath from the
	  structure and use def->sysfs_path instead

	report OOM in two places in node_device_driver.c
	* src/node_device/node_device_driver.c: two places where not calling
	  virReportOOMError after strdup failure

2009-11-19  Daniel P. Berrange  <berrange@redhat.com>

	Ensure driver lock is released when entering QEMU monitor
	The qemudStartVMDaemon() and several functions it calls use
	the QEMU monitor. The QEMU driver is locked while this function
	is executing, so it is rquired to release the driver lock and
	reacquire it either side of issuing a monitor command. It
	failed todo so, leading to deadlock

	* qemu/qemu_driver.c: Release driver when in qemudStartVMDaemon
	  and things it calls

2009-11-17  Daniel Veillard  <veillard@redhat.com>

	Updated localization and regenerated the pos
	updated el.po es.po or.po pl.po ta.po te.po
	ran make update-po

2009-11-17  Matthew Booth  <mbooth@redhat.com>

	Fix typo in error message

2009-11-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	Whitespace cleanup for pre-tags on the website

2009-11-17  Daniel P. Berrange  <berrange@redhat.com>

	Fix type in configure output summary
	* configure.in: Fix typo in PCIACCESS_LIBS

2009-11-17  Daniel Veillard  <veillard@redhat.com>

	Remove a compilation warning on uninitialized var

2009-11-16  Guido Günther  <agx@sigxcpu.org>

	only remove masquerade roles for VIR_NETWORK_FORWARD_NAT
	Fixes http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=549949

2009-11-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix CPU clock Hz to MHz conversion

	esx: Fix memory leak in esxVI_HostCpuIdInfo_Free()

	esx: Fix MAC address formatting
	VMware uses two MAC address prefixes: 00:0c:29 and 00:50:56. The 00:0c:29
	prefix is used for ESX server generated addresses. The 00:50:56 prefix is
	split into two parts. MAC addresses above 00:50:56:3f:ff:ff are generated
	by a vCenter. The rest of the 00:50:56 prefix can be assigned manually.
	Any MAC address within the 00:0c:29 and 00:50:56 prefix can be specified
	in a domain XML config and the driver will handle the details internally.

	* src/esx/esx_vmx.c: fix MAC address formatting
	* tests/xml2vmxdata/*: update test files accordingly

	esx: Handle 'vmxnet3' in esxVMX_FormatEthernet()
	In commit 3c80fac2588cbc9e5ee7e7069e1ca4468f2359d3 'vmxnet3' handling
	was added to esxVMX_ParseEthernet(), but not to the inverse function
	esxVMX_FormatEthernet().

	esx: Add documentation to the website
	* docs/drivers.html.in: list the ESX driver
	* docs/drvesx.html.in: the new ESX driver documentation
	* docs/hvsupport.html.in: add the ESX driver to the matrix
	* docs/index.html.in, docs/sitemap.html.in: list the ESX driver
	* src/esx/esx_driver.c: fix and cleanup some comments

	Change DTD references to use public instead of system identifier
	Debian's /etc/xml/catalog doesn't contain system identifiers, so use
	public identifiers instead.

	* docs/Makefile.am: use public instead of system identifier
	* docs/site.xsl: use matching public identifier

2009-11-15  Jim Fehlig  <jfehlig@novell.com>

	Fix compilation of libvirt against xen-unstable
	* src/xen/xen_hypervisor.c: xen-unstable changeset 19788 removed
	  MAX_VIRT_CPUS from public headers, breaking compilation of libvirt
	  on -unstable.  Its semanitc was retained with XEN_LEGACY_MAX_VCPUS.
	  Ensure MAX_VIRT_CPUS is defined accordingly.

2009-11-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix probing for libpciaccess
	If 'with_udev=check' then missing pciaccess should not be a fatal
	error. It should merely disable the udev driver.

	* configure.in: Fix pciaccess check to be non-fatal

	Remove obsolte devicekit checks
	Device kit support was removed, but the configure.ac checks were
	left in place. A number of the XXX_REQUIRED=X.Y.Z variables were
	not declared in the correct location (ie top of the file)

	* configure.in: Remove device kit checks & move mis-placed variables
	  to correct location

	Fix incorrect reference counting logic in qemu monitor open
	The QEMU monitor open method would not take a reference on
	the virDomainObjPtr until it had successfully opened the
	monitor. The cleanup code upon failure to open though would
	call qemuMonitorClose() which would in turn decrement the
	reference count. This caused the virDoaminObjPtr to be mistakenly
	freed and then the whole driver crashes

	* src/qemu/qemu_monitor.c: Fix reference counting in
	  qemuMonitorOpen

	Don't return fatal error in HAL driver init if HAL isn't running
	The HAL driver returns a fatal error code in the case where HAL
	is not running. This causes the entire libvirtd daemon to quit
	which isn't desirable. Instead it should simply disable the HAL
	driver

	* src/node_device/node_device_hal.c: Quietly disable HAL if it is
	  not running

	Fix cleanup when state driver init fails
	* daemon/libvirtd.c: Fix incorrect goto label causing cleanup to
	  be missed when state driver init fails

2009-11-13  Matthew Booth  <mbooth@redhat.com>

	Small guestfwd code cleanup
	* src/qemu/qemu_conf.c: Remove and inline qemudBuildCommandLineChrDevTargetStr

	Small indentation cleanup of domain schema

2009-11-13  Jamie Strandboge  <jamie@canonical.com>

	AppArmor code cleanups
	* src/security/security_apparmor.c: a few code cleanups following a
	  review on the list

	AppArmor handling of accesses to readonly files
	Fixes https://launchpad.net/bugs/453335

	* src/security/virt-aa-helper.c: suppress confusing and misleading
	  apparmor denied message when kvm/qemu tries to open a libvirt specified
	  readonly file (such as a cdrom) with write permissions. libvirt uses
	  the readonly attribute for the security driver only, and has no way
	  of telling kvm/qemu that the device should be opened readonly

	AppArmor require absolute paths
	Fixes https://launchpad.net/bugs/460271

	* src/security/virt-aa-helper.c: require absolute path for dynamic added
	  files. This is required by AppArmor and conveniently prevents adding
	  tcp consoles to the profile

	AppArmor updates of examples
	* examples/apparmor/libvirt-qemu: adds pulseaudio, alsa and preliminary
	  save/restore to the example apparmor abstraction
	* examples/apparmor/usr.sbin.libvirtd: allows libvirtd access to inet
	  dgram, inet6 dgram, inet6 stream and /usr/lib/libvirt/*

2009-11-13  Daniel P. Berrange  <berrange@redhat.com>

	Check that domain is running when starting console
	The 'virsh console' command did not check if the domain was
	already running before attempting to fetch the XML and extract
	the console PTY path. This caused a slightly unhelpful / misleading
	error message for the user. The explicit check ensures the user
	gets an explicit 'domain is not running' message.

	* tools/virsh.c: Validate that state != VIR_DOMAIN_SHUTOFF in
	  virsh console command

	Fix incorrect variable passed to LXC event callback
	The wrong variable was being passed in with the LXC event callback
	resulting in a later deadlock or crash

	* src/lxc/lxc_driver.c: Pass 'vm' instead of 'driver' to event
	  callback

	Fix check for existance of cgroups at creation
	In the scenario where the cgroups were mounted but the
	particular group did not exist, and the caller had not
	requested auto-creation, the code would fail to return
	an error condition. This caused the lxc_controller to
	think the cgroup existed, and it then later failed when
	attempting to use it

	* src/util/cgroup.c: Raise an error if the cgroup path does not
	  exist

	Fix race condition in HAL driver startup
	There is a race condition in HAL driver startup where the callback
	can get triggered before we have finished startup. This then causes
	a deadlock in the driver.

	* src/node_device/node_device_hal.c: RElease driver lock before
	  registering DBus callbacks

	Fix formatting of XML for an inactive guest
	If the virDomainDefPtr object has an 'id' of -1, then forcably
	set the VIR_DOMAIN_XML_INACTIVE flag to ensure generated XML
	does not include any cruft from the previously running guest
	such as console PTY path, or VNC port.

	* src/conf/domain_conf.c: Set VIR_DOMAIN_XML_INACTIVE if
	  def->id is -1. Replace checks for def->id == -1 with
	  check against flags & VIR_DOMAIN_XML_INACTIVE.

	Remove capng_lock() call when spawning LXC container init process
	The capng_lock() call sets the SECURE_NO_SETUID_FIXUP and SECURE_NOROOT
	bits on the process. This prevents the kernel granting capabilities to
	processes with an effective UID of 0, or with setuid programs. This is
	not actually what we want in the container init process. It should be
	allowed to run setuid processes & keep capabilities when root. All that
	is required is masking a handful of dangerous capabilities from the
	bounding set.

	* src/lxc/lxc_container.c: Remove bogus capng_lock() call.

	Fix initscript to check daemon pidfile
	The libvirtd initscript could get confused between the system and
	session instances of the daemon. To avoid this it is neccessary
	to check the pidfile explicitly.

	* daemon/libvirtd.init.in: Always check the pidfile of the system
	  daemon to avoid confusion with the session daemons

2009-11-13  Jamie Strandboge  <jamie@canonical.com>

	Fix virt-aa-helper when host and os.type arch differ
	* src/security/virt-aa-helper.c: get_definition() now calls the new
	  caps_mockup() function which will parse the XML for os.type,
	  os.type.arch and then sets the wordsize.  These attributes are needed
	  only to get a valid virCapsPtr for virDomainDefParseString(). The -H
	  and -b options are now removed from virt-aa-helper (they weren't used
	  yet anyway).
	* tests/virt-aa-helper-test: extend and fixes tests, chmod'ed 755

2009-11-13  David Allan  <dallan@redhat.com>

	Add translation of PCI vendor and product IDs
	uses libpciaccess to provide human readable names for PCI vendor and
	device IDs
	* configure.in: add a requirement for libpciaccess >= 0.10.0
	* src/Makefile.am: add the associated compilation flags and link
	* src/node_device/node_device_udev.c: lookup the libpciaccess for
	  vendor name and product name based on their ids

	Remove DevKit node device backend
	* configure.in src/Makefile.am: remove the configuration check and
	  build instructions
	* src/node_device/node_device_devkit.c: removed the module
	* src/node_device/node_device_driver.c src/node_device/node_device_driver.h:
	  removed references to the old backend

	Add scsi_target device type
	* src/conf/node_device_conf.h src/conf/node_device_conf.c: add specific
	  support for SCSI target in node device capabilities
	* src/node_device/node_device_udev.c: add some extra detection code
	  when handling udev output

	Implement a node device backend using libudev
	* configure.in: add new --with-udev, disabled by default, and requiring
	  libudev > 145
	* src/node_device/node_device_udev.c src/node_device/node_device_udev.h:
	  the new node device backend
	* src/node_device/node_device_linux_sysfs.c: moved node_device_hal_linux.c
	  to a better file name
	* src/conf/node_device_conf.c src/conf/node_device_conf.h: add a couple
	  of fields in node device definitions, and an API to look them up,
	  remove a couple of unused fields from previous patch.
	* src/node_device/node_device_driver.c src/node_device/node_device_driver.h:
	  plug the new driver
	* po/POTFILES.in src/Makefile.am src/libvirt_private.syms: add the new
	  files and symbols
	* src/util/util.h src/util/util.c: add a new convenience macro
	  virBuildPath and virBuildPathInternal() function

	Add several fields to node device capabilities
	* src/conf/node_device_conf.h src/conf/node_device_conf.c: add the new
	  fields in the structure as well as parsing and serialization

2009-11-12  Cole Robinson  <crobinso@redhat.com>

	Add virConnectGetLibvirtVersion API
	There is currently no way to determine the libvirt version of a remote
	libvirtd we are connected to. This is a useful piece of data to enable
	feature detection.

2009-11-12  Maximilian Wilhelm  <max@rfc2324.org>

	Implement finer grained migration control for Xen
	* src/xen/xen_driver.c: Add support for VIR_MIGRATE_PERSIST_DEST flag
	* src/xen/xend_internal.c: Add support for VIR_MIGRATE_UNDEFINE_SOURCE flag
	* include/libvirt/virterror.h, src/util/virterror.c: Add new errorcode
	  VIR_ERR_MIGRATE_PERSIST_FAILED

2009-11-12  pritesh  <Pritesh.Kothari@Sun.COM>

	Support for SATA Disks in virDomainDiskBus
	* src/conf/domain_conf.h src/conf/domain_conf.c: add the new entry in
	  the enum and lists of virDomainDiskBus
	* src/qemu/qemu_conf.c: same for virDomainDiskQEMUBus

2009-11-12  Ryota Ozaki  <ozaki.ryota@gmail.com>

	LXC implement missing DomainInterfaceStats API
	* src/lxc/lxc_driver.c: add lxcDomainInterfaceStats implementing
	  virDomainInterfaceStats()

2009-11-12  Daniel P. Berrange  <berrange@redhat.com>

	Filter out stale domains from xenstore listing
	The xenstore database sometimes has stale domain IDs which are not
	present in the hypervisor anymore. Filter these out to avoid causing
	confusion

	* src/xen/xs_internal.c: Filter domain IDs against HV's list
	* src/xen/xen_hypervisor.h, src/xen/xen_hypervisor.c: Add new
	  xenHypervisorHasDomain() method for checking ID validity

2009-11-12  Jonas Eriksson  <jonas.j.eriksson@ericsson.com>

	Fix logic in xenUnifiedNumOfDomains to match xenUnifiedListDomains
	The xenUnifiedNumOfDomains and xenUnifiedListDomains methods work
	together as a pair, so it is critical they both apply the same
	logic. With the current mis-matched logic it is possible to sometimes
	get into a state when you miss certain active guests.

	* src/xen/xen_driver.c: Change xenUnifiedNumOfDomains ordering to
	  match xenUnifiedListDomains.

2009-11-12  Daniel P. Berrange  <berrange@redhat.com>

	Disable IPv6 socket auto-binding to IPv4 socket
	Sometimes getaddrinfo returns IPv4 addresses before IPv6 addresses.
	IPv6 sockets default to attempting to bind to IPv4 addresses too.
	So if the IPv4 address is activated first, then binding to IPv6
	will unneccessarily fail.

	* daemon/libvirtd.c: Bind to IPv6 and IPv4 addresses separately

	Exclude numactl on s390[x]
	The numactl package is not applicable for s390[x] arches, so do
	not enable it as a build dep.

	* libvirt.spec.in: Exclude numactl on s390[x]

2009-11-12  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Fix error handling in qemuMonitorOpen
	* src/qemu/qemu_monitor.c: add error check for qemuMonitorOpenXXX
	  returned file descriptor

2009-11-11  Daniel P. Berrange  <berrange@redhat.com>

	Fix save and restore with non-privileged guests and SELinux
	When running qemu:///system instance, libvirtd runs as root,
	but QEMU may optionally be configured to run non-root. When
	then saving a guest to a state file, the file is initially
	created as root, and thus QEMU cannot write to it. It is also
	missing labelling required to allow access via SELinux.

	* src/qemu/qemu_driver.c: Set ownership on save image before
	  running migrate command in virDomainSave impl. Call out to
	  security driver to set save image labelling
	* src/security/security_driver.h: Add driver APIs for setting
	  and restoring saved state file labelling
	* src/security/security_selinux.c: Implement saved state file
	  labelling for SELinux

2009-11-11  Gerhard Stenzel  <gstenzel@linux.vnet.ibm.com>

	disable mac_filter config switch by default
	* src/qemu/qemu.conf:  disables the mac_filter config switch by default
	  to match existing convention, also document the option

2009-11-11  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Prevent initializing ebtables if disabled in qemu.conf
	* src/qemu/qemu_conf.c: don't initialize ebtables if
	  disabled

2009-11-11  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: too much timeout when polling socket
	* src/phyp/phyp_driver.c: a 10s timeout on socket availability was way
	  too long, reduced to 1ms

2009-11-11  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Fix warning on make due to missing cast (int)
	* src/qemu/qemu_monitor.c src/qemu/qemu_monitor_text.c: cast size_t to
	  int when passing to '%d'

2009-11-11  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: Reorder keyboard_interactive label in openSSHSession()
	Finish changes intended to be part of commit
	6c70802374d1cb9316769fea750a6c2c198901ff

2009-11-11  Daniel P. Berrange  <berrange@redhat.com>

	Implmentation of new APIs to checking state/persistence of objects
	This implements the virConnectIsSecure, virConnectIsEncrypted,
	virDomainIsPersistent, virDomainIsActive, virNetworkIsActive,
	virNetworkIsPersistent, virStoragePoolIsActive,
	virStoragePoolIsPersistent, virInterfaceIsActive APIs in
	(nearly) all drivers. Exceptions are:

	 phyp: missing domainIsActive/Persistent
	 esx: missing domainIsPersistent
	 opennebula: missing domainIsActive/Persistent

	* src/remote/remote_protocol.x: Define remote wire ABI for newly
	  added APIs.
	* daemon/remote_dispatch*.h: Re-generated from remote_protocol.x
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/opennebula/one_driver.c, src/openvz/openvz_conf.c,
	  src/openvz/openvz_driver.c, src/phyp/phyp_driver.c,
	  src/remote/remote_driver.c, src/storage/storage_driver.c,
	  src/test/test_driver.c, src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/xen/xen_driver.c, src/xen/xen_driver.h, src/xen/xen_inotify.c,
	  src/xen/xen_inotify.h: Implement all the new APIs where possible

	New APIs for checking some object properties
	Introduce a number of new APIs to  expose some boolean properties
	of objects, which cannot otherwise reliably determined, nor are
	aspects of the XML configuration.

	 * virDomainIsActive: Checking virDomainGetID is not reliable
	   since it is not possible to distinguish between error condition
	   and inactive domain for ID of -1.
	 * virDomainIsPersistent: Check whether a persistent config exists
	   for the domain

	 * virNetworkIsActive: Check whether the network is active
	 * virNetworkIsPersistent: Check whether a persistent config exists
	   for the network

	 * virStoragePoolIsActive: Check whether the storage pool is active
	 * virStoragePoolIsPersistent: Check whether a persistent config exists
	   for the storage pool

	 * virInterfaceIsActive: Check whether the host interface is active

	 * virConnectIsSecure: whether the communication channel to the
	   hypervisor is secure
	 * virConnectIsEncrypted: whether any network based commnunication
	   channels are encrypted

	NB, a channel can be secure, even if not encrypted, eg if it does
	not involve the network, like a UNIX socket, or pipe.

	 * include/libvirt/libvirt.h.in: Define public API
	 * src/driver.h: Define internal driver API
	 * src/libvirt.c: Implement public API entry point
	 * src/libvirt_public.syms: Export API symbols
	 * src/esx/esx_driver.c, src/lxc/lxc_driver.c,
	   src/interface/netcf_driver.c, src/network/bridge_driver.c,
	   src/opennebula/one_driver.c, src/openvz/openvz_driver.c,
	   src/phyp/phyp_driver.c, src/qemu/qemu_driver.c,
	   src/remote/remote_driver.c, src/test/test_driver.c,
	   src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	   src/xen/xen_driver.c: Stub out driver tables

2009-11-11  Daniel Veillard  <veillard@redhat.com>

	Various fixes following a code review part 2
	* daemon/libvirtd.c tools/virsh.c: Steve Grubb <sgrubb@redhat.com> found
	  a few more issues

	Various fixes following a code review
	* src/libvirt.c src/lxc/lxc_conf.c src/lxc/lxc_container.c
	  src/lxc/lxc_controller.c src/node_device/node_device_hal.c
	  src/openvz/openvz_conf.c src/qemu/qemu_driver.c
	  src/qemu/qemu_monitor_text.c src/remote/remote_driver.c
	  src/storage/storage_backend_disk.c src/storage/storage_driver.c
	  src/util/logging.c src/xen/sexpr.c src/xen/xend_internal.c
	  src/xen/xm_internal.c: Steve Grubb <sgrubb@redhat.com> sent a code
	  review and those are the fixes correcting the problems

2009-11-10  Daniel P. Berrange  <berrange@redhat.com>

	Allow timeouts waiting for QEMU job lock
	Some monitor commands may take a very long time to complete. It is
	not desirable to block other incoming API calls forever. With this
	change, if an existing API call is holding the job lock, additional
	API calls will not wait forever. They will time out after a short
	period of time, allowing application to retry later.

	* include/libvirt/virterror.h, src/util/virterror.c: Add new
	  VIR_ERR_OPERATION_TIMEOUT error code
	* src/qemu/qemu_driver.c: Change to a timed condition variable
	  wait for acquiring the monitor job lock

	Release driver and domain lock when running monitor commands
	QEMU monitor commands may sleep for a prolonged period of time.
	If the virDomainObjPtr or qemu driver lock is held this will
	needlessly block execution of many other API calls. it also
	prevents asynchronous monitor events from being dispatched
	while a monitor command is executing, because deadlock will
	ensure.

	To resolve this, it is neccessary to release all locks while
	executing a monitor command. This change introduces a flag
	indicating that a monitor job is active, and a condition
	variable to synchronize access to this flag. This ensures that
	only a single thread can be making a state change or executing
	a monitor command at a time, while still allowing other API
	calls to be completed without blocking

	* src/qemu/qemu_driver.c: Release driver and domain lock when
	  running monitor commands. Re-add locking to disk passphrase
	  callback
	* src/qemu/THREADS.txt: Document threading rules

	Fully asynchronous monitor I/O processing
	Change the QEMU monitor file handle watch to poll for both
	read & write events, as well as EOF. All I/O to/from the
	QEMU monitor FD is now done in the event callback thread.

	When the QEMU driver needs to send a command, it puts the
	data to be sent into a qemuMonitorMessagePtr object instance,
	queues it for dispatch, and then goes to sleep on a condition
	variable. The event thread sends all the data, and then waits
	for the reply to arrive, putting the response / error data
	back into the qemuMonitorMessagePtr and notifying the condition
	variable.

	There is a temporary hack in the disk passphrase callback to
	avoid acquiring the domain lock.  This avoids a deadlock in
	the command processing, since the domain lock is still held
	when running monitor commands. The next commit will remove
	the locking when running commands & thus allow re-introduction
	of locking the disk passphrase callback

	* src/qemu/qemu_driver.c: Temporarily don't acquire lock in
	  disk passphrase callback. To be reverted in next commit
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Remove
	  raw I/O functions, and a generic qemuMonitorSend() for
	  invoking a command
	* src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
	  Remove all low level I/O, and use the new qemuMonitorSend()
	  API. Provide a qemuMonitorTextIOProcess() method for detecting
	  command/reply/prompt boundaries in the monitor data stream

2009-11-10  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: ssh authentication with public key fixed
	Use ssh keyfiles from the current user's home directory instead of trying
	to use keyfiles from a hardcoded /home/user directory. Fallback to
	username/password authentication if keyfiles are not available or keyfile
	authentication failed.

2009-11-10  Daniel P. Berrange  <berrange@redhat.com>

	Add reference counting on virDomainObjPtr objects
	Add reference counting on the virDomainObjPtr objects. With the
	forthcoming asynchronous QEMU monitor, it will be neccessary to
	release the lock on virDomainObjPtr while waiting for a monitor
	command response. It is neccessary to ensure one thread can't
	delete a virDomainObjPtr while another is waiting. By introducing
	reference counting threads can make sure objects they are using
	are not accidentally deleted while unlocked.

	* src/conf/domain_conf.h, src/conf/domain_conf.c: Add
	  virDomainObjRef/Unref APIs, remove virDomainObjFree
	* src/openvz/openvz_conf.c: replace call to virDomainObjFree
	  with virDomainObjUnref

	Locking of the qemuMonitorPtr object
	In preparation of the monitor I/O process becoming fully asynchronous,
	it is neccessary to ensure all access to internals of the qemuMonitorPtr
	object is protected by a mutex lock.

	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add mutex for locking
	  monitor.
	* src/qemu/qemu_driver.c: Add locking around all monitor commands

	Wrap text mode monitor APIs, pass qemuMonitorPtr directly to APIs
	Change the QEMU driver to not directly invoke the text mode monitor
	APIs. Instead add a generic wrapper layer, which will eventually
	invoke either the text or JSON protocol code as needed. Pass an
	qemuMonitorPtr object into the monitor APIs instead of virDomainObjPtr
	to complete the de-coupling of the monitor impl from virDomainObj
	data structures

	* src/qemu/qemu_conf.h: Remove qemuDomainObjPrivate definition
	* src/qemu/qemu_driver.c: Add qemuDomainObjPrivate definition.
	  Pass qemuMonitorPtr into all monitor APIs instead of the
	  virDomainObjPtr instance.
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add thin
	  wrappers for all qemuMonitorXXX command APIs, calling into
	  qemu_monitor_text.c/h
	* src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
	  Rename qemuMonitor -> qemuMonitorText & update to accept
	  qemuMonitorPtr instead of virDomainObjPtr

	Move encryption lookup back into qemu driver file
	Decouple the monitor code from the virDomainDefPtr structure
	by moving the disk encryption lookup code back into the
	qemu_driver.c file. Instead provide a function callback to
	the monitor code which can be invoked to retrieve encryption
	data as required.

	* src/qemu/qemu_driver.c: Add findDomainDiskEncryption,
	  and findVolumeQcowPassphrase. Pass address of the method
	  findVolumeQcowPassphrase into qemuMonitorOpen()
	* src/qemu/qemu_monitor.c: Associate a disk
	  encryption function callback with the qemuMonitorPtr
	  object.
	* src/qemu/qemu_monitor_text.c: Remove findDomainDiskEncryption
	  and findVolumeQcowPassphrase.

	Make use of private data structure for monitor state
	Introduce a new qemuDomainObjPrivate object which is used to store
	the private QEMU specific data associated with each virDomainObjPtr
	instance. This contains a single member, an instance of the new
	qemuMonitorPtr object which encapsulates the QEMU monitor state.
	The internals of the latter are private to the qemu_monitor* files,
	not to be shown to qemu_driver.c

	* src/qemu/qemu_conf.h: Definition of qemuDomainObjPrivate.
	* src/qemu/qemu_driver.c: Register a functions for creating
	  and freeing qemuDomainObjPrivate instances with the domain
	  capabilities. Remove the qemudDispatchVMEvent() watch since
	  I/O watches are now handled by the monitor code itself. Pass
	  a new qemuHandleMonitorEOF() callback into qemuMonitorOpen
	  to allow notification when the monitor quits.
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Introduce
	  the 'qemuMonitor' object. Temporarily add new APIs
	  qemuMonitorWrite, qemuMonitorRead, qemuMonitorWaitForInput
	  to allow text based monitor impl to perform I/O.
	* src/qemu/qemu_monitor_text.c: Call APIs for reading/writing
	  to monitor instead of accessing the file handle directly.

	Move code for low level QEMU monitor interaction into separate file
	The qemu_driver.c code should not contain any code that interacts
	with the QEMU monitor at a low level. A previous commit moved all
	the command invocations out. This change moves out the code which
	actually opens the monitor device.

	* src/qemu/qemu_driver.c: Remove qemudOpenMonitor & methods called
	  from it.
	* src/Makefile.am: Add qemu_monitor.{c,h}
	* src/qemu/qemu_monitor.h: Add qemuMonitorOpen()
	* src/qemu/qemu_monitor.c: All code for opening the monitor

	Add a new timed condition variable wait API
	* src/util/threads.h, src/util/threads-pthread.c,
	  src/libvirt_private.syms: Add virCondWaitUntil()

	Fix errno handling for pthreads wrappers
	* src/util/threads-pthread.c: pthreads APIs do not set errno, instead
	  the return value is the positive errno. Set errno based on the return
	  value in the wrappers

	Make pciDeviceList struct opaque
	* src/util/pci.c, src/util/pci.h: Make the pciDeviceList struct
	  opaque to callers of the API. Add accessor methods for managing
	  devices in the list
	* src/qemu/qemu_driver.c: Update to use APIs instead of directly
	  accessing pciDeviceList fields

2009-11-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add missing OOM error checks, reports and cleanups

2009-11-09  Matthew Booth  <mbooth@redhat.com>

	Add documentation for <channel> domain element
	* src/formatdomain.html.in: Add <channel> element documentation

	Separate character device doc guest and host parts
	* docs/formatdomain.html.in: refactors the existing character device
	  documentation to make it explicit which directives configure the guest
	  interface, and which configure the host interface.

2009-11-09  Gerhard Stenzel  <gerhard.stenzel@de.ibm.com>

	Removes the ebtablesSaveRules() function
	As it was basically unimplemented and more confusing than useful
	at the moment.
	* src/libvirt_private.syms: remove from internal symbols list
	* src/qemu/qemu_bridge_filter.c src/util/ebtables.c: remove code and
	  one use of the unimplemented function

2009-11-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	opennebula: Fix potential memory/mutex leak in state driver startup
	In case of an error the domains hash and the driver mutex may leak.

	* src/opennebula/one_driver.c: free/destroy domains hash and driver
	  mutex in error cases

	Add a Python example that lists active ESX domains
	It also demonstrates how to use the libvirt.openAuth() method.

	* examples/python/Makefile.am: add esxlist.py to EXTRA_DIST
	* examples/python/README: add some notes about esxlist.py
	* examples/python/esxlist.py: the new example

2009-11-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	phyp: Use actual error code instead of 0

	phyp: Don't use VIR_ALLOC if a stack variable is good enough

	phyp: Fix several UUID table related problems
	- Make reading ID from file working for IDs > 127
	- Fix inverse error check for writing ID to file
	- Use feof() to distinguish EOF from real error of fread()
	- Don't interpret libssh2 error codes as number of bytes

	phyp: Check for exit_status < 0 before parsing the result

	phyp: memcpy/memmove/memset can't fail, so don't check for error
	Also reset UUID to all 0 instead of all 48 (== '0') in phypUUIDTable_RemLpar()

	phyp: Make generic domain listing functions return -1 in case of error
	phypNumDomainsGeneric() and phypListDomainsGeneric() return 0 in case
	of an error. This makes it impossible to distinguish between an actual
	error and no domains being defined on the hypervisor. It also turn the
	no domains situation into an error. Return -1 in case of an error to
	fix this problem.

	phyp: Break potential infinite loops

	phyp: Fix memory/session leaks and potential invalid frees

	Fix configure check for libssh2
	* configure.in: add -L$libssh2_path to LIBS for the AC_TRY_LINK check

2009-11-07  Daniel Veillard  <veillard@redhat.com>

	524280 pass max lease option to dnsmasq
	* src/network/bridge_driver.c: when exec'ing dnsmaq, if there are
	  DHCP ranges defined, then compute and pass the --dhcp-lease-max
	  deriving the maximum number of leases

	Store the range size when adding a DHCP range
	* src/conf/network_conf.h: extend the structure to store the range
	* src/conf/network_conf.c: before adding a range parse the IP addresses
	  do some checking and keep the size

	Repair getIPv4Addr after the ntohl conversion
	* src/util/network.c: getIPv4Addr() got broken when the input
	  network address value got converted from network to host byte order

2009-11-06  Cole Robinson  <crobinso@redhat.com>

	qemu: Allow cpu pinning for all logical CPUs, not just physical
	This is what virsh already expects when printing output, and what
	'man cpuset' claims to support.

	qemu: Use same create/define overwrite logic for migration prepare.

	qemu: Break out function to check if we can create/define/restore
	Use this function in the qemu, uml, lxc, and test drivers.

2009-11-06  Matthew Booth  <mbooth@redhat.com>

	Cleanup whitespace in docs
	This patch is the result of running the following command in the docs
	directory: sed -i 's/\t/        /g; s/\s*$//' *.html.in

	* docs/*.html.in:convert tabs into 8 spaces and remove trailing whitespace

	Use virBuffer when building QEMU char dev command line
	* src/qemu/qemu_conf.c: Update qemudBuildCommandLineChrDevStr to use a
	  virBuffer

	Cleanup virBuffer usage in qemdBuildCommandLine
	* src/qemu_qemu_conf.c: Cleanup usage of virBuffer in qemudBuildCommandLine

2009-11-06  Paolo Bonzini  <pbonzini@redhat.com>

	Add sentinel attribute for NULL terminated arg lists
	* src/internal.h (ATTRIBUTE_SENTINEL): New, it's a ggc feature and
	  protected as such
	* src/util/buf.c (virBufferStrcat): Use it.
	* src/util/ebtables.c (ebtablesAddRemoveRule): Use it.
	* src/util/iptables.c (iptableAddRemoveRule: Use it.
	* src/util/qparams.h (new_qparam_set, append_qparams): Use it.
	* docs/apibuild.py: avoid breaking the API generator with that new
	  internal keyword macro

2009-11-06  Cole Robinson  <crobinso@redhat.com>

	test: Update inactive guest config on shutdown
	This matches the expected behavior of state drivers such as QEMU.

	test: Add testDomainShutdownState helper
	Performs changes needed when stopping a VM (which are currently duplicated
	in several places, and forgotten in others).

2009-11-06  Paolo Bonzini  <pbonzini@redhat.com>

	Fix some cut-and-paste error in migration code
	* src/qemu/qemu_driver.c: in qemudDomainMigratePerform call
	  doPeer2PeerMigrate for VIR_MIGRATE_PEER2PEER.

2009-11-06  Matthew Booth  <mbooth@redhat.com>

	Properly convert port numbers to/from network byte order
	* src/util/network.c: Add htons and ntohs in virSocket(Get|Set)Port

2009-11-06  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	POWER add create() and destroy() support
	* src/phyp/phyp_driver.[ch]: add new entry points and a number of
	  cleanups

2009-11-05  Matthew Booth  <mbooth@redhat.com>

	Ensure guestfwd address is IPv4 and various cleanups
	* include/libvirt/virterror.h src/util/virterror.c: add a new error
	  VIR_ERR_CONFIG_UNSUPPORTED for valid but unsupported configuration options
	* src/conf/domain_conf.c: Throw an error if guestfwd address isn't IPv4
	  and cleanup a number of parsing return error values.

2009-11-05  Daniel Veillard  <veillard@redhat.com>

	Forgot test case on previous commit

2009-11-05  Matthew Booth  <mbooth@redhat.com>

	Support for <channel> in domain and QEmu backend
	allows the following to be specified in a domain:
	<channel type='pipe'>
	  <source path='/tmp/guestfwd'/>
	  <target type='guestfwd' address='10.0.2.1' port='4600'/>
	</channel>

	* proxy/Makefile.am: add network.c as dep of domain_conf.c
	* docs/schemas/domain.rng src/conf/domain_conf.[ch]: extend the domain
	  schemas and the parsing/serialization side for the new construct

	QEmu support will add the following on the qemu command line:
	 -chardev pipe,id=channel0,path=/tmp/guestfwd
	 -net user,guestfwd=tcp:10.0.2.1:4600-chardev:channel0

	* src/qemu/qemu_conf.c: Add argument output for channel
	* tests/qemuxml2(argv|xml)test.c: Add test for <channel> domain syntax

	Detect availability of QEMU -chardev CLI option
	* src/qemu/qemu_conf.h: defines a new QEMUD_CMD_FLAG_CHARDEV flag
	* src/qemu/qemu_conf.c: parse the output for -chardev and set flag
	  appropriately

	Allow character devices to have different target types
	A character device's target (it's interface in the guest) had only a
	single property: port. This patch is in preparation for adding targets
	which require other properties.
	Since this changes the conf type for character devices this affects
	a number of drivers:

	* src/conf/domain_conf.[ch] src/esx/esx_vmx.c src/qemu/qemu_conf.c
	  src/qemu/qemu_driver.c src/uml/uml_conf.c src/uml/uml_driver.c
	  src/vbox/vbox_tmpl.c src/xen/xend_internal.c src/xen/xm_internal.c:
	  target properties are moved into a union in virDomainChrDef, and a
	  targetType field is added to identify which union member should be
	  used. All current code which touches a virDomainChrDef is updated both
	  to use the new union field, and to populate targetType if necessary.

2009-11-05  Ryota Ozaki  <ozaki.ryota@gmail.com>

	LXC allow container to have ethN interfaces
	Current implementation of lxc driver creates vethN named
	interface(s) in the host and passes as it is to a container.
	The reason why it doesn't use ethN is due to the limitation
	that one namespace cannot have multiple iterfaces that have
	an identical name so that we give up creating ethN named
	interface in the host for the container.

	However, we should be able to allow the container to have
	ethN by changing the name after clone(CLONE_NEWNET).

	* src/lxc/lxc_container.c src/lxc/veth.c src/lxc/veth.h: do the clone
	  and then renames interfaces eth0 ... ethN to keep the interface names
	  familiar in the domain

	LXC cleanup deep indentation in lxcDomainSetAutostart
	* src/lxc/lxc_driver.c: refactor lxcDomainSetAutostart() to avoid deep
	  indentation of the code

	LXC messages cleanup and fix lxcError
	* src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c
	  src/lxc/veth.c: most of cleanups are just capitalizing their messages
	  though, some fixes wrong error messages and awkward indentations, and
	  improves error messages.

	LXC fix wrong or out-of-date function descriptions
	* src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c
	  src/lxc/veth.c: fix broken function comments

2009-11-05  Cole Robinson  <crobinso@redhat.com>

	docs: <clock> property is 'offset', not 'sync'

2009-11-04  Gerhard Stenzel  <gstenzel@linux.vnet.ibm.com>

	add MAC address based port filtering to qemu
	* src/qemu/qemu.conf src/qemu/qemu_conf.c src/qemu/qemu_conf.h: there is
	  a new config type option for mac filtering
	* src/qemu/qemu_bridge_filter.[ch]: new module for the ebtable entry points
	* src/qemu/qemu_driver.c: plug the MAC filtering at the right places
	  in the domain life cycle
	* src/Makefile.am po/POTFILES.in: add the new module

	New ebtables module wrapper
	* configure.in: look for ebtables binary location if present
	* src/Makefile.am: add the new module
	* src/util/ebtables.[ch]: new module and internal APIs around
	  the ebtables binary
	* src/libvirt_private.syms: export the symbols only internally

2009-11-04  Cole Robinson  <crobinso@redhat.com>

	test: Implement virDomainPinVcpu

	test: Implement virDomainGetVcpus

	test: Update vcpu runtime info in SetVcpus

	test: Use privateData to track running VM vcpu state

	test: Break out wrapper for setting up started domain state.
	This should be a no op for now, but we will use this function to set up
	transient state in the future.

	test: Fixes for SetVcpus
	- Implement DomainGetMaxVCPUs
	- Use GetMaxVCPUs to validate requested CPU amount
	- Deny the 'hotplug' for a running domain.

	qemu: Remove compiled out localhost migration support
	Pretty sure this would deadlock now that we have proper locking, so
	remove the code.

	storage: conf: Fix memory leak in encryption parsing

	Various error reporting fixes
	- Don't duplicate SystemError
	- Use proper error code in domain_conf
	- Fix a broken error call in qemu_conf
	- Don't use VIR_ERR_ERROR in security driver (isn't a valid code in this case)

	Improve error reporting for virConnectGetHostname calls
	All drivers have copy + pasted inadequate error reporting which wraps
	util.c:virGetHostname. Move all error reporting to this function, and improve
	what we report.

	Changes from v1:
	  Drop the driver wrappers around virGetHostname. This means we still need
	  to keep the new conn argument to virGetHostname, but I think it's worth
	  it.

2009-11-04  Laine Stump  <laine@laine.org>

	Fix improper error return in virInterfaceDefParseProtoIPvX
	* src/conf/interface_conf.c: the code was erronously returning -1
	  in the two functions if <dhcp> is not provided

	Make monitor type (miimon/arpmon) optional in bond xml
	* src/conf/interface_conf.c: lack of one of these in the live xml output
	  was causing the parse in virInterfaceDefParseBond() to fail

	Fix virInterfaceIpDefPtr leak during virInterfaceIpDefFree
	* src/conf/interface_conf.c: forgot to free the structure itself

	Support for IPv6 / multiple addresses per interfaces
	This patch updates the xml parsing and formatting, and the associated
	virInterfaceDef data structure to support IPv6, along the way adding
	support for multiple protocols per interface, and multiple IP
	addresses per protocol.
	* src/conf/interface_conf.[ch]: update the structures, code for parsing
	  and serialization

	Support reporting live interface IP/netmask
	This patch adds the flag VIR_INTERFACE_XML_INACTIVE to
	virInterfaceGetXMLDesc's flags. When it is*not* set (the default), the
	live interface info will be returned in the XML (in particular, the IP
	address(es) and netmask(s) will be retrieved by querying the interface
	directly, rather than  reporting what's in the config file). The
	backend of this is in netcf's ncf_if_xml_state() function.

	* configure.in libvirt.spec.in: requires netcf >= 0.1.3
	* include/libvirt/libvirt.h.in: adds flag VIR_INTERFACE_XML_INACTIVE
	* src/conf/interface_conf.c src/interface/netcf_driver.c src/libvirt.c:
	  update the parsing and backend routines accordingly
	* tools/virsh.c: change interface edit to inactive definition and
	  adds the inactive flag for interface dump

	Make startmode optional in toplevel interface definition
	The minimal XML returned from ncf_if_xml_state() doesn't contain this
	attribute (which makes no sense in the case of reporting current
	status of the interface), and it was preventing it from passing
	through the parse/format step.

	* src/conf/interface_conf.[ch]: add a new virInterfaceStartMode value
	  and modify loading/saving accordingly

2009-11-04  Daniel P. Berrange  <berrange@redhat.com>

	Move libvirtd event loop into background thread
	The virStateInitialize() call for starting up stateful drivers
	may require that the event loop is running already. This it is
	neccessary to start the event loop before this call. At the
	same time, network clients must not be processed until afte
	virStateInitialize has completed.

	The qemudListenUnix() and remoteListenTCP() methods must
	therefore not register file handle watches, merely open the
	network sockets & listen() on them. This means clients can
	connected and are queued, pending completion of initialization

	The qemudRunLoop() method is moved into a background thread
	that is started early to allow access to the event loop during
	driver initialization. The main process thread leader pretty
	much does nothing once the daemon is running, merely waits
	for the event loop thread to quit

	* daemon/libvirtd.c, daemon/libvirtd.h: Move event loop into
	  a background thread
	* daemon/THREADING.txt: Rewrite docs to better reflect reality

2009-11-04  Dan Kenigsberg  <danken@redhat.com>

	give up python interpreter lock before calling cb
	suggested by danpb on irc, patch by danken fixed for proper C syntax

	* python/libvirt-override.c: on event callback release the python
	  interpreter lock and take it again when coming back so that the
	  callback can reinvoke libvirt.

2009-11-03  Laine Stump  <laine@laine.org>

	Allow NULL mac address in virGetInterface
	There are places where an interface will not have a mac address, and netcf
	returns this as a NULL pointer rather than a pointer to an empty string.
	Rather than checking for this all over the place in libvirt, just save it
	in the virInterface object as an empty string.

	* src/datatypes.c: allow NULL mac in virGetInterface()

2009-11-03  Daniel Veillard  <veillard@redhat.com>

	Fix compilation problems
	introduced on commit 9231aa7d9563745c64e4f69afabca65d28bfae25
	* src/qemu/qemu_driver.c: in qemudRemoveDomainStatus fix a reference
	  to an undefined variable buf and free up an allocated string

2009-11-03  Chris Lalancette  <clalance@redhat.com>

	Fix up NLS warnings.
	When building with --disable-nls, I got a few messages like this:

	storage/storage_backend.c: In function 'virStorageBackendCreateQemuImg':
	storage/storage_backend.c:571: warning: format not a string literal and no format arguments

	Fix these up.

	Remove redundant virFileDeletePID() call
	qemudShutdownVMDaemon() calls qemudRemoveDomainStatus(), which
	then calls virFileDeletePID().  qemudShutdownVMDaemon() then
	unnecessarily calls virFileDeletePID() again.  Remove this second
	usage of it, and also slightly refactor qemudRemoveDomainStatus()
	to VIR_WARN appropriate error messages.

2009-11-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix return value in virStateInitialize impl for LXC
	The LXC driver was mistakenly returning -1 for lxcStartup()
	in scenarios that are not an error. This caused the libvirtd
	to quit for unprivileged users. This fixes the return code
	of LXC driver, and also adds a "name" field to the virStateDriver
	struct and logging to make it easier to find these problems
	in the future

	* src/driver.h: Add a 'name' field to state driver to allow
	  easy identification during failures
	* src/libvirt.c: Log name of failed driver for virStateInit
	  failures
	* src/lxc/lxc_driver.c: Don't return a failure code for
	  lxcStartup() if LXC is not available on this host, simply
	  disable the driver.
	* src/network/bridge_driver.c, src/node_device/node_device_devkit.c,
	  src/node_device/node_device_hal.c, src/opennebula/one_driver.c,
	  src/qemu/qemu_driver.c, src/remote/remote_driver.c,
	  src/secret/secret_driver.c, src/storage/storage_driver.c,
	  src/uml/uml_driver.c, src/xen/xen_driver.c: Fill in name
	  field in virStateDriver struct

2009-11-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX: Fix memory leak in list handling functions.
	If an error occurs between the allocation of an item and appending it
	to the list, the item leaks. Free such orphaned items in error cases.

	* src/esx/esx_vi.c: free orphaned items in error cases

	ESX: Don't automatically follow redirects.
	The default transport for the VI API is HTTPS. If the server redirects
	from HTTPS to HTTP the driver would silently follow that redirection.
	The user assumes to communicate with the server over a secure transport
	but isn't.

	This patch disables automatical redirection following. The driver reports
	an error if the server tries to redirect.

	* src/esx/esx_vi.c: refactor the call to curl_easy_perform() into a
	  function and do error handling there, disable automatical redirection
	  following for curl
	* src/esx/esx_vi.h: change the type of responseCode to int

	ESX: Unify naming of VI API utility and convenience functions.
	Unified function naming scheme:
	- 'lookup' functions query the ESX or vCenter for information
	- 'get' functions return information from a local object

	* src/esx/esx_driver.c, src/esx/esx_vi.[ch]: unify function naming

	ESX: Change disk selection for datastore detection.
	In order to register a new virtual machine the ESX driver needs to upload
	a VMX file to a datastore. Try to put this file beside the main VMDK file
	of the virtual machine. Change the disk selection for datastore detection
	to choose the first file-based harddisk instead of just the first disk.
	The first disk may be a CDROM disk and ISO images are normaly not located
	in the virtual machine's directory.

	* src/esx/esx_driver.c: change disk selection for datastore detection

	ESX: Fallback to the preliminary name if the datastore cannot be found.
	This allows to use domain-xml-from-native with VMX files that reference
	unavailable datastores.

	* src/esx/esx_vmx.c: fallback to the preliminary name if the datastore
	  cannot be found

2009-11-03  Daniel P. Berrange  <berrange@redhat.com>

	Rename internal APis
	Rename virDomainIsActive to virDomainObjIsActive, and
	virInterfaceIsActive to virInterfaceObjIsActive and finally
	virNetworkIsActive to virNetworkObjIsActive.

	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/conf/interface_conf.h, src/conf/network_conf.c,
	  src/conf/network_conf.h, src/lxc/lxc_driver.c,
	  src/network/bridge_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_driver.c, src/qemu/qemu_driver.c,
	  src/test/test_driver.c, src/uml/uml_driver.c: Update for
	  renamed APIs.

2009-11-03  Matthew Booth  <mbooth@redhat.com>

	Fix --with-init-script configure option
	* configure.in daemon/Makefile.am: the --with-init-script configure
	  option was broken, and always defaulted based on the existence of
	  /etc/redhat-release. This was a systematic typo based on
	  mixed use of init-script and init-scripts.

2009-11-03  Daniel P. Berrange  <berrange@redhat.com>

	Don't let parent of daemon exit until basic initialization is done
	The daemonizing code lets the parent exit almost immediately. This
	means that it may think it has successfully started even when
	important failures occur like not being able to acquire the PID
	file. It also means network sockets are not yet open.

	To address this when daemonizing the parent passes an open pipe
	file descriptor to the child. The child does its basic initialization
	and then writes a status code to the pipe indicating either success,
	or failure. This ensures that when daemonizing, the parent does not
	exit until the pidfile is acquired & basic network sockets are open.

	Initialization of the libvirt drivers is still done asynchronously
	since this may take a very long time.

	* daemon/libvirtd.c: Force parent to stay around until basic config
	  file, pidfile & network socket init is completed

	Pull signal setup code out into separate method
	* daemon/libvirtd.c: Introduce a daemonSetupSignals() method
	  and put all signal handling code there
	* daemon/libvirtd.h: Add sigread/sigwrite to qemud_server type

2009-11-03  Yuji NISHIDA  <nishidy@nict.go.jp>

	Set KMEMSIZE for OpenVZ domains being defined
	* src/openvz/openvz_driver.c: add a new openvzDomainSetMemoryInternal()
	  function, used to initialize the KMEMSIZE parameter of a container.

2009-11-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix duplicating logging of errors in libvirtd
	The libvirt default error handling callback will print all errors
	to stderr. The libvirtd default logging callback will do the same.
	Set a no-op error handling callback in libvirtd to prevent this
	duplication

	* daemon/libvirtd.c: Register a no-op error handling function

	Fix initialization order bugs
	virInitialize must be the first libvirt function called to ensure
	threads, error handling & random number generator are all setup.

	Move UNIX socket directory permissions change to place of use

	Misc cleanup to network socket init
	* daemon/libvirtd.c: Change qemudNetworkInit() so that it doesn't try
	to free its argument, leaving the caller todo cleanup as is normal
	practice. Add missing policykit cleanup to qemudCleanup, and remove
	server watch if set. Remove duplicated call to listen() on TCP sockets

	Annotate many methods with ATTRIBUTE_RETURN_CHECK & fix problems
	Nearly all of the methods in src/util/util.h have error codes that
	must be checked by the caller to correct detect & report failure.
	Add ATTRIBUTE_RETURN_CHECK to ensure compile time validation of
	this

	* daemon/libvirtd.c: Add explicit check on return value of virAsprintf
	* src/conf/domain_conf.c: Add missing check on virParseMacAddr return
	  value status & report error
	* src/network/bridge_driver.c: Add missing OOM check on virAsprintf
	  and report error
	* src/qemu/qemu_conf.c: Add missing check on virParseMacAddr return
	  value status & report error
	* src/security/security_selinux.c: Remove call to virRandomInitialize
	  that's done in libvirt.c already
	* src/storage/storage_backend_logical.c: Add check & log on virRun
	  return status
	* src/util/util.c: Add missing checks on virAsprintf/Run status
	* src/util/util.h: Annotate all methods with ATTRIBUTE_RETURN_CHECK
	  if they return an error status code
	* src/vbox/vbox_tmpl.c: Add missing check on virParseMacAddr
	* src/xen/xm_internal.c: Add missing checks on virAsprintf
	* tests/qemuargv2xmltest.c: Remove bogus call to virRandomInitialize()

	Allow for a driver specific private data blob in virDomainObjPtr
	The virDomainObjPtr object stores state about a running domain.
	This object is shared across all drivers so it is not appropriate
	to include driver specific state here. This patch adds the ability
	to request a blob of private data per domain object instance. The
	driver must provide a allocator & deallocator for this purpose

	THis patch abuses the virCapabilitiesPtr structure for storing the
	allocator/deallocator callbacks, since it is already being abused
	for other internal things relating to parsing. This should be moved
	out into a separate object at some point.

	* src/conf/capabilities.h: Add privateDataAllocFunc and
	  privateDataFreeFunc fields
	* src/conf/domain_conf.c: Invoke the driver allocators / deallocators
	  when creating/freeing virDomainObjPtr instances.
	* src/conf/domain_conf.h: Pass virCapsPtr into virDomainAssignDef
	  to allow access to the driver specific allocator function
	* src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_driver.c, src/qemu/qemu_driver.c,
	  src/test/test_driver.c, src/uml/uml_driver.c: Update for
	  change in virDomainAssignDef contract

2009-11-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	Don't use private struct member names of in6_addr
	__in6_u.__u6_addr16 is the private name for this struct member,
	s6_addr16 is the public one
	* src/util/network.c: dont use the private field, but the public one.

2009-11-02  Matthew Booth  <mbooth@redhat.com>

	More network utility functions
	* src/util/network.[ch] Add functions for address->text and get/set
	  port number
	* src/libvirt_private.syms: add new entry points

2009-10-30  Matthew Booth  <mbooth@redhat.com>

	Fix typo in network.c function comments
	* src/util/network.c: fix a few typo

2009-10-30  Daniel Veillard  <veillard@redhat.com>

	Add symbols from new network.h module
	* src/libvirt_private.syms: keep all symbols from network.h private

	Set of new network related utilities
	* src/util/network.h src/util/network.c: utilities to parse network
	  addresses, check netmask and compute ranges

2009-10-30  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	Fix configure detection of device mapper
	* configure.in: the PKG_CHECK_MODULES() for it would not work on
	  Ubuntu and SuSE, so add a direct check fallback

2009-10-30  Daniel Veillard  <veillard@redhat.com>

	Remote code caught EINTR making it ininterruptable
	John Levon raised the issue that remoteIOEventLoop() poll call was
	reissued after EINTR was caught making it uninterruptible.
	* src/remote/remote_driver.c: catch EAGAIN instead as suggested by
	  Richard Jones

2009-10-29  Daniel P. Berrange  <berrange@redhat.com>

	Convert virDomainObjListPtr to use a hash of domain objects
	The current virDomainObjListPtr object stores domain objects in
	an array. This means that to find a particular objects requires
	O(n) time, and more critically acquiring O(n) mutex locks.

	The new impl replaces the array with a virHashTable, keyed off
	UUID. Finding a object based on UUID is now O(1) time, and only
	requires a single mutex lock. Finding by name/id is unchanged
	in complexity.

	In changing this, all code which iterates over the array had
	to be updated to use a hash table iterator function callback.
	Several of the functions which were identically duplicating
	across all drivers were pulled into domain_conf.c

	* src/conf/domain_conf.h, src/conf/domain_conf.c: Change
	  virDomainObjListPtr to use virHashTable. Add a initializer
	  method virDomainObjListInit, and rename virDomainObjListFree
	  to virDomainObjListDeinit, since its not actually freeing
	  the container, only its contents. Also add some convenient
	  methods virDomainObjListGetInactiveNames,
	  virDomainObjListGetActiveIDs and virDomainObjListNumOfDomains
	  which can be used to implement the correspondingly named
	  public API entry points in drivers
	* src/libvirt_private.syms: Export new methods from domain_conf.h
	* src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_conf.c, src/openvz/openvz_driver.c,
	  src/qemu/qemu_driver.c, src/test/test_driver.c,
	  src/uml/uml_driver.c, src/vbox/vbox_tmpl.c: Update all code
	  to deal with hash tables instead of arrays for domains

2009-10-29  Mark McLoughlin  <markmc@redhat.com>

	libvirt-devel should only require libvirt-client
	There's a long known issue where if you install libvirt in a guest,
	the default virtual network will conflict with the default virtual
	network in the host.

	That's one of the reasons we have the libvirt-client RPM - it allows
	you to install the client library without having the host side
	installed.

	Rich Jones points out that if you install libvirt-devel in a guest,
	then you get libvirtd installed and the network conflict:

	  https://bugzilla.redhat.com/531200

	libvirt-devel should only require libvirt-client - e.g. nothing in
	the devel package pertains to anything in the libvirt RPM. The Fedora
	packaging guidelines say:

	  https://fedoraproject.org/wiki/Packaging/Guidelines#Devel_Packages

	  Devel packages must require the base package using a fully versioned
	  dependency ...

	But for all intents and purposes, libvirt-client is our base RPM.

	* libvirt.spec.in: make libvirt-devel require libvirt-client

2009-10-28  Cole Robinson  <crobinso@redhat.com>

	virterror: Add a missing 'break' for VIR_ERR_INVALID_SECRET

	qemu: migrate: Don't require manual URI to specify a port
	The xen driver will generate a migration port if only a hostname is passed
	in the optional migrate URI, so let's do the same in qemu.

	Fix p2p migration without a passed uri.

	qemu: Fix an error message in GetVcpus

	test: Support virStorageFindPoolSources
	The results are hardcoded into the test driver, no option to read from a
	testfile is implemented at this time.

	storage: Add ParseSourceString function for use with FindPoolSources.
	This will simplify adding FindPoolSources support to more pool backends in
	the future (as well as the test driver).

	storage: Break out function to add pool source to a SourceList.
	Similar in theory to *AssignDef type functions, this duplicate functionality
	will be used by an future FindPoolSources implementations.

	storage: Break out pool source parsing to a separate function.
	We need to parse a source XML block for FindPoolSources, so this is a step
	in sharing the parsing. The new storage pool XML 2 XML tests cover this area
	pretty well to ensure we aren't causing regressions.

2009-10-28  Chris Lalancette  <clalance@redhat.com>

	Update the documentation for virDomainMigrateToURI

2009-10-28  Paolo Bonzini  <pbonzini@redhat.com>

	Add support for an external TFTP boot server
	This patch adds an optional attribute to the <bootp> tag, that
	allows to specify a TFTP server address other than the address of
	the DHCP server itself.

	This can be used to forward the BOOTP settings of the host down to the
	guest.  This is something that configurations such as Xen's default
	network achieve naturally, but must be done manually for NAT.

	* docs/formatnetwork.html.in: Document new attribute.
	* docs/schemas/network.rng: Add it to schema.
	* src/conf/network_conf.h: Add it to struct.
	* src/conf/network_conf.c: Add it to parser and pretty printer.
	* src/network/bridge_driver.c: Put it in the dnsmasq command line.
	* tests/networkxml2xmlin/netboot-proxy-network.xml
	  tests/networkxml2xmlout/netboot-proxy-network.xml
	  tests/networkxml2xmltest.c: add new tests

2009-10-27  Cole Robinson  <crobinso@redhat.com>

	test: Support virNodeDeviceCreate and virNodeDeviceDestroy

2009-10-27  Dan Kenigsberg  <danken@redhat.com>

	Fix some typos in comments

2009-10-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix problems in the Xen inotify driver.
	In xenInotifyXendDomainsDirLookup() the wrong UUID variable is used
	to search in the config info list.

	In xenInotifyEvent() the event is dispatched if it's NULL.

	Both were introduced in bc898df2c74fe3c8efedfbbd430737bac950e65e.

	Fix error message in qemudLoadDriverConfig()
	* src/qemu/qemu_conf.c: change the error message to refer to
	  'cgroup_controllers' instead of 'cgroup_device_acl'

2009-10-26  Chris Lalancette  <clalance@redhat.com>

	Add a new syntax-check rule for gethostname.
	We should always be using virGetHostname in place of
	gethostname; thus add in a new syntax-check rule to make
	sure no new uses creep in.

	Various syntax-check fixes.
	Make a pass over the syntax-check files, tightening up regex's,
	un-ignoring certain files, and cleaning things up.

	Tighten up nonreentrant syntax-check.
	We can slightly tighten up the regex's used to detect the use of
	nonreentrant functions.  We can also check src/util/virterror.c
	by modifying a comment; I think it's worth it to get the additional
	coverage.

	Replace a gethostname by virGetHostname in libvirtd.c

	Replace two strcmp() by STREQ() in qemu_driver.c

	Replace gethostname by virGetHostname in xend_internal.c

	Remove a completely bogus reference increment in the Xen driver.
	xenUnifiedDomainEventRegister() calls out to
	virDomainEventCallbackListAdd(), which increments the reference
	count on the connection.  That is fine, but then
	xenUnifiedDomainEventRegister() increments the usage count again,
	leading to a usage count leak.  Remove the increment in the xen
	register, and the UnrefConnect in the xen unregister.

	Add a default log_level to qemudSetLogging to remove a build warning.
	(original patch from Charles Duffy)

	Better error message when libvirtd fails to start.

2009-10-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix potential false-positive OOM error reporting.
	If no matching device was found (cap == NULL) then no strdup() call
	was made and *wwnn and *wwpn are untouched. Checking them for NULL
	in this situation may result in reporting an false-positive OOM error
	because *wwnn and *wwpn may be initialized to NULL by the caller.

	Only check *wwnn and *wwpn for NULL if a matching device was found
	(cap != NULL) and thus strdup() was called.

	* src/conf/node_device_conf.c: only report an OOM error if there
	  really is one

2009-10-22  Daniel Veillard  <veillard@redhat.com>

	Consolidate virXPathNodeSet()
	virXPathNodeSet() could return -1 when doing an evaluation failure
	due to xmlXPathEval() from libxml2 behaviour.
	* src/util/xml.c: make sure we always return 0 unless the returned
	  XPath type is of the wrong type (meaning the query passed didn't
	  evaluate to a node set and code must be fixed)

2009-10-21  Richard Jones  <rjones@redhat.com>

	Support QEMU watchdog device.
	This adds simple support for configuring a guest with a QEMU/KVM
	virtual hardware watchdog device.

2009-10-21  Dan Kenigsberg  <danken@redhat.com>

	Do not log rotate very small logs
	Without this, after few weeks without use, each defined domain grows a
	tail of empty gzipped logs, instead of keeping just the last log of
	interest.

	* daemon/libvirtd.logrotate.in: only rotate when the log is over 100 KBytes

2009-10-21  Daniel Veillard  <veillard@redhat.com>

	528575 avoid libvirtd crash on LCX domain autostart
	https://bugzilla.redhat.com/show_bug.cgi?id=528575
	virsh -c lxc:/// autostart vm1
	was crashing the daemon

	* src/lxc/lxc_conf.h src/lxc/lxc_conf.c: initialize the driver
	  autostartDir to avoid a NULL reference and implement autostart for LXC

2009-10-21  Jim Fehlig  <jfehlig@novell.com>

	Fix virsh.c compilation warning
	* tools/virsh.c: call to vshError() containing 'doexit' parameter
	  sneaked in after said parameter was removed

	Fix SELinux linking issues
	* src/Makefile.am: add selinux CFLAGS and linker flags to security driver

2009-10-21  Ryota Ozaki  <ozaki.ryota@gmail.com>

	LXC implement missing macaddr assignment feature
	Currently MAC address configuration of container veth is just ignored.
	This patch implements the missing feature.

	* src/lxc/veth.c, src/lxc/veth.h: add setMacAddr
	* src/lxc/lxc_driver.c: set macaddr of container veth if specified

2009-10-21  Daniel Veillard  <veillard@redhat.com>

	Fix a make dist error due to wrong EXTRA_DIST paths
	* tests/Makefile.am: networkpoolxml2xmlout and networkpoolxml2xmlin are
	  really networkxml2xmlout and networkxml2xmlin

2009-10-21  Cole Robinson  <crobinso@redhat.com>

	node device: Break out get_wwns and get_parent_node helpers
	These will be used by the test driver, so move them to a shareable space.

	node device: Fix locking issue in virNodeDeviceDestroy
	Certain error paths won't unlock the node device object.

	tests: Centralize VIR_TEST_DEBUG lookup, and document it
	Provide a simple interface for other tests to lookup the testDebug variable.
	Also remove a redundant error message in interface tests.

	If anyone feels inclined to change this env variable to match the existing
	LIBVIRT_* format, it should now be easier to do so.

	tests: Initialize virRandom in for test suite.
	Otherwise any virRandom calls will result in a segfault.

2009-10-19  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus const annotations to hash iterator
	Most of the hash iterators need to modify either payload of
	data args. The const annotation prevents this.

	* src/util/hash.h, src/util/hash.c: Remove const-ness from
	  virHashForEach/Iterator
	* src/xen/xm_internal.c: Remove bogus casts

2009-10-19  Dan Kenigsberg  <danken@redhat.com>

	fix virDomainMigrateToURI doc
	* src/libvirt.c: remove reverences to non existent dconn parameter
	  when using that entry point.

2009-10-19  Ryota Ozaki  <ozaki.ryota@gmail.com>

	LXC fix virCgroupGetValueStr problem with \n
	A cgroup file returns integer value terminated with '\n' and remaining
	it has sometimes harmful effects, for example it leads virStrToLong_ull
	to fail.
	* src/util/cgroup.c: strip out terminating \n when reading a value

2009-10-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	Remove bashisms from schema tests.
	Introduced in commit 39a7be470cc5477a96a4d53194291bf4c7b07185.

	* tests/*schematest: replace 'source' with '.'
	* tests/schematestutils.sh: remove 'function' keyword and add '()'

2009-10-16  Cole Robinson  <crobinso@redhat.com>

	tests: Add storage volume XML 2 XML tests.

	tests: Add network XML to XML tests.

	schema: Update network schema.
	Make things a bit more readable, and properly handle forward mode 'route'.

	tests: Add XML 2 XML tests for storage pools.
	Move existing schema data to an input directory. Add extra files for more
	thorough XML testing.

	tests: Break out duplicate schema verification functionality.
	All schema tests have identical functionality, so avoid the duplication.

	tests: Fix text output for interface XML 2 XML

2009-10-15  Mark McLoughlin  <markmc@redhat.com>

	Don't copy old machines from a domain which has none
	If the the qemu and kvm binaries are the same, we don't include machine
	types in the kvm domain info.

	However, the code which refreshes the machine types info from the
	previous capabilities structure first looks at the kvm domain's info,
	finds it matches and then copies the empty machine types list over
	for the top-level qemu domain.

	That doesn't make sense, we shouldn't copy an empty machin types list.

	* src/qemu/qemu_conf.c: qemudGetOldMachinesFromInfo(): don't copy an
	  empty machine types list.

2009-10-15  Laine Stump  <laine@laine.org>

	Avoid crash in virBufferEscapeString
	* src/util/buf.c: if virBufferEscapeString was called on a buffer that
	  had 0 bytes of space, a size of -1 will be passed to snprintf, resulting
	  in a segmentation fault, this preallocate some space.

2009-10-14  Jim Fehlig  <jfehlig@novell.com>

	Add ocfs2 to list of fs pool types
	* src/conf/storage_conf.c src/conf/storage_conf.h: extend the enums
	  and values
	* docs/schemas/storagepool.rng: add to the list of storage pool type
	  formats

2009-10-14  Ryota Ozaki  <ozaki.ryota@gmail.com>

	LXC complement PATH environment variable
	* src/lxc/lxc_driver.c: without PATH, the controller will definitely
	  fail to call ip command

2009-10-14  Chris Lalancette  <clalance@redhat.com>

	Finer grained migration control
	Normally, when you migrate a domain from host A to host B,
	the domain on host A remains defined but shutoff and the domain
	on host B remains running but is a "transient".  Add a new
	flag to virDomainMigrate() to allow the original domain to be
	undefined on source host A, and a new flag to virDomainMigrate() to
	allow the new domain to be persisted on the destination host B.

2009-10-14  Daniel Veillard  <veillard@redhat.com>

	Release of 0.7.2

	Fixing ca.po

	Updated and regenerated localizations
	* de.po ja.po it.po hi.po gu.po or.po mr.po ml.po kn.po ru.po pl.po
	  pa.po te.po ta.po: many updates

2009-10-13  Cole Robinson  <crobinso@redhat.com>

	network: Fix printing XML 'delay' attribute
	When specifying bridge delay via network XML define, we were looking for
	the 'delay' attribute, but would dump the value as 'forwardDelay'. Have
	the output match the expected input (and schema).

2009-10-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix virFileReadLimFD/virFileReadAll to handle EINTR
	The fread_file_lim() function uses fread() but never handles
	EINTR results, causing unexpected failures when reading QEMU
	help arg info. It was unneccessarily using FILE * instead
	of plain UNIX file handles, which prevented use of saferead()

	* src/util/util.c: Switch fread_file_lim over to use saferead
	  instead of fread, remove FILE * use, and rename

2009-10-13  Cole Robinson  <crobinso@redhat.com>

	storage: Fix generating iscsi 'auth' xml
	We were missing a closing tag, so the XML wasn't proper.

	schema: Update storage pool schema.
	- mpath pools weren't listed
	- scsi pools were missing an adapter section
	- iscsi pools were missing an auth section
	- Logical pools do not require a source name to be specified

	remote: Don't print a warning every time a remote call fails
	$ sudo virsh pool-start idontexist
	10:58:18.716: warning : processCallDispatchReply:7612 : Method call error
	error: failed to get pool 'idontexist'
	error: Storage pool not found: no pool with matching name 'idontexist'

	That warning doesn't server much purpose being printed via a virsh call. So
	remove the message.

	storage: Report errors in FindPoolSources

	test: Activate interfaces specified through driver config file.
	This matches the behavior of domains, storage, etc. Also, fix up some
	whitespace issues in the area.

2009-10-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU restore from file in raw format
	The logic for running the decompression programs was broken in
	commit f238709304f9f6c57204cdd943e542cbae38fa5f, so that for
	non-raw formats the decompression program was never run, and
	for raw formats, it tried to exec an argv[] with initial NULL
	in the program name.

	* src/qemu/qemu_driver.c: Fix logic in runing decompression program

2009-10-13  Ryota Ozaki  <ozaki.ryota@gmail.com>

	LXC fix return code handling in lxcVmStart
	In lxcVmStart we first should not reuse rc for another purpose
	than the return value.

	* src/lxc/lxc_driver.c: don't reuse rc for local procedure calls

2009-10-13  Daniel Veillard  <veillard@redhat.com>

	Add a target for libvirt.devhelp
	* docs/Makefile.am: the lack of a target for devhelp/libvirt.devhelp
	  broke 'make dist'

	Fix a missing % on endif in spec file
	* libvirt.spec.in: missing % broke 'make rpm'

2009-10-12  Mark McLoughlin  <markmc@redhat.com>

	Take domain type into account when looking up default machine
	If one has e.g.

	  <guest>
	    <os_type>hvm</os_type>
	    <arch name='x86_64'>
	      <wordsize>64</wordsize>
	      <emulator>/usr/bin/qemu-system-x86_64</emulator>
	      <machine>pc-0.11</machine>
	      <machine canonical='pc-0.11'>pc</machine>
	      <machine>pc-0.10</machine>
	      <machine>isapc</machine>
	      <domain type='qemu'>
	      </domain>
	      <domain type='kvm'>
	        <emulator>/usr/bin/kvm</emulator>
	        <machine>pc</machine>
	        <machine>isapc</machine>
	      </domain>
	    </arch>
	  </guest>

	and start a guest with:

	  <domain type='kvm'>
	    ...
	    <os>
	      <type arch='x86_64'>hvm</type>
	      ...
	    </os>
	  </domain>

	then the default machine type should be 'pc' and not 'pc-0.11'

	Issue was reported by Anton Protopopov.

	* src/capabilities.[ch]: pass the domain type to
	  virCapabilitiesDefaultGuestArch() and use it to look up the default
	  machine type from a specific guest domain if needed.

	* src/conf/domain_conf.c, src/xen/xm_internal.c: update

	* tests/qemuxml2argvdata/qemuxml2argv-machine-aliases2.xml: update
	  the domain type to 'kvm' and remove the machine type to check
	  that the default gets looked up correctly

	Fix schema to allow missing machine type
	The domain/os/type element may have an arch specified without having
	a machine variant specified. In fact, this is what python-virtinst
	does when defining a guest.

	* docs/schemas/domain.rng: allow missing machine type

2009-10-09  Daniel P. Berrange  <berrange@redhat.com>

	Rewrite example domain events programm for python
	The existing python demo for domain events does not fully
	implement the event loop contract. This makes the code useless
	for real world applications. This change re-writes the demo so
	that it has a full event loop implementation which is suitable
	for application usage & better demonstrates integration

	* examples/domain-events/events-python/event-test.py: Rewrite
	  to include a real world usable event loop implementation

	Remove some auto-generated files
	Removes some auto-generated files still under version control.
	It also moves the rule for generating NEWS into the Makefile.am
	that's in the same directory as the output file to avoid confusion

	* docs/libvirt-api.xml, docs/libvirt-refs.xml, NEWS: Remove
	  auto-generated files from source control
	* Makefile.am: Add rule for generating NEWS file
	* docs/Makefile.am: Remove rule for generating NEWS file

	Support a new peer-to-peer migration mode & public API
	Introduces several new public API options for migration

	 - VIR_MIGRATE_PEER2PEER: With this flag the client only
	   invokes the virDomainMigratePerform method, expecting
	   the source host driver to do whatever is required to
	   complete the entire migration process.
	 - VIR_MIGRATE_TUNNELLED: With this flag the actual data
	   for migration will be tunnelled over the libvirtd RPC
	   channel. This requires that VIR_MIGRATE_PEER2PEER is
	   also set.
	 - virDomainMigrateToURI: This is variant of the existing
	   virDomainMigrate method which does not require any
	   virConnectPtr for the destination host. Given suitable
	   driver support, this allows for all the same modes as
	   virDomainMigrate()

	The URI for VIR_MIGRATE_PEER2PEER must be a valid libvirt
	URI. For non-p2p migration a hypervisor specific migration
	URI is used.

	virDomainMigrateToURI without a PEER2PEER flag is only
	support for Xen currently, and it involves XenD talking
	directly to XenD, no libvirtd involved at all.

	* include/libvirt/libvirt.h.in: Add VIR_MIGRATE_PEER2PEER
	  flag for migration
	* src/libvirt_internal.h: Add feature flags for peer to
	  peer migration (VIR_FEATURE_MIGRATE_P2P) and direct
	  migration (VIR_MIGRATE_PEER2PEER mode)
	* src/libvirt.c: Implement support for VIR_MIGRATE_PEER2PEER
	  and virDomainMigrateToURI APIs.
	* src/xen/xen_driver.c: Advertise support for DIRECT migration
	* src/xen/xend_internal.c: Add TODO item for p2p migration
	* src/libvirt_public.syms: Export virDomainMigrateToURI
	  method
	* src/qemu/qemu_driver.c: Add support for PEER2PEER and
	  migration, and adapt TUNNELLED migration.
	* tools/virsh.c: Add --p2p and --direct args and use the
	  new virDomainMigrateToURI method where possible.

	Re-arrange doTunnelMigrate to simplify cleanup code
	Re-arrange the doTunnelMigrate method putting all non-QEMU local
	state setup steps first. This maximises chances of success before
	then starting destination QEMU for receiving incoming migration.
	Altogether this can reduce the number of goto cleanup labels to
	something more managable.

	* qemu/qemu_driver.c: Re-order steps in doTunnelMigrate

	Separate out code for sending tunnelled data
	Simplify the doTunnelMigrate code by pulling out the code for
	sending all tunnelled data into separate helper

	* qemu/qemu_driver.c: introduce doTunnelSendAll() method

	Pull connection handling code out of doTunnelMigrate
	Simplify the doTunnelMigrate() method by pulling out the code
	which opens/closes the virConnectPtr  object into a parent
	method

	* qemu/qemu_driver.c: Add doPeer2PeerMigrate which then calls
	  doTunnelMigrate with dconn & dom_xml

	Fix stream abort upon I/O failure during migration
	virStreamAbort is needed when the caller wishes to terminate
	the stream early, not when virStreamSend fails.

	* qemu/qemu_driver.c: Fix calling of virStreamAbort during
	  tunnelled migration

	Refactor native QEMU migration code
	The code for tunnelled migration was added in a dedicated method,
	but the native migration code is still inline in the top level
	qemudDomainMigratePerform() API. Move the native code out into
	a dedicated method too to make things more maintainable.

	* src/qemu/qemu_driver.c: Pull code for performing a native
	  QEMU migration out into separate method

	Don't force dconn to be NULL in virDomainMigrate
	The code for tunnelled migration wierdly required the app to pass
	a  NULL 'dconn' parameter, only to have to use virConnectOpen
	itself shortly thereafter to get a 'dconn' object. Remove this
	bogus check & require the app to always pas 'dconn' as before

	* src/libvirt.c: Require 'dconn' for virDomainMigrate calls again
	  and remove call to virConnectOpen

	Remove unneccessary uri_in parameter from virMigratePrepareTunnel
	Since virMigratePrepareTunnel() is used for migration over the
	native libvirt connection, there is never any need to pass the
	target URI to this method.

	* daemon/remote.c, src/driver.h, src/libvirt.c, src/libvirt_internal.h,
	  src/qemu/qemu_driver.c, src/remote/remote_driver.c,
	  src/remote/remote_protocol.c, src/remote/remote_protocol.h,
	  src/remote/remote_protocol.x: Remove 'uri_in' parameter from
	  virMigratePrepareTunnel() method

	Move the VIR_DRV_FEATURE* constants
	Move the VIR_DRV_FEATURE* constants into libvirt_internal.h
	since these flags are indicating whether  APIs in the
	libvirt_internal.h file are supported by a driver

	* src/driver.h: Remove VIR_DRV_FEATURE* constants
	* src/libvirt_internal.h: Add VIR_DRV_FEATURE* constants, using
	  an enum instead of #define
	* src/internal.h: pull in libvirt_internal.h

	Fix configure.ac message vertical alignment
	* configure.in: Align messages in configuration summary

2009-10-09  Amy Griffis  <amy.griffis@hp.com>

	LXC add augeas support for config file
	* src/lxc/libvirtd_lxc.aug src/lxc/test_libvirtd_lxc.aug: augeas schemas
	  for lxc.conf
	* src/Makefile.am libvirt.spec.in: glue the new augeas files in

2009-10-08  Amy Griffis  <amy.griffis@hp.com>

	LXC add driver config file lxc.conf
	* src/lxc/lxc.conf: new configuration file, there is currently one
	  tunable "log_with_libvirtd" that controls whether an lxc controller will
	  log only to the container log file, or whether it will honor libvirtd's
	  log output configuration. This provides a way to have libvirtd and its
	  children log to a single file.  The default is to log to the container
	  log file.
	* src/Makefile.am libvirt.spec.in: add the new file
	* src/lxc/lxc_conf.[ch] src/lxc/lxc_driver.c: read the new log value
	  from the configuration file and pass the log informations when
	  starting up a container.

	LXC do not truncate container log files on restart
	* src/lxc/lxc_driver.c: use O_APPEND instead of O_TRUNC when opening
	  the log file on lxcVmStart()

	LXC initialize logging configuration
	* src/lxc/lxc_driver.c src/lxc/lxc_controller.c: before launching the
	  lxc controller, have the lxc driver query the log settings and setup
	  envp[]. This provides the advantage of honoring the actual log
	  configuration instead of only what had been set in the environment.
	  The lxc controller now simply has to call virLogSetFromEnv().

	Add debug for envp[] in virExecWithHook()
	* src/util/util.c: output some debug if caller of virExecWithHook have
	  set envp[]

	Add accessors for logging filters and outputs
	When configuring logging settings, keep more information about the
	output destination. Add accessors to retrieve the filter and output
	settings in the original string form; this to be used to set up
	environment for a child process that also logs.

	* src/util/logging.[ch]: add virLogGetFilters and virLogGetOutputs
	  accessors and modify the internals (including virLogDefineOutput())
	  to save the data needed for the accessors

	Add virFileAbsPath() utility
	* src/util/util.[ch]: Add virFileAbsPath() function to ensure an
	  absolute path for a potentially realtive path.
	* src/libvirt_private.syms: add it in libvirt private symbols

2009-10-08  Jamie Strandboge  <jamie@canonical.com>

	Documentation and examples for SVirt Apparmor driver
	* docs/drvqemu.html.in: include documentation for AppArmor sVirt
	  confinement
	* examples/apparmor/TEMPLATE examples/apparmor/libvirt-qemu
	  examples/apparmor/usr.lib.libvirt.virt-aa-helper
	  examples/apparmor/usr.sbin.libvirtd: example templates and
	  configuration files for SVirt Apparmor when using KVM/QEmu

	sVirt AppArmor security driver
	* configure.in: look for AppArmor and devel
	* src/security/security_apparmor.[ch] src/security/security_driver.c
	  src/Makefile.am: add and plug the new driver
	* src/security/virt-aa-helper.c: new binary which is used exclusively by
	  the AppArmor security driver to manipulate AppArmor.
	* po/POTFILES.in: registers the new files
	* tests/Makefile.am tests/secaatest.c tests/virt-aa-helper-test:
	  tests for virt-aa-helper and the security driver, secaatest.c is
	  identical to seclabeltest.c except it initializes the 'apparmor'
	  driver instead of 'selinux'

2009-10-08  Cole Robinson  <crobinso@redhat.com>

	cgroup: Fix -Werror breakage

2009-10-08  Daniel P. Berrange  <berrange@redhat.com>

	Misc win32 build fixes
	* daemon/Makefile.am: Fix missing sasl rule
	* src/datatypes.c: Add unistd.h to avoid gnulib bug
	* src/util/cgroup.c: Disable mntent if not available

2009-10-07  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Fix handling return value of qemuMonitorSetBalloon
	* src/qemu/qemu_driver.c: The positive return value of
	  qemuMonitorSetBalloon should be handled as a success

	LXC implement memory control APIs
	The patch implements the missing memory control APIs for lxc, i.e.,
	domainGetMaxMemory, domainSetMaxMemory, domainSetMemory, and improves
	domainGetInfo to return proper amount of used memory via cgroup.

	* src/libvirt_private.syms: Export virCgroupGetMemoryUsage
	  and add missing virCgroupSetMemory
	* src/lxc/lxc_driver.c: Implement missing memory functions
	* src/util/cgroup.c, src/util/cgroup.h: Add the function
	  to get used memory

2009-10-07  Jamie Strandboge  <jamie@canonical.com>

	Add a domain argument to SVirt *RestoreImageLabel
	When James Morris originally submitted his sVirt patches (as seen in
	libvirt 0.6.1), he did not require on disk labelling for
	virSecurityDomainRestoreImageLabel. A later commit[2] changed this
	behavior to assume on disk labelling, which halts implementations for
	path-based MAC systems such as AppArmor and TOMOYO where
	vm->def->seclabel is required to obtain the label.

	* src/security/security_driver.h src/qemu/qemu_driver.c
	  src/security/security_selinux.c: adds the 'virDomainObjPtr vm'
	  argument back to *RestoreImageLabel

2009-10-07  Chris Lalancette  <clalance@redhat.com>

	Fix up "make check"
	While running make check, I noticed that it was actually using
	the virsh binary from my system, in /usr/bin/virsh, and not the
	one that was just compiled.  This is actually caused by a bug
	in Makefile.am, where we didn't update the PATH to include tools.

	While here, I also updated all of the scripts to properly define
	the srcdir, abs_top_srcdir, and abs_top_builddir environment
	variables.  This is required if you want to be able to run the
	tests standalone (i.e. ./test instead of from make check).  I've
	tested this on both RHEL-5 and Fedora-10 machines, and make check
	works on both, as does running the individual tests by hand.

2009-10-06  Mark McLoughlin  <markmc@redhat.com>

	Create /var/log/libvirt/{lxc,uml} dirs
	Otherwise logrotate barfs:

	  error: error accessing /var/log/libvirt/uml: No such file or directory
	  error: libvirtd:1 glob failed for /var/log/libvirt/uml/*.log
	  error: found error in /var/log/libvirt/qemu/*.log /var/log/libvirt/uml/*.log /var/log/libvirt/lxc/*.log , skipping

	* qemud/Makefile.am: always create /var/log/libvirt/{lxc,uml} when
	  installing the logrotate conf; not ideal, but easier than making
	  the logrotate conf depend on which drivers are enabled

2009-10-06  Daniel P. Berrange  <berrange@redhat.com>

	Fix rebuilding of devhelp files
	The devhelp/ directory files depend on libvirt-api.xml being
	uptodate, but automake always processes SUBDIRS before the
	current directory. So devhelp would be built and then the
	libvirt-api.xml re-build, invalidating the devhelp data again.

	To fix this all the rules for devhelp are moved directly
	into the docs/Makefile.am allowing make to see the global
	dependancy chain and thus build things in the correct order

	* docs/Makefile.am: Add rules for devhelp rebuild
	* docs/devhelp/Makefile.am: Remove devhelp rebuild
	* configure.in: Remove docs/devhelp/Makefile.am

	Fix ordering of <exports> in API description file
	* docs/apibuild.py: Make uniq() function sort keys before returning
	  them to ensure consitent ordering of <exports> in XML file

2009-10-06  Cole Robinson  <crobinso@redhat.com>

	test: Support loading node device info from file/XML
	Also add some XML examples.

	node conf: Make parsing routines consistent with other drivers
	Add virNodeDeviceParseFile, and make virNodeDeviceParseNode non-static. These
	will be used by the test driver.

	test: Implement node device driver.
	Add a simple 'computer' device for the default driver. Only implement
	the basic calls, no creation or destroy happening.

	nodedev: Break out virNodeDeviceHasCap to node_conf
	Will be used by test driver node device implementation.

	nodedev: Add locking in nodeNumOfDevices

	test: Throw a proper error in GetBridgeName
	Throw error in GetBridgeName if net has no bridge.

	python: Add a newline after custom classes
	In the generated bindings, custom classes are squashed against the following
	class, which hurts readability.

	python: Fix generated virInterface method names
	A mistake in the generator was causing virInterface methods to be generated
	with unpredicatable names ('ceUndefine', instead of just 'undefine'). This
	fixes the method names to match existing convention.

	Does anyone care if we are breaking API compat? My guess is that no one is
	using the python interface bindings yet.

	python: Use a pure python implementation of 'vir*GetConnect'
	The API docs explictly warn that we shouldn't use the C vir*GetConnect calls
	in bindings: doing so can close the internal connection pointer and cause
	things to get screwy. Implement these calls in python.

	python: Don't generate bindings for vir*Ref
	They are only for use in implementing the bindings, so shouldn't be
	exposed to regular API users.

	python: Don't generate conflicting conn.createXML functions.
	A special case in the generator wasn't doing its job, and duplicate
	conn.createXML functions were being generated. The bindings diff is:

	@@ -1079,14 +1079,6 @@ class virConnect:
	         return __tmp

	     def createXML(self, xmlDesc, flags):
	-        """Create a new device on the VM host machine, for example,
	-           virtual HBAs created using vport_create. """
	-        ret = libvirtmod.virNodeDeviceCreateXML(self._o, xmlDesc, flags)
	-        if ret is None:raise libvirtError('virNodeDeviceCreateXML() failed', conn=self)
	-        __tmp = virNodeDevice(self, _obj=ret)
	-        return __tmp
	-
	-    def createXML(self, xmlDesc, flags):
	         """Launch a new guest domain, based on an XML description
	           similar to the one returned by virDomainGetXMLDesc() This
	           function may requires privileged access to the hypervisor.
	@@ -1327,6 +1319,14 @@ class virConnect:
	         __tmp = virNetwork(self, _obj=ret)
	         return __tmp

	+    def nodeDeviceCreateXML(self, xmlDesc, flags):
	+        """Create a new device on the VM host machine, for example,
	+           virtual HBAs created using vport_create. """
	+        ret = libvirtmod.virNodeDeviceCreateXML(self._o, xmlDesc, flags)
	+        if ret is None:raise libvirtError('virNodeDeviceCreateXML() failed', conn=self)
	+        __tmp = virNodeDevice(self, _obj=ret)
	+        return __tmp
	+
	     def nodeDeviceLookupByName(self, name):
	         """Lookup a node device by its name. """
	         ret = libvirtmod.virNodeDeviceLookupByName(self._o, name)

	python: Remove use of xmllib in generator.py
	xmllib has been deprecated since python 2.0, and running the generator throws
	a warning. Move to using xml.sax

	python: Remove FastParser from generator.
	FastParser uses sgmlop, a non-standard python module meant as a replacement
	for xmllib (which is deprecated since python 2.0). Fedora doesn't even carry
	this module, and the generator doesn't have high performance requirements, so
	just rip the code out.

	configure: Add explict --with-python option.
	--with-python currently already works for enabling/disabling the python
	bindings, but doesn't show up in the help output.

2009-10-05  Daniel Veillard  <veillard@redhat.com>

	526769 change logrotate config default to weekly
	* daemon/libvirtd.logrotate.in: change to weekly rotation of logs,
	  keep a month worth of data and also extend to cover LXC and UML
	  domain logs

2009-10-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in Makefile.am breaking NEWS file generation
	* docs/Makefile.am: Fix syntax error in NEWS rule, '$' should be '$$'
	  to escape correctly

	Fix emission of domain events messages
	The code which updated the message length after writing the
	payload wrote the updated length word in the wrong place since
	the XDR object was given a buffer pointing to the start of the
	header payload, rather than message start.

	* daemon/remote.c: Fix updating of event message length so that
	  we actually send the payload, not just the header

2009-10-02  Paolo Bonzini  <pbonzini@redhat.com>

	unbreak `make rpcgen'
	Fix "make rpcgen", broken by the directory reorganization.

	* src/Makefile.am (rpcgen): Fix path to rpcgen_fix.pl.

	unbreak migration
	Fix migration, broken in two different ways by the QEMU monitor
	abstraction.  Note that the QEMU console emits a "\r\n" as the
	line-ending.

	* src/qemu/qemu_monitor_text.c (qemuMonitorGetMigrationStatus):
	Fix "info migrate" command and its output's parsing.

2009-10-02  Chris Lalancette  <clalance@redhat.com>

	Tunnelled migration.
	Implementation of tunnelled migration, using a Unix Domain Socket
	on the qemu backend.  Note that this requires very new versions of
	qemu (0.10.7 at least) in order to get the appropriate bugfixes.

2009-10-01  Jiri Denemark  <jdenemar@redhat.com>

	Fix build in separate build directory
	* cfg.mk: use $(srcdir)/ prefix for Makefile.nonreentrant include
	* examples/domain-events/events-c/Makefile.am tools/Makefile.am
	  examples/hellolibvirt/Makefile.am: extend the include paths to
	  use $(top_srcdir)/include too.

2009-10-01  Paolo Bonzini  <pbonzini@redhat.com>

	Fix documentation and comment typos
	Fix a few mispellings :-) of "successfully" and regenerate
	docs/libvirt-*.xml.
	* src/libvirt.c: Fix typos.
	* src/secret/secret_driver.c: Fix typos.
	* docs/libvirt-api.xml: Regenerate.
	* docs/libvirt-refs.xml: Regenerate.

2009-10-01  Chris Lalancette  <clalance@redhat.com>

	Various monitor improvements for migration.
	The upcoming tunnelled migration needs to be able to set
	a migration in progress in the background, as well as
	be able to cancel a migration when a problem has happened.
	This patch allows for both of these to properly work.

2009-10-01  Mark McLoughlin  <markmc@redhat.com>

	Fix USB device re-labelling
	A simple misplaced break out of a switch results in:

	  libvir: error : Failed to open file '/sys/bus/pci/devices/0000:00:54c./vendor': No such file or directory
	  libvir: error : Failed to open file '/sys/bus/pci/devices/0000:00:54c./device': No such file or directory
	  libvir: error : this function is not supported by the hypervisor: Failed to read product/vendor ID for 0000:00:54c.

	when trying to passthrough a USB host device to qemu.

	* src/security_selinux.c: fix a switch/break thinko

2009-10-01  Daniel Veillard  <veillard@redhat.com>

	Avoid a libvirtd crash on broken input 523418
	* src/conf/domain_conf.c: a simple typo in an XML domain file could lead
	  to a crash, because we called STRPREFIX() on the looked up value without
	  checking it was non-null.

2009-10-01  Florian Vichot  <florian.vichot@diateam.net>

	Incorrect error message in virDomainNetDefParseXML
	* src/conf/domain_conf.c: when declaring a <interface type="bridge">
	  tag, <source> needs a "bridge" attribute, but the parser complains
	  about a missing "dev" attribute.

2009-09-30  Daniel Veillard  <veillard@redhat.com>

	Fix a few 'make rpm' breakages
	* Makefile.am: examples/domain-events/events-python should be added
	  to dist tarball
	* libvirt.spec.in: there is no makefile in domain-events but in
	  domain-events/events-c and python/libvirtclass.txt has vanished

	523639 Allows a <description> tag for domains
	* docs/schemas/domain.rng: allow one <description> tag in the top level
	  of the <domain> to store user information as text
	* src/conf/domain_conf.c src/conf/domain_conf.h: extend the structure
	  to store this text, grab it at parse time and save it back when
	  present after <uuid>

2009-09-30  Chris Lalancette  <clalance@redhat.com>

	Add src/util/storage_file.c to the POTFILES.in.

	Add a qemu feature flag for unix socket migration.

	Pass remote_message_header to the dispatch functions.
	This is necessary for the dispatch functions to be able to use
	streams in the future.

	Let remoteClientStream only do RX if requested.
	Right now, the stream stuff assumes that a stream is always
	going to be used for transmit.  This is not the case, and in
	fact doesn't work with the tunnelled migration stuff.  Add
	a flag to remoteClientStream() to allow it to do RX only.

	Fix up a few typos in the tree.

	Fix up some warnings from stream DEBUG statements.

2009-09-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix apibuild.py warnings
	Function comments for virStreamEvent{Add,Update,Remove}Callback() are
	missing a trailing ':'. Therefore apibuild.py fails to parse the comment
	and warns about the missing ':'.

	* docs/libvirt-api.xml, docs/libvirt-refs.xml: updated by apibuild.py
	* src/libvirt.c: add missing ':' in function comments

	Change signature of remoteSendStreamData() to fix compile warning
	The actual type of size_t is architecture dependent. Because the len
	parameter is used as unsigned int in remoteSendStreamData(), change its
	type to unsigned int.

	* daemon/dispatch.[ch]: change size_t to unsigned int for
	  remoteSendStreamData()

2009-09-30  Mark McLoughlin  <markmc@redhat.com>

	Re-label image file backing stores
	Use virStorageFileGetMetadata() to find any backing stores for images
	and re-label them

	Without this, qemu cannot access qcow2 backing files, see:

	  https://bugzilla.redhat.com/497131

	* src/security/security_selinux.c: re-label backing store files in
	  SELinuxSetSecurityImageLabel()

	Add virStorageFileGetMetadata() helper
	* src/util/storage_file.c: add virStorageFileGetMetadata() so that
	  the caller does not need to open the file

	Move virStorageGetMetadataFromFD() to libvirt_util
	Finally, we get to the point of all this.

	Move virStorageGetMetadataFromFD() to virStorageFileGetMetadataFromFD()
	and move to src/util/storage_file.[ch]

	There's no functional changes in this patch, just code movement

	* src/storage/storage_backend_fs.c: move code from here ...

	* src/util/storage_file.[ch]: ... to here

	* src/libvirt_private.syms: export virStorageFileGetMetadataFromFD()

	Introduce virStorageFileMetadata structure
	Introduce a metadata structure and make virStorageGetMetadataFromFD()
	fill it in.

	* src/util/storage_file.h: add virStorageFileMetadata

	* src/backend/storage_backend_fs.c: virStorageGetMetadataFromFD() now
	  fills in the virStorageFileMetadata structure

	Split virStorageGetMetadataFromFD() from virStorageBackendProbeTarget()
	Prepare the code probing a file's format and associated metadata for
	moving into libvirt_util.

	* src/storage/storage_backend_fs.c: re-factor the format and metadata
	  probing code in preparation for moving it

	Move file format enum to libvirt_util
	Rename virStorageVolFormatFileSystem to virStorageFileFormat and
	move to src/util/storage_file.[ch]

	* src/Makefile.am: add src/util/storage_file.[ch]

	* src/conf/storage_conf.[ch]: move enum from here ...

	* src/util/storage_file.[ch]: .. to here

	* src/libvirt_private.syms: update To/FromString exports

	* src/storage/storage_backend.c, src/storage/storage_backend_fs.c,
	  src/vbox/vbox_tmpl.c: update for above changes

2009-09-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix memory leaks in libvirtd's message processing
	Commit 47cab734995fa9521b1df05d37e9978eedd8d3a2 changed the way how
	qemud_client_message objects were reused. Before this commit
	remoteDispatchClientRequest() reused the received message for normal responses
	and to report non-fatal errors. If a fatal error occurred qemudWorker() frees
	the message. After this commit non-fatal errors are reported by
	remoteSerializeReplyError() using a new qemud_client_message object and the
	original message leaks.

	To fix this leak the original message has to be freed if
	remoteSerializeReplyError() succeeds. If remoteSerializeReplyError()
	fails the original message is freed in qemudWorker().

	* daemon/dispatch.c: free qemud_client_message objects that will not be reused
	  and would leak otherwise, also free the allocated qemud_client_message object
	  in remoteSerializeError() if an error occurs

2009-09-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU test suite with new VNC env variable
	* qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args,
	  qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args,
	  qemuxml2argvdata/qemuxml2argv-graphics-vnc.args,
	  qemuxml2argvdata/qemuxml2argv-input-xen.args: Add in
	  QEMU_AUDIO_DRV=none env variable

2009-09-29  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox vboxDomainDestroy forgot to wait for completion
	* src/vbox/vbox_tmpl.c: the vboxDomainDestroy forgot to wait for
	  completion of the PowerDown command

2009-09-29  Daniel P. Berrange  <berrange@redhat.com>

	Remove hand-crafted UUID parsers
	* src/libvirt.c: Remove hand-crafted UUID parsers in favour of
	  calling virParseUUID

	Allow control over QEMU audio backend
	When using VNC for graphics + keyboard + mouse, we shouldn't
	then use the host OS for audio. Audio should go back over
	VNC.

	When using SDL for graphics, we should use the host OS for
	audio since that's where the display is. We need to allow
	certain QEMU env variables to be passed through to guest
	too to allow choice of QEMU audio backend.

	* qemud/libvirtd.sysconf: Mention QEMU/SDL audio env vars
	* src/qemu_conf.c: Passthrough QEMU/SDL audio env for SDL display,
	  disable host audio for VNC display

	Handle data streams in remote client
	* src/remote_internal.c: Add helper APIs for processing data streams

	Handle outgoing data streams in libvirtd
	* daemon/dispatch.c: Set streamTX flag on outgoing data packets
	* daemon/qemud.h: Add streamTX flag to track outgoing data
	* daemon/qemud.c: Re-enable further TX when outgoing data packet
	  has been fully sent.
	* daemon/stream.h, daemon/stream.c: Add method for enabling TX.
	  Support reading from streams and transmitting data out to client

	Handle incoming data streams in libvirtd
	* daemon/stream.c: Handle incoming stream data packets, queuing until
	  stream becomes writable. Handle stream completion handshake
	* po/POTFILES.in: Add daemon/stream.c

	Helper functions for processing data streams in libvirtd
	Defines the extensions to the remote protocol for generic
	data streams. Adds a bunch of helper code to the libvirtd
	daemon for working with data streams.

	* daemon/Makefile.am: Add stream.c/stream.h to build
	* daemon/stream.c, qemud/stream.h: Generic helper functions for
	  creating new streams, associating streams with clients, finding
	  existing streams for a client and removing/deleting streams.
	* src/remote/remote_protocol.x: Add a new 'REMOTE_STREAM' constant
	  for the 'enum remote_message_type' for encoding stream data
	  in wire messages. Add a new 'REMOTE_CONTINUE' constant to
	  'enum remote_message_status' to indicate further data stream
	  messsages are expected to follow.  Document how the
	  remote_message_header is used to encode data streams
	* src/remote/remote_protocol.h: Regenerate
	* daemon/dispatch.c: Remove assumption that a error message
	  sent to client is always type=REMOTE_REPLY. It may now
	  also be type=REMOTE_STREAM. Add convenient method for
	  sending outgoing stream data packets. Log and ignore
	  non-filtered incoming stream packets. Add a method for
	  serializing a stream error message
	* daemon/dispatch.h:  Add API for serializing stream errors
	  and sending stream data packets
	* daemon/qemud.h: Add struct qemud_client_stream for tracking
	  active data streams for clients. Tweak filter function
	  operation so that it accepts a client object too.
	* daemon/qemud.c: Refactor code for free'ing message objects
	  which have been fully transmitted into separate method.
	  Release all active streams when client shuts down. Change
	  filter function to be responsible for queueing the message

	Add public API definition for data stream handling
	* include/libvirt/libvirt.h.in: Public API contract for
	  virStreamPtr object
	* src/libvirt_public.syms: Export data stream APIs
	* src/libvirt_private.syms: Export internal helper APIs
	* src/libvirt.c: Data stream API driver dispatch
	* src/datatypes.h, src/datatypes.c: Internal helpers for virStreamPtr
	  object
	* src/driver.h: Define internal driver API for streams
	* .x-sc_avoid_write: Ignore src/libvirt.c because it trips
	  up on comments including write()
	* python/Makefile.am: Add libvirt-override-virStream.py
	* python/generator.py: Add rules for virStreamPtr class
	* python/typewrappers.h, python/typewrappers.c: Wrapper
	  for virStreamPtr
	* docs/libvirt-api.xml, docs/libvirt-refs.xml: Regenerate
	  with new APIs

2009-09-29  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	Vbox call OpenHardDisk with "" instead of NULL
	* src/vbox/vbox_tmpl.c: UTF-16 fixed version of Florian Vichot initial
	  patch

2009-09-29  Jim Fehlig  <jfehlig@novell.com>

	Avoid double free in errors in virsh
	* tools/virsh.c: it was possible to get vshDeinit to call itself back
	  via vshError, remove the doexit parameter of vshError to avoid the
	  possibility and make sure to exit directly after in those case.

2009-09-29  Daniel P. Berrange  <berrange@redhat.com>

	Fix crash in device hotplug cleanup code
	* src/qemu/qemu_driver.c: Fix crash in scenario where XML
	  parsing of hotplugged device failed & thus 'dev' is NULL

	Standardize debugging messages in QEMU monitor code
	* src/qemu/qemu_monitor_text.c: Always print command and reply
	  in qemuMonitorCommandWithHandler. Print all args in each monitor
	  command API & remove redundant relpy printing

	Remove low level monitor APIs from header file
	* src/qemu/qemu_monitor_text.h: Remove qemudMonitorCommand,
	  qemudMonitorCommandWithFd, qemudMonitorCommandWithHandler,
	  qemudMonitorCommandExtra low level APIs
	* src/qemu/qemu_monitor_text.c: Replace s/qemud/qemuMonitor/

	Add API for issuing 'host_net_remove' monitor command
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Add new
	  qemuMonitorRemoveHostNetwork() command for removing host
	  networks
	* src/qemu/qemu_driver.c: Convert NIC hotplug methods over
	  to use qemuMonitorRemoveHostNetwork()

	Add API for issuing 'host_net_add' monitor command
	* src/qemu/qemu_conf.h, src/qemu/qemu_conf.c: Remove prefix arg
	  from qemuBuildHostNetStr which is no longer required
	* src/qemu/qemu_driver.c: Refactor to use qemuMonitorAddHostNetwork()
	  API for adding host network
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorAddHostNetwork() method for adding host networks

	Add API for issuing 'pci_add nic' monitor command
	* src/qemu/qemu_conf.c: Remove separator from qemuBuildNicStr()
	  args, and remove hardcoded 'nic' prefix. Leave it upto callers
	  instead
	* src/qemu/qemu_driver.c: Switch over to using the new
	  qemuMonitorAddPCINetwork() method for NIC hotplug
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorAddPCINetwork API for PCI network device hotplug

	Add API for issuing 'getfd' and 'closefd' monitor commands
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorCloseFileHandle and qemuMonitorSendFileHandle
	  APIs for processing file handles
	* src/qemu/qemu_driver.c: Convert NIC hotplug method over to
	  use   qemuMonitorCloseFileHandle and qemuMonitorSendFileHandle

	Add API for issuing 'pci_add storage' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  API qemuMonitorAddPCIDisk()
	* src/qemu/qemu_driver.c: Convert over to using the new
	  qemuMonitorAddPCIDisk() method, and remove now obsolete
	  qemudEscape() method

	Add API for issuing 'pci_del' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new API
	  qemuMonitorRemovePCIDevice() for removing PCI device
	* src/qemu/qemu_driver.c: Convert all places removing PCI devices
	  over to new qemuMonitorRemovePCIDevice() API

	Add API for issuing 'pci_add host' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  API qemuMonitorAddPCIHostDevice()
	* src/qemu/qemu_driver.c: Switch to using qemuMonitorAddPCIHostDevice()
	  for PCI host device hotplug

	Add APIs for sending 'usb_add' command for host devices
	One API adds an exact device based on bus+dev, the other adds
	any device matching vendor+product

	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorAddUSBDeviceExact() and qemuMonitorAddUSBDeviceMatch()
	  commands.
	* src/qemu/qemu_driver.c: Switch over to using the new
	    qemuMonitorAddUSBDeviceExact() and qemuMonitorAddUSBDeviceMatch()

	Add API for using 'usb_add' for disk devices
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorAddUSBDisk() API
	* src/qemu/qemu_driver.c: Switch USB disk hotplug to the new
	  src/qemu/qemu_driver.c API.

	Add API for issuing 'migrate' command with exec protocol
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorMigrateToCommand() API
	* src/qemu/qemu_driver.c: Switch over to using the
	  qemuMonitorMigrateToCommand() API for core dumps and save
	  to file APIs

	Add API for issuing a 'migrate' monitor command for TCP
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new API
	  qemuMonitorMigrateToHost() for doing TCP migration
	* src/qemu/qemu_driver.c: Convert to use qemuMonitorMigrateToHost().
	  Also handle proper URIs (tcp:// as well as tcp:)

	Add API for running 'info migration' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorGetMigrationStatus() command.
	* src/qemu/qemu_driver.c: Use new qemuMonitorGetMigrationStatus()
	  command to check completion status.

	Add API for issuing the 'migrate_set_speed' monitor command
	* src/qemu/qemu_driver.c: Use new qemuMonitorSetMigrationSpeed()
	  API during migration
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Add new
	  qemuMonitorSetMigrationSpeed() API

	Add API for issuing 'info blockstats' command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add a new
	  qemuMonitorGetBlockStatsInfo() command
	* src/qemu/qemu_driver.c: Remove directly use of blockstats in
	  favour of calling qemuMonitorGetBlockStatsInfo()

	Add APIs for issuing 'memsave' and 'pmemsave' monitor commands
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Add new APIs
	  qemuMonitorSaveVirtualMemory() and qemuMonitorSavePhysicalMemory()
	* src/qemu/qemu_driver.c: Use the new qemuMonitorSaveVirtualMemory()
	  and qemuMonitorSavePhysicalMemory() APIs

	Add APIs for issuing 'eject' and 'change dev' monitor commands
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new APis
	  qemuMonitorChangeMedia and qemuMonitorEjectMedia. Pull in code
	  for qemudEscape
	* src/qemu/qemu_driver.c: Remove code that directly issues 'eject'
	  and 'change' commands in favour of API calls.

	Add API for issuing 'balloon' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorSetBalloon() based on existing code in
	  qemudDomainSetMemoryBalloon
	* src/qemu/qemu_driver.c: Remove use of qemudDomainSetMemoryBalloon()
	  in favour of qemuMonitorSetBalloon(). Fix error code when balloon
	  is not supported

	Add API for running 'info balloon' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Pull old
	  qemudDomainGetMemoryBalloon() code into a new method called
	  qemuMonitorGetBalloonInfo()
	* src/qemu/qemu_driver.c: Update to call qemuMonitorGetBalloonInfo()
	  and remove qemudDomainGetMemoryBalloon().

	Add API for the 'system_powerdown' monitor command
	* src/qemu/qemu_driver.c: Remove use of 'system_powerdown'
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Add a new
	  qemuMonitorSystemPowerdown() api call

	Add API for 'stop' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add a new
	  qemuMonitorStopCPUs() API
	* src/qemu/qemu_driver.c: Replace direct monitor commands for 'stop'
	  with qemuMonitorStopCPUs()

	Rename qemudMonitorSendCont to qemuMonitorStartCPUs
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Rename
	  Rename qemudMonitorSendCont to qemuMonitorStartCPUs
	* src/qemu/qemu_driver.c: Update callers for new name

	Add API for 'change vnc password' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add a
	  new qemuMonitorSetVNCPassword() API
	* src/qemu/qemu_driver.c: Refactor qemudInitPasswords to
	  call qemuMonitorSetVNCPassword()

	Add API for 'info cpus' monitor command
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Add a new
	  qemuMonitorGetCPUInfo() command
	* src/qemu/qemu_driver.c: Refactor qemudDetectVcpuPIDs to
	  use qemuMonitorGetCPUInfo()

	Pull QEMU monitor interaction out to separate file
	Pull out all the QEMU monitor interaction code to a separate
	file. This will make life easier when we need to drop in a
	new implementation for the forthcoming QMP machine friendly
	monitor support.

	Next step is to add formal APIs for each monitor command,
	and remove direct commands for sending/receiving generic
	data.

	* src/Makefile.am: Add qemu_monitor.c to build
	* src/qemu/qemu_driver.c: Remove code for monitor interaction
	* src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: New
	  file for monitor interaction
	* po/POTFILES.in: Add src/qemu/qemu_monitor_text.c

2009-09-29  Laine Stump  <laine@laine.org>

	Maintain value of ctxt->node in virInterfaceDefParseDhcp
	* src/conf/interface_conf.c: This was causing subsequent calls to
	  virXPathxxx() to fail, since ctxt->node was left pointing at the
	  dhcp node, rather than the protocol node.

2009-09-29  Daniel Veillard  <veillard@redhat.com>

	Fix some XPath relative node resets
	* src/util/xml.c: The virXPath... function take extra care to preserve
	  the XPath context node (ctxt->node) but in the case of virXPathString
	  and virXPathBoolean they forgot to do this on the error path. This
	  patch fixes this and move all ctxt->node = relnode instuctions just
	  after the xmlXPathEval() to make sure this doesn't happen if this code
	  is modified.

2009-09-29  Mark McLoughlin  <markmc@redhat.com>

	util.h needs libvirt.h for virConnectPtr
	Seems standard to include internal.h in order to pull in libvirt.h

	* src/util/util.h: include internal.h

2009-09-28  Daniel P. Berrange  <berrange@redhat.com>

	Don't require full daemon install for libvirt python bindings
	* libvirt.spec.in: libvirt-python only needs to depend on
	  libvirt-clients

	Fix API doc extractor to stop munging comment formatting
	The python method help docs are copied across from the C
	funtion comments, but in the process all line breaks and
	indentation was being lost. This made the resulting text
	and code examples completely unreadable. Both the API
	doc extractor and the python generator were destroying
	whitespace & this fixes them to preserve it exactly.

	* docs/apibuild.py: Preserve all whitespace when extracting
	  function comments. Print function comment inside a <![CDATA[
	  section to fully preserve all whitespace. Look for the
	  word 'returns' to describe return values, instead of 'return'
	  to avoid getting confused with code examples including the
	  C 'return' statement.
	* python/generator.py: Preserve all whitespace when printing
	  function help docs
	* src/libvirt.c: Change any return parameter indicated by
	  'return' to be 'returns', to avoid confusing the API extractor
	* docs/libvirt-api.xml: Re-build for fixed descriptions

2009-09-24  Mark McLoughlin  <markmc@redhat.com>

	Fix cdub's surname spelling

2009-09-24  Daniel Veillard  <veillard@redhat.com>

	Added Matthias Bolte as commiter

2009-09-24  Charles Duffy  <charles@dyfis.net>

	Fix secret_driver compile warning, bug.
	Set def to NULL in secretLoad(), otherwise we can access a
	random pointer on error.

	Fix unitialized variable in qemudDomainDetachHostPciDevice()
	* src/qemu/qemu_driver.c: initialize detach var

2009-09-24  Mark McLoughlin  <markmc@redhat.com>

	Fix a typo in virNetHasValidPciAddr() too
	* src/conf/domain_conf.h: check domain/bus/slot, not domain/domain/slot

2009-09-24  Jiri Denemark  <jdenemar@redhat.com>

	Fix a typo in virDiskHasValidPciAddr()

2009-09-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX: Check if a datastore is accessible first
	An inaccessible datastore has no valid URL property so don't
	access its URI property.

	* src/esx/esx_vi.c: esxVI_LookupDatastoreByName(): check if datastore is
	  accessible before accessing its URL property
	* src/esx/esx_vmx.c: update to changed datastore properties

	ESX remove phantom mode
	* src/esx/esx_driver.c: remove phantom mode

	ESX replace esxUtil_EqualSuffix() with virFileHasSuffix()
	* src/esx/esx_util.[ch]: remove esxUtil_EqualSuffix()
	* src/esx/esx_driver.c, src/esx/esx_vmx.c: replace esxUtil_EqualSuffix()
	  with virFileHasSuffix()

	ESX add esxDomainDefineXML()
	A given domain XML gets converted to a VMX config, uploaded to the host
	and registered as new virtual machine.

	* src/esx/esx_driver.c: refactor datastore related path parsing into
	  esxUtil_ParseDatastoreRelatedPath()
	* src/esx/esx_util.[ch]: add esxUtil_ParseDatastoreRelatedPath()
	* src/esx/esx_vi.[ch]: add esxVI_Context_UploadFile(), add datastores to
	  the traversal in esxVI_BuildFullTraversalSpecList(), add
	  esxVI_LookupDatastoreByName()
	* src/esx/esx_vi_methods.[ch]: add esxVI_RegisterVM_Task()
	* src/esx/esx_vi_types.c: make some error message more verbose
	* src/esx/esx_vmx.[ch]: add esxVMX_AbsolutePathToDatastoreRelatedPath()
	  to convert a path into a datastore related path, add esxVMX_ParseFileName()
	  to convert from VMX path format to domain XML path format, extend the other
	  parsing function to be datastore aware, add esxVMX_FormatFileName() to
	  convert from domain XML path format to VMX path format, fix VMX ethernet
	  entry formating
	* tests/esxutilstest.c: add test for esxUtil_ParseDatastoreRelatedPath()
	* tests/vmx2xmldata/*: update domain XML files to use datastore related paths
	* tests/xml2vmxdata/*: update domain XML files to use datastore related paths,
	  update VMX files to use absolute paths

	ESX add esxVI_Occurence enum to for occurences
	Add esxVI_Occurence enum to describe expected occurence of items
	* src/esx/esx_driver.c: update the use of esxVI_LookupVirtualMachineByUuid()
	* src/esx/esx_vi.c: add an esxVI_Occurence parameter to
	  esxVI_LookupVirtualMachineByUuid() and take care if esxVI_FindByUuid()
	  can't find anything for a given uuid
	* src/esx/esx_vi.h: add esxVI_Occurence enum
	* src/esx/esx_vi_methods.c: expect null or more items to be returned
	  from esxVI_FindByUuid()

	ESX Whitespace cleanup

	ESX add x86_64 detection based on the CPUID
	* src/esx/esx_driver.c: add esxSupportsLongMode() and update esxCapsInit()
	* src/esx/esx_vi.[ch]: Add AnyType handling for lists
	* src/esx/esx_vi_types.c: bind VI type HostCpuIdInfo

	ESX add tests for the VMX to/from domain XML mapping
	* tests/.gitignore: ignore new test binaries
	* tests/Makefile.am: add new tests
	* tests/esxutilstest.c: test esxVMX_IndexToDiskName()
	* tests/vmx2xmldata/*: config files for the VMX to domain XML test
	* tests/vmx2xmltest.c: test the VMX to domain XML mapping
	* tests/xml2vmxdata/*: config files for the domain XML to VMX test
	* tests/xml2vmxtest.c: test the domain XML to VMX mapping

	ESX Add esxDomainXMLToNative()
	Extend and cleanup the VMX to domain XML mapping. Add the domain XML to
	VMX mapping functions.

	* src/esx/esx_driver.c: add esxDomainXMLToNative()
	* src/esx/esx_vmx.[ch]: add esxVMX_SCSIDiskNameToControllerAndID(),
	  esxVMX_IDEDiskNameToControllerAndID(), esxVMX_FloppyDiskNameToController(),
	  esxVMX_GatherSCSIControllers(), add basic handling for the VMX guestOS entry
	  to distinguish between i686 and x86_64, make SCSI virtualDev VMX entry
	  optional as it should be, map the VMX networkName entry to the domain XML
	  interface bridge name, add basic mapping for serial devices in pipe mode,
	  add several esxVMX_Format*() functions

	ESX Set challenge for auth callback to hostname
	This enables the auth callback to automatically distinguish between
	requests for ESX host and vCenter credentials.

	* src/esx/esx_util.[ch]: set challenge for auth callback to hostname

	ESX Add esxNodeGetFreeMemory()
	* src/esx/esx_driver.c: add esxNodeGetFreeMemory(), cache IP address
	* src/esx/esx_vi.[ch]: refactor resource pool query into esxVI_GetResourcePool()
	* src/esx/esx_vi_types.[ch]: bind VI type ResourcePoolResourceUsage

2009-09-23  Chris Lalancette  <clalance@redhat.com>

	Fix up "make syntax-check" after the tree restructuring.

2009-09-23  Paolo Bonzini  <pbonzini@redhat.com>

	network: add 'bootp' and 'tftp' config
	Currently, libvirtd will start a dnsmasq process for the virtual
	network, but (aside from killing the dnsmasq process and replacing it),
	there's no way to define tftp boot options.

	This change introduces the appropriate tags to the dhcp configuration:

	 <network>
	   <name>default</name>
	   <bridge name="virbr%d" />
	   <forward/>
	   <ip address="192.168.122.1" netmask="255.255.255.0">
	     <tftp root="/var/lib/tftproot" />
	     <dhcp>
	       <range start="192.168.122.2" end="192.168.122.254" />
	       <bootp file="pxeboot.img"/>
	     </dhcp>
	   </ip>
	 </network>

	When the attributes are present, these are passed to the
	arguments to dnsmasq:

	 dnsmasq [...] --enable-tftp --tftp-root /srv/tftp --dhcp-boot pxeboot.img
	               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^
	                      from <tftp />                     from <bootp />

	At present, only local tftp servers are supported (ie, dnsmasq runs as
	the tftp server), but we could improve this in future by adding a
	server= attribute.


	2009-09-21  Paolo Bonzini  <pbonzini@redhat.com>
	            Jeremy Kerr  <jk@ozlabs.org>

		* docs/formatnetwork.html.in: Document new tags.
		* docs/formatnetwork.html: Regenerate.
		* docs/schemas/network.rng: Update.
		* src/network_conf.c (virNetworkDefFree): Free new fields.
		(virNetworkDHCPRangeDefParseXML): Parse <bootp>.
		(virNetworkIPParseXML): New, parsing <dhcp> and <tftp>.
		(virNetworkDefParseXML): Use virNetworkIPParseXML instead of
		virNetworkDHCPRangeDefParseXML.
		(virNetworkDefFormat): Pretty print new fields.
		* src/network_conf.h (struct _virNetworkDef): Add netboot fields.
		* src/network_driver.c (networkBuildDnsmasqArgv): Add
		TFTP and BOOTP arguments.

		* tests/Makefile.am (EXTRA_DIST): Add networkschemadata.
		* tests/networkschematest: Look in networkschemadata.
		* tests/networkschemadata/netboot-network.xml: New.

2009-09-23  Chris Lalancette  <clalance@redhat.com>

	Introduce virStrncpy.
	Add the virStrncpy function, which takes a dst string, source string,
	the number of bytes to copy and the number of bytes available in the
	dest string.  If the source string is too large to fit into the
	destination string, including the \0 byte, then no data is copied and
	the function returns NULL.  Otherwise, this function copies n bytes
	from source into dst, including the \0, and returns a pointer to the
	dst string.  This function is intended to replace all unsafe uses
	of strncpy in the code base, since strncpy does *not* guarantee that
	the buffer terminates with a \0.

2009-09-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix handling of Xen(ner) detection
	Latest upstream QEMU can be built with Xen support, which introduces
	a -xen-domid argument. This was  mistakenly detected as -domid due
	to old Xenner support. Adapt to cope with both syntax. Also only
	set domid if the virt type is xen, or the guest type is xen

	* src/qemu_conf.c, src/qemu_conf.h: Detect new -xen-domid flag in
	  preference to -domid.
	* tests/qemuxml2argvdata/qemuxml2argv-bootloader.args,
	  tests/qemuxml2argvdata/qemuxml2argv-input-xen.args: Add missing
	  -domid param
	* tests/qemuxml2argvdata/qemuxml2argv-misc-uuid.args: Remove bogus
	  -boot param.
	* tests/qemuxml2argvtest.c: Add missing QEMUD_CMD_FLAG_DOMID params

	Ignore auto-generated header file
	* include/libvirt/.gitignore: Ignore libvirt.h

2009-09-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix xen driver refcounting.
	The commit cb51aa48a777ddae6997faa9f28350cb62655ffd "Fix up connection
	reference counting." changed the driver closing and virConnectPtr
	unref-logic in virConnectClose().

	Before this commit virConnectClose() closed all drivers of the given
	virConnectPtr and virUnrefConnect()'ed it afterwards. After this
	commit the driver-closing is done in virUnrefConnect() if and only if
	the ref-count of the virConnectPtr dropped to zero.

	This change in execution order leads to a virConnectPtr leak, at least
	for connections to Xen.

	The relevant call sequences:

	virConnectOpen() -> xenUnifiedOpen() ...

	... xenInotifyOpen() -> virConnectRef(conn)

	... xenStoreOpen() -> xenStoreAddWatch() -> conn->refs++

	virConnectClose() -> xenUnifiedClose() ...

	... xenInotifyClose() -> virUnrefConnect(conn)

	... xenStoreClose() -> xenStoreRemoveWatch() -> virUnrefConnect(conn)

	Before the commit this additional virConnectRef/virUnrefConnect calls
	where no problem, because virConnectClose() closed the drivers
	explicitly and the additional refs added by the Xen subdrivers were
	removed properly. After the commit this additional refs result in a
	virConnectPtr leak (including a leak of the hypercall file handle;
	that's how I noticed this problem), because now the drivers are only
	close if and only if the ref-count drops to zero, but this cannot
	happen anymore, because the additional refs from the Xen subdrivers
	would only be removed if the drivers get closed, but that doesn't
	happen because the ref-count cannot drop to zero.

	The fix for this problem is simple: remove the
	virConnectRef/virUnrefConnect calls from the Xen subdrivers (see
	attached patch). Maybe someone could explain why the Xen Inotify and
	Xen Store driver do this extra ref-counting, but none of the other Xen
	subdrivers. It seems unnecessary to me and can be removed without
	problems.

2009-09-22  Dan Kenigsberg  <danken@redhat.com>

	Fix a number of small typos

2009-09-22  Ryota Ozaki  <ozaki.ryota@gmail.com>

	lxc: suspend/resume support
	* src/conf/domain_conf.c: Don't assume all virDomainObjPtr have
	  a non-NULL monitor_chr field in virDomainObjFormat.
	* src/lxc/lxc_driver.c: Implement suspend/resume driver APis
	* src/util/cgroup.c, src/util/cgroup.h: Support the 'freezer'
	  cgroup controller
	* src/libvirt_private.syms: Export virCgroupSetFreezerState
	  and virCgroupGetFreezerState

2009-09-22  Yuji NISHIDA  <nishidy@nict.go.jp>

	OpenVZ Fix a restriction about domain names
	* src/openvz/openvz_driver.c: try to autogenerate a non-conflicting
	  id for the domain and use the name field as the name not as id.

2009-09-22  Florian Vichot  <florian.vichot@diateam.net>

	add doc for graphic and video elements
	* docs/formatdomain.html.in: explain the new syntax of the video and
	  graphic elements in the domain XML

2009-09-22  Charles Duffy  <charles@dyfis.net>

	prevent attempt to call cat -c during virDomainSave to raw
	This was prevent virDomainSave from working properly by default,
	which is a bad thing.

2009-09-22  Chris Lalancette  <clalance@redhat.com>

	Fix up 'neccessary -> necessary' in a comment.

	Don't do virSetConnError when virDrvSupportsFeature is successful.

	Fix a double-free in qemudRunLoop()

	Fix up comments for domainXML{To,From}Native.

	Simple fix of a comment in qemuStringToArgvEnv.

	Remove an unnecessary variable from remoteIOReadMessage().

2009-09-21  Daniel P. Berrange  <berrange@redhat.com>

	Remove auto-generated header file from repo
	* include/libvirt/libvirt.h: Delete auto-generated file

	Tweak specfile to fix RHEL6 rules & ESX/PHYP enablement
	* libvirt.spec.in: ESX/PHYP drivers do not require libvirtd.
	  RHEL-6 should include LXC on all arches

	Move example XML files into examples/xml
	* docs/storage/: Move to examples/xml/storage/
	* docs/test*.xml: Move to examples/xml/test/
	* docs/Makefile.am: Remove example XML files from dist
	* Makefile.am: Add examples/xml to EXTRA_DIST
	* tests/virshtest.c: Update for moved test XML
	* libvirt.spec.in: Include example XML files as docs
	* tests/int-overflow: UPdate for moved XML

	Remove all generated docs from source control
	* docs/*.html, docs/devhelp/*.html, docs/html/*.html: Delete
	* docs/.gitignore, docs/devhelp/.gitignore, docs/html/.gitignore:
	  Ignore generated docs files
	* docs/Makefile.am: Rebuild all HTML docs for 'all' target
	  and include them in EXTRA_DIST and CLEANFILES
	* docs/devhelp/Makefile.am: Include HTML in CLEANFILES

	Fix missing data file in qemuhelpdata
	* tests/Makefile.am: Add missing data file to extra dist

	Misc syntax-check fixes

	Move remote protocol definition into src/remote/
	When making changes to the remote protocol, src/ is always built
	first, so rpcgen should live there, to avoid having to run make
	in the 'daemon/' directory before building src/

	* src/Makefile.am: Add rules for rpcgen, and drop -I../daemon from
	  remote client build
	* daemon/Makefile.am: Add -I../src/remote/ to libvirtd build
	  and remove rpcgen rules
	* daemon/libvirtd.c: Adapt include of remote_driver.h taking
	  into account new -I flag
	* daemon/remote_protocol.c, daemon/remote_protocol.h,
	  daemon/remote_protocol.x: Move to src/remote/
	* daemon/rpcgen_fix.pl: Move to src/remote/rpcgen_fix.pl

	Add a README file to src/ explaining the directory structure
	* src/README: New file

	Move all shared utility files to src/util/
	* src/bridge.c, src/bridge.h, src/buf.c, src/buf.h, src/cgroup.c,
	  src/cgroup.h, src/conf.c, src/conf.h, src/event.c, src/event.h,
	  src/hash.c, src/hash.h, src/hostusb.c, src/hostusb.h,
	  src/iptables.c, src/iptables.h, src/logging.c, src/logging.h,
	  src/memory.c, src/memory.h, src/pci.c, src/pci.h, src/qparams.c,
	  src/qparams.h, src/stats_linux.c, src/stats_linux.h,
	  src/threads-pthread.c, src/threads-pthread.h, src/threads-win32.c,
	  src/threads-win32.h, src/threads.c, src/threads.h, src/util.c,
	  src/util.h, src/uuid.c, src/uuid.h, src/virterror.c,
	  src/virterror_internal.h, src/xml.c, src/xml.h: Move all files
	  into src/util/
	* daemon/Makefile.am: Add -Isrc/util/ to build flags
	* src/Makefile.am: Add -Isrc/util/ to build flags and update for
	  moved files
	* src/libvirt_private.syms: Export cgroup APIs since they're now
	  in util rather than linking directly to drivers
	* src/xen/xs_internal.c: Disable bogus virEventRemoveHandle call
	  when built under PROXY
	* proxy/Makefile.am: Update for changed file locations. Remove
	  bogus build of event.c
	* tools/Makefile.am, tests/Makefile.am: Add -Isrc/util/ to build flags

	Move all XML configuration handling to src/conf/
	* src/capabilities.c, src/capabilities.h, src/domain_conf.c,
	  src/domain_conf.h, src/domain_event.c, src/domain_event.h,
	  src/interface_conf.c, src/interface_conf.h,
	  src/network_conf.c, src/network_conf.h, src/node_device_conf.c,
	  src/node_device_conf.h, src/secret_conf.c, src/secret_conf.h,
	  src/storage_conf.c, src/storage_conf.h, src/storage_encryption_conf.c,
	  src/storage_encryption_conf.h: Move to src/conf/
	* src/Makefile.am: Add -Isrc/conf to the individual build targets
	  which need to use XML config APIs. Remove LIBXML_CFLAGS, LIBSSH2_CFLAGS
	  and SELINUX_CFLAGS from global INCLUDES and only have them in build
	  targets which actually need them.  Create a libvirt_conf.la
	  convenience library for all config parsers
	* src/hostusb.h: Remove bogus include of domain_conf.h
	* tests/Makefile.am: Add -Isrc/conf. Remove bogus -I$builddir/src
	  since it never has any generated header files
	* daemon/Makefile.am: Add -Isrc/conf
	* proxy/Makefile.am: Add -Isrc/conf and cope with renamed files
	* src/hash.c: Remove bogus include of libxml/threads.h

	Make pki_check.sh into an installed & supported tool
	* docs/pki_check.sh: Move to tool/virt-pki-validate.in and add
	  in POD man page documentation
	* tools/.gitignore: Ignore generated virt-pki-validate file
	* tools/Makefile.am: Install & build virt-pki-validate and
	  virt-pki-validate.1
	* docs/remote.html, docs/remote.html.in: Refer to new tool
	  name virt-pki-validate
	* libvirt.spec.in, mingw32-libvirt.spec.in: Add virt-pki-validate
	  and virt-pki-validate.1 to files list

	Re-arrange python generator to make it clear what's auto-generated
	* README: New file describing what each file is used for
	* livvirt-override.c, libvirt-override.py, libvirt-override-api.xml,
	  libvirt-override-virConnect.py: Manually written code overriding
	  the generator
	* typewrappers.c, typewrappers.h: Data type wrappers
	* generator.py: Automatically pre-prend contents of libvirt-override.py
	  to generated libvirt.py. Output into libvirt.py directly instead of
	  libvirtclass.py. Don't generate libvirtclass.txt at all. Write C
	  files into libvirt.c/.h directly
	* Makefile.am: Remove rule for creating libvirt.py from libvirt-override.py
	  and libvirtclass.py, since generator.py does it directly

	Remove obsolete files
	* docs/Goals, RENAMES, mylibtool: Removed

	Move docs/examples into examples/
	* Makefile.am: Add examples/dominfo examples/domsuspend examples/python
	  as SUBDIRS
	* configure.in: Update AC_OUTPUT for new/old Makefiles
	* docs/Makefile.am: Remove examples from SUBDIRS
	* docs/examples/info1.c: Move to examples/dominfo/info1.c
	* docs/examples/suspend.c: Move to examples/domsuspend/suspend.c
	* docs/examples: Remove all remaining files
	* docs/examples/python: Moved to examples/python/
	* examples/dominfo/Makefile.am, examples/domsuspend/Makefile.am: New
	  build files
	* libvirt.spec.in: Update to take account of moved examples

	Remove unused images from docs/ directory
	* 16favicon.png, Libxml2-Logo-90x34.gif, libvirHeader.png,
	  libvirLogo.png, windows-cygwin-1.png, windows-cygwin-2.png,
	  windows-cygwin-3.png: Remove unreferenced files
	* Makefile.am: Remove deleted files from EXTRA_DIST

	Rename daemon main code
	* daemon/qemud.c: Rename to daemon/libvirtd.c
	* daemon/qemud.h: Rename to daemon/libvirtd.h
	* daemon/Makefile.am, daemon/dispatch.h, daemon/mdns.c,
	  daemon/remote.h: Update for renamed libvirtd.h file

	Move config files to align with driver sources
	* daemon/default-network.xml: Move to src/network/default.xml
	* daemon/libvirtd_qemu.aug, daemon/test_libvirtd_qemu.aug: Move
	  to src/qemu/
	* src/qemu.conf: Move to src/qemu/qemu.conf
	* daemon/Makefile.am: Remove rules for default-nmetwork.xml and
	  libvirtd_qemu.aug and test_libvirtd_qemu.aug. Fix typo in
	  uninstall-local that would install polkit again.
	* src/Makefile.am: Add rules for installing network/default.xml
	  and the qemu/*.aug files. Add test case for QEMU augeas files.
	  Add uninstall-local rule for files/directories created during
	  install. Rename install-exec-local to install-data-local.
	  Only install qemu.conf if WITH_QEMU is set.
	* tests/networkschematest: Update for XML location move

	Move virsh into tools/ directory
	Move the virsh tool and its man page into the tools directory

	* Makefile.am: Remove rules for virsh.1 man page
	* virsh.1: Remove auto-generated file
	* docs/Makefile.am: Remove rules for virsh.pod man page
	* docs/virsh.pod: Move to tools/ directory
	* src/Makefile.am, src/.gitignore: Remove rules for virsh
	* src/console.c, src/console.h, src/*.ico, src/virsh_win_icon.rc,
	  src/virsh.c: Move into tools/ directory
	* tools/Makefile.am: Add rules for building virsh
	* tools/.gitignore: Ignore virsh built files
	* tests/virshtest.c, tests/int-overflow: Update for new
	  virsh location

	Move security drivers to src/security/
	* src/Makefile.am, src/qemu/qemu_conf.h, src/qemu/qemu_driver.c,
	  tests/seclabeltest.c: Adapt for changed paths
	* src/security.c: Rename to src/security/security_driver.c
	* src/security.h: Rename to src/security/security_driver.h
	* src/security_selinux.c, src/security_selinux.h: Move to src/security/

	Move secret driver into src/secret/
	* daemon/qemud.c, src/Makefile.am: Adapt for changed paths
	* src/secret_driver.c, src/secret_driver.h: Move to src/secret/

	Move netcf interface driver into src/interface/
	* daemon/qemud.c, src/Makefile.am: Adapt for changed paths
	* src/interface_driver.c: Rename to src/interface/netcf_driver.c
	* src/interface_driver.h: Rename to src/interface/netcf_driver.h

	Move network driver into src/network
	* daemon/qemud.c, src/Makefile.am: Adapt for changed paths
	* src/network_driver.c: Rename to src/network/bridge_driver.c
	* src/network_driver.h: Rename to src/network/bridge_driver.h

	Move remote driver to src/remote/
	* daemon/mdns.c: Remove bogus include
	* daemon/qemud.c, src/Makefile.am, src/libvirt.c: Adapt for
	  changed paths
	* src/remote_internal.c: Rename to src/remote/remote_driver.c
	* src/remote_internal.h: Rename to src/remote/remote_driver.h

	Move test driver into src/test/
	* src/Makefile.am, src/libvirt.c: Adjust for changed paths
	* src/test.c: Rename to src/test/test_driver.c,
	* src/test.h: Rename to src/test/test_driver.h

	Move node device drivers to src/node_device/
	* daemon/qemud.c, src/Makefile.am: Update for changed paths
	* src/node_device*.{h,c}: Move to src/node_device/
	* src/storage/storage_backend.c: Remove bogus import of node_device.c

	Move storage drivers into src/storage/
	* daemon/qemud.c, src/Makefile.am: Adapt for changed paths
	* src/storage*.c, src/storage/*.h, src/parthelpre.c: Move
	  to src/storage/

	Move OpenVZ driver to src/openvz/
	* src/openvz_conf.c, src/openvz_conf.h, src/openvz_driver.c,
	  src/openvz_driver.h: Move to src/openvz/
	* src/Makefile.am, src/libvirt.c: Adjust for changed paths

	Move UML driver to src/uml/
	* src/uml_conf.c, src/uml_conf.h, src/uml_driver.c,
	  src/uml_driver.h: Move to src/uml/
	* daemon/qemud.c, src/Makefile.am: Adjust for changed paths

	Move QEMU driver to src/qemu/
	* src/qemu_conf.c, src/qemu_conf.h, src/qemu_driver.c,
	  src/qemu_driver.h: Move to src/qemu/
	* daemon/qemud.c, src/Makefile.am, tests/qemuargv2xmltest.c,
	  tests/qemuhelptest.c, tests/qemuxml2argvtest.c,
	  tests/qemuxml2xmltest.c: Adapt for changed paths

	Move LXC driver into src/lxc/
	* src/lxc_conf.c, src/lxc_conf.h, src/lxc_container.c,
	  src/lxc_container.h, src/lxc_controller.c, src/lxc_driver.c,
	  src/lxc_driver.h, src/veth.c, src/veth.h: Move to src/lxc/
	* src/opennebula/one_driver.c: Remove bogus veth.h include
	* src/Makefile.am: Adjust for lxc paths
	* daemon/qemud.c: Adjust include for lxc

	Move xen driver code into src/xen/ directory
	* src/Makefile.am, src/proxy_internal.c, src/proxy_internal.h
	  src/sexpr.c, src/sexpr.h, src/xen_unified.c, src/xen_unified.h,
	  src/xen_internal.c, src/xen_internal.h, src/xen_inotify.c,
	  src/xen_inotify.h, src/xend_internal.c, src/xend_internal.h,
	  src/xm_internal.c, src/xm_internal.h, src/xs_internal.c,
	  src/xs_internal.h: Move to src/xen/ directory
	* proxy/Makefile.am, proxy/libvirt_proxy.c, src/Makefile.am,
	  src/libvirt.c, tests/sexpr2xmltest.c, tests/statstest.c,
	  tests/xencapstest.c, tests/xmconfigtest.c, tests/xml2sexprtest.c:
	  Adapt to changed xen location
	* src/stats_linux.h, src/stats_linux.c: Remove xen specific block
	  stats APIs
	* src/qemu_driver.c, src/uml_driver.c: Add missing sys/un.h include
	  uncovered after change to stats_linux.h
	* src/xen/block_stats.h, src/xen/block_stats.c: Add xen specific
	  block stats APIs

	Rename qemud/ directory to daemon/
	* qemud/: Rename to daemon/
	* Makefile.am, configure.in, src/Makefile.am, src/remote_internal.c,
	  tests/Makefile.am, tests/eventtest.c: s/qemud/daemon/ where needed

	Refactor libvirt.spec to allow client-only builds
	Some architectures in certain RHEL versions do not include any
	hypervisors. Update the specfile to allow those to easily build
	a remote client only version of libvirt. ie no libvirtd related
	bits at all.

	* qemud/Makefile.am: Always instal SASL config since its needed
	  by client too
	* libvirt.spec.in: Re-factor specfile conditionals to allow entire
	  server side build to be disabled easily, eg a remote client only
	  build. Make RHEL-5 do client only build for s390/ppc. Make RHEL-6
	  do a client only build for all non-x86_64 archs. Enable LXC on
	  RHEL-6. Enable all Fedora >= 6 features on RHEL-6 too. Add some
	  more conditionals around dnsmasq/iptables/hal Requires tags.
	  Add missing e2fsprogs-devel BR for RHEL-5 as workaround for broken
	  parted. Fix the device mapper BR for RHEL-5. Add conditional rules
	  for ESX build. Add conditional rules for SELinux + HAL builds.
	  Fix a mistaken %{with_qemu} to be %{with_network} when setting
	  up default network XML

2009-09-21  Mark McLoughlin  <markmc@redhat.com>

	Fix leak in PCI hostdev hot-unplug
	* src/qemu_driver.c: sync the hostdev hot-unplug code with the disk/net
	  code.

2009-09-17  Mark McLoughlin  <markmc@redhat.com>

	Fix net/disk hot-unplug segfault
	When we hot-unplug the last device, we're currently double-freeing
	the device definition.

	Reported by Martin Banas here:

	  https://bugzilla.redhat.com/523953

	* src/qemu_driver.c: fix double free

2009-09-16  Shahar Klein  <shaharklein@yahoo.com>

	ESX add support for vmxnet3 virtual device
	* src/esx/esx_vmx.c: add it to the list of accepted devices when
	  parsing the Ethernet section.

2009-09-15  Jim Meyering  <meyering@redhat.com>

	doc: don't emit trailing blanks into generated and VC'd NEWS file
	* docs/Makefile.am ($(top_builddir)/NEWS): Filter out trailing
	white space.

2009-09-15  Daniel Veillard  <veillard@redhat.com>

	More whitespace problems

	Fix some last minute whitespace problems.

	Release of libvirt 0.7.1
	* configure.in docs/news.html.in libvirt.spec.in src/libvirt_public.syms:
	  updates to new release
	* NEWS docs/devhelp/libvirt-libvirt.html docs/html/libvirt-libvirt.html
	  docs/libvirt-api.xml docs/libvirt-refs.xml docs/news.html
	  include/libvirt/libvirt.h: regenerated

	Update a number of localizations and regenerate
	* as.po bn_IN.po de.po gu.po hi.po kn.po ko.po ml.po mr.po or.po pa.po
	  pl.po ta.po te.po zh_CN.po got updated

2009-09-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix dlopen of secrets driver
	* src/Makefile.am: Add gnulib.la for base64 functions
	* src/libvirt_private.syms: Export virFileNameMatchesSuffix

	Add UUID definition required by storage encryption import
	* docs/schemas/storagevol.rng: storage encryption rules require
	  that UUID type be defined

	Remove accidentally added UUID re-definition in storage schema
	* docs/schemas/storageencryption.rng: Remove UUID definition
	  since its provided by the domain.rng/storagevol.rng schemas
	  that import this

	Rebuild API docs

	Make secrets RNG more strict
	* docs/schemas/secret.rng: Require volume element to be an absolute
	  path. Fix whitespace indentation

	Fill in secret UUID for qcow encryption
	* src/storage_backend_fs.c: Lookup & fill in secret passphrase UUID
	  for storage volumes using encryption

	Add usage type/id as a public API property of virSecret
	* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add
	  virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage
	* python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID
	  as not throwing exceptions
	* qemud/remote.c: Implement dispatch for virLookupSecretByUsage
	* qemud/remote_protocol.x: Add usage type & ID as attributes of
	  remote_nonnull_secret. Add RPC calls for new public APIs
	* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
	  qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
	  qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
	* src/datatypes.c, src/datatypes.h: Add usageType and usageID as
	  properties of virSecretPtr
	* src/driver.h: Add virLookupSecretByUsage driver entry point
	* src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID
	  and virLookupSecretByUsage
	* src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID
	  and virLookupSecretByUsage
	* src/remote_internal.c: Implement virLookupSecretByUsage entry
	* src/secret_conf.c, src/secret_conf.h: Remove the
	  virSecretUsageType enum, now in public API. Make volume
	  path mandatory when parsing XML
	* src/secret_driver.c: Enforce usage uniqueness when defining secrets.
	  Implement virSecretLookupByUsage api method
	* src/virsh.c: Include usage for secret-list command

	Fix UUID handling in secrets/storage encryption APIs
	Convert all the secret/storage encryption APIs / wire format to
	handle UUIDs in raw format instead of non-canonical printable
	format. Guarentees data format correctness.

	* docs/schemas/storageencryption.rng: Make UUID mandatory for a secret
	  and validate fully
	* docs/schemas/secret.rng: Fully validate UUID
	* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add
	  virSecretLookupByUUID and virSecretGetUUID. Make
	  virSecretGetUUIDString follow normal API design pattern
	* python/generator.py: Skip generation of virSecretGetUUID,
	  virSecretGetUUIDString and virSecretLookupByUUID
	* python/libvir.c, python/libvirt-python-api.xml: Manual impl
	  of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID
	* qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/
	  Fix get_nonnull_secret/make_nonnull_secret to use unsigned char
	* qemud/remote_protocol.x: Fix remote_nonnull_secret to use a
	  remote_uuid instead of remote_nonnull_string for UUID field.
	  Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to
	  REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an
	  remote_uuid  value
	* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
	  qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
	  qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
	* src/datatypes.h, src/datatypes.c: Store UUID in raw format instead
	  of printable. Change virGetSecret to use raw format UUID
	* src/driver.h: Rename virDrvSecretLookupByUUIDString to
	  virDrvSecretLookupByUUID and use raw format UUID
	* src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID
	  and re-implement virSecretLookupByUUIDString and
	  virSecretGetUUIDString in terms of those
	* src/libvirt_public.syms: Add virSecretLookupByUUID and
	  virSecretGetUUID
	* src/remote_internal.c: Rename remoteSecretLookupByUUIDString
	  to remoteSecretLookupByUUID. Fix typo in args for
	  remoteSecretDefineXML impl. Use raw UUID format for
	  get_nonnull_secret and make_nonnull_secret
	* src/storage_encryption_conf.c, src/storage_encryption_conf.h:
	  Storage UUID in raw format, and require it to be present in
	  XML. Use UUID parser to validate.
	* secret_conf.h, secret_conf.c: Generate a UUID if none is provided.
	  Storage UUID in raw format.
	* src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets
	  in a filed with printable UUID, instead of base64 UUID.
	* src/virsh.c: Adjust for changed public API contract of
	  virSecretGetUUIDString.
	* src/storage_Backend.c: DOn't undefine secret we just generated
	  upon successful volume creation. Fix to handle raw UUIDs. Generate
	  a non-clashing UUID
	* src/qemu_driver.c: Change to use lookupByUUID instead of
	  lookupByUUIDString

2009-09-14  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox bug when starting machine from old versions
	* src/vbox/vbox_tmpl.c: fix a bug where one can't start domains defined
	  with older builds or with empty "FRONTEND/Type" tag in their xml
	  files.

2009-09-14  Daniel P. Berrange  <berrange@redhat.com>

	Save vcpuinfo in status file
	* src/qemu_driver.c: Don't trust monitor for vcpu PID info on
	  restart
	* src/domain_conf.c: Save and load vCPU PID info from domain
	  status file

	Fix win32 platform build
	* configure.in: Only define WITH_SECRETS if libvirtd is present
	* src/Makefile.am: Only build secrets driver if WITH_SECRETS is
	  defined. Always add SECRET_DRIVER_SOURCES to EXTRA_DIST

	Restart libvirtd upon RPM upgrade
	* libvirt.spec.in: Restart libvirtd in %post

2009-09-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX cleanup of CPU model strings
	* src/esx/esx_driver.c: also strip (C) and (TM) from the CPU model
	  strings

	ESX avoid potential leaks
	* src/esx/esx_driver.c: reorder some function calls to avoid potential
	  virDomainPtr leaks

2009-09-14  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox 3.0.6 API change support
	* src/vbox/vbox_CAPI_v3_0.h: this includes minor API changes for VBox
	  3.0.6 released some days ago.

2009-09-11  Miloslav Trmač  <mitr@redhat.com>

	Add support for qcow encrypted volumes to qemu.
	Integrate with QEMU monitor to provide encryption passphrase when
	starting a guest using encrypted qcow volumes

	* src/qemu_driver.c (findDomainDiskEncryption,
	  findVolumeQcowPassphrase,
	  qemudMonitorSendVolumePassphrase, qemudMonitorSendCont): Send a volume
	  passphrase if qemu asks for it.

	Provide missing passphrase when creating a volume.
	If the <encryption format='qcow'> element does not specify a secret
	during volume creation, generate a suitable secret and add it to the
	<encryption> tag.  The caller can view the updated <encryption> tag
	using virStorageVolGetXMLDesc().

	Similarly, when <encryption format='default'/> is specified while
	creating a qcow or qcow2-formatted volume, change the format to "qcow"
	and generate a secret as described above.

	* src/storage_encryption_conf.h (VIR_STORAGE_QCOW_PASSPHRASE_SIZE,
	  virStorageGenerateQcowPasphrase),
	  src/storage_encryption_conf.c (virStorageGenerateQcowPasphrase),
	  src/libvirt_private.syms: Add virStorageGenerateQcowPasphrase().
	* src/storage_backend.c (virStoragegenerateQcowEncryption,
	  virStorageBackendCreateQemuImg): Generate a passphrase and
	  <encryption> when creating a qcow-formatted encrypted volume and the
	  user did not supply the information.

	Add virsh commands for secrets APIs
	* src/virsh.c: Add virsh commands.
	* docs/virsh.pod, virsh.1: Update documentation.

	Local file implementation of secret driver API
	This implementation stores the secrets in an unencrypted text file,
	for simplicity in implementation and debugging.

	(Symmetric encryption, e.g. using gpgme, will not be difficult to add.
	Because the TLS private key used by libvirtd is stored unencrypted,
	encrypting the secrets file does not currently provide much additional
	security.)

	* include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New
	  error number.
	* po/POTFILES.in, src/Makefile.am: Add secret_driver.
	* bootstrap: Use gnulib's base64 module.
	* src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms:
	  Add local secret driver.
	* qemud/qemud.c (qemudInitialize): Use the local secret driver.

	Add an internal <secret> XML handling API
	Add a <secret> XML handling API, separate from the local driver, to
	avoid manually generating XML in other parts of libvirt.

	* src/secret_conf.c, src/secret_conf.h: New files.
	* po/POTFILES.in, src/Makefile.am: Add secret_conf.

2009-09-10  Miloslav Trmač  <mitr@redhat.com>

	Mask out flags used internally for virSecretGetValue
	Add a VIR_SECRET_GET_VALUE_INTERNAL_CALL flag value, replacing the
	originally separate libvirt_internal_call parameter.  The flag is used
	to differentiate external virSecretGetValue() calls from internal calls
	by libvirt drivers that need to use the secret even if it is private.

	* src/libvirt_internal.h Remove VIR_DOMAIN_XML_FLAGS_MASK
	* src/driver.h Add VIR_SECRET_GET_VALUE_FLAGS_MASK constant and
	  VIR_SECRET_GET_VALUE_INTERNAL_CALL. Re-add the
	  VIR_DOMAIN_XML_FLAGS_MASK constant
	* src/libvirt.c (virSecretGetValue): Don't allow the user to specify
	  internal flags.

2009-09-10  Daniel P. Berrange  <berrange@redhat.com>

	Fix use of dlopen modules
	Remove the bogus dependancy between node_device.c & storage_backend.c
	by moving the virWaitForDevices into util.h where it can be shared
	safely

	* src/storage_backend_disk.c, src/storage_backend_logical.c,
	  src/storage_backend_mpath.c, src/storage_backend_scsi.c: Replace
	  virStorageBackendWaitForDevices with virFileWaitForDevices
	* src/storage_backend.c, src/storage_backend.h: Remove
	  virStorageBackendWaitForDevices, virWaitForDevices
	* src/util.h, src/util.c: Add virFileWaitForDevices
	* configure.in: Move xmlrpc check further down after pkgconfig
	  is detected
	* src/Makefile.am: Add missing XMLRPC_CFLAGS/LIBS to opennebula
	* src/libvirt_private.syms: Add many missing exports

2009-09-10  Miloslav Trmač  <mitr@redhat.com>

	Consolidate "cont" into qemudMonitorSendCont()
	The interface allows qemudMonitorSendCont() to report errors that are
	not overridden by its callers.

	Also fix a potential infinite loop in qemuDomainCoreDump() if sending
	cont repeatedly fails.

	* src/qemu_driver.c (qemudMonitorSendCont): New function.
	  (qemudAutostartConfigs): Reset error before each call to
	  qemudStartVMDaemon().
	  (qemudInitCpus, qemudDomainResume, qemudDomainCoreDump,
	  qemudDomainRestore, qemudDomainMigratePerform,
	  qemudDomainMigrateFinish2): Use qemudMonitorSendCont().

	Add <usage> to <secret> docs
	* docs/formatsecret.html.in, docs/formatsecret.html: Document <usage
	  type='volume'>, replacing stand-alone <volume>.
	* docs/schemas/secret.rng: Update schema to require <usage
	  type='volume'>

2009-09-10  Daniel P. Berrange  <berrange@redhat.com>

	Cleanup sec driver error reporting to use virReportSystemError
	* src/security_selinux.c: Use virReportSystemError whereever an
	  errno is involved
	* src/qemu_driver.c: Don't overwrite error message from the
	  security driver

	Support relabelling of USB and PCI devices
	* src/security.h: Driver API for relabelling host devices
	* src/security_selinux.c: Implement relabelling of PCI and USB
	  devices
	* src/qemu_driver.c: Relabel USB/PCI devices before hotplug

	Port QEMU driver to use USB/PCI device helpers
	* src/qemu_driver.c: Remove usbfs/sysfs iterator code and call
	  into generic helper APIs instead when setting device permissions

	Add helper APIs for iterating over PCI device resource files
	* src/pci.h, src/pci.c: Helper for iterating over PCI device
	  resource files
	* src/libvirt_private.syms: Export pciDeviceFileIterate

	Add helper module for dealing with USB host devices
	* src/Makefile.am: Add usb.h and usb.h to libvirt_util.la
	* src/libvirt_private.syms: Export symbols
	* src/usb.c, src/usb.h: Helper APIs for USB host devices

	Fix more OOM handling bugs
	* src/qemu_conf.c: Fix leak of values upon OOM
	* src/xend_internal.c: Fix missing check for OOM failure
	* tests/qemuargv2xmltest.c, tests/qemuxml2argvtest.c: Free
	  stateDir upon exit to avoid leak

	Fix logging buffer overrun read
	* src/logging.c: Fix buffer offset in logging read

	Fix misc thread locking bugs / bogus warnings
	Fix all thread locking bugs reported by object-locking test
	case.

	NB, some of the driver locking is getting too coarse. Driver
	mutexes really need to be turned into RW locks instead to
	significantly increase concurrency.

	* src/lxc_driver.c: Fix useof driver when unlocked in the methods
	  lxcDomainGetInfo, lxcSetSchedulerParameters, and
	  lxcGetSchedulerParameters
	* src/opennebula/one_driver.c: Fix missing unlock in oneDomainUndefine.
	  Fix use of driver when unlocked in oneDomainGetInfo,
	  oneGetOSType, oneDomainShutdown
	* src/qemu_driver.c: Fix use of driver when unlocked in
	  qemudDomainSavem, qemuGetSchedulerType, qemuSetSchedulerParameters
	  and qemuGetSchedulerParameters
	* src/storage_driver.c: Re-work storagePoolCreate to avoid bogus
	  lock checking warning. Re-work storageVolumeCreateXMLFrom to
	  remove a potential NULL de-reference & avoid bogus lock check
	  warnings
	* src/test.c: Remove testDomainAssignDef since it break lock chekc
	  warnings.
	* tests/object-locking.ml: Add oneDriverLock, oneDriverUnlock
	  and one_driver_t methods/types to allow lock checking on the
	   OpenNebula drivers

2009-09-10  Mark McLoughlin  <markmc@redhat.com>

	Test that domain-specific qemu machine types are used correctly
	* tests/testutilsqemu.c: add a machine types list for /usr/bin/kvm
	  which doesn't have any aliases, while the guest has aliases

	* tests/qemuxml2argvdata/qemuxml2argv-machine-aliases2.*,
	  tests/qemuxml2argvtest.c: add a test using /usr/bin/kvm and make
	  sure that 'pc' machine type doesn't get canonicalized using the
	  aliases in the guest machine type list

	Simplify and fix qemudCanonicalizeMachine()
	The algorithm is quite simple:

	  If the emulator matches a guest's domain:
	    if domain has machine type info:
	      check the domain's machine type info
	    else
	      check the guest's default machine type info
	  else if the emulator matches the guest's default emulator:
	     check the guest's default machine type info

	The previous implementation was incorrectly falling back to the default
	machine type info if the domain's machine type info didn't have an
	alias.

	* src/qemu_driver.c: simplify and fix qemudCanonicalizeMachine()

	Probe machine types from kvm binary too
	Currently we only probe the main qemu binary for machine types, but we
	should also probe the kvm binary.

	* src/qemu_conf.c: probe kvm binary machines in qemudCapsInitGuest()

	Look up machine types from all domains in qemudGetOldMachines()
	Rather than just looking at the default domain info, look at all
	domains

	* src/qemu_conf.c: look at all domains in qemudGetOldMachines()

	Split up qemudGetOldMachines()
	We need to look at all the domain infos in guest capabilities, not
	just the defaults.

	In order to allow that, split out a qemudGetOldMachinesFromInfo()
	from qemudGetOldMachines(). We'll make more use of it in the next
	patch.

	* src/qemu_conf.c: split out qemudGetOldMachinesFromInfo() from
	  qemudGetOldMachines()

	Test qemu machine aliases
	* tests/testutilsqemu.c: make 'pc' an alias for qemu-system-x86_64

	* tests/qemuxml2argvdata/qemuxml2argv-machine-aliases1.*,
	  tests/qemuxml2argvtest.c: add a test which uses qemu-system-x86_64
	  and make sure the machine type is canonicalized.

	Re-factor qemu test machine allocation code
	* test/testutilsqemu.c: split out code to testQemuAllocMachines()
	  and make use of the ARRAY_CARDINALITY macro

	Canonicalize the qemu machine type in qemuxml2argvtest
	This doesn't have any affect on the current tests because we don't have
	any machine aliases in the current test data.

	* src/qemu_conf.h, src/qemu_driver.c: expose qemudCanonicalizeMachine()
	  for the tests

	* tests/qemuxml2argvtest.c: canonicalize the machine type

	Dump qemu driver capabilities if test debugging enabled
	* src/testutils.[ch]: make testDebug externally available

	* src/testutilsqemu.c: if VIR_TEST_DEBUG is set, dump the qemu
	  driver capabilities to stderr

	Fix formatting of machine types in capabilities XML
	* src/capabilities.c: fix machine type formatting in
	  virCapabilitiesFormatXML()

	Add qemu -help test data for qemu-kvm-0.11.0-rc2
	* tests/qemuhelpdata/qemu-kvm-0.11.0-rc2: add data

	* tests/qemuhelptest.c: add expected output

	Add a more featureful qemu capabilities test data
	Things added include

	  - x86_64 host
	  - Migration features
	  - NUMA topology
	  - Security model
	  - Canonical machine types
	  - Domain machine types
	  - An arm guest
	  - More machine types for mips, mipsel, sparc and ppc
	  - An x86_64 xenner guest

	This file was generated on a Fedora 12 machine using latest libvirt
	and qemu-kvm-0.11.0-rc2

	* tests/capabilityschemadata/caps-qemu-kvm.xml: add more features
	  to test

	Add arm arch to capabilities schema
	* docs/schemas/capabilities.rng: add arm and sort arches

	Update capabilities schema to allow multiple machines per domain
	* docs/schemas/capabilities.rng: allow multiple machines per domain
	  just like they are allowed for guests

	Add esx and tcp migration uri transports to capabilities schema
	* docs/schemas/capabilities.rng: include esx and tcp uri_transport

2009-09-10  Chris Lalancette  <clalance@redhat.com>

	Fix regression from "Avoid polling on FDs with no events"
	After the mentioned patch was applied, I noticed that
	shutting down a kvm guest from inside (i.e. poweroff) caused
	the guest to shutdown, but not removed from the list of
	active guests.  DanB pointed out that the problem is that
	the virEventAddHandle() call in the qemu driver was asking
	to watch for 0 events, not HANGUP | ERROR as it should.  Add
	these events so that shutdown works again.

2009-09-10  Jim Meyering  <meyering@redhat.com>

	qemu_driver.c: factor out more duplication
	* src/qemu_driver.c (qemudDomainRestore): Use the new ...TypeToString
	function here, too.

2009-09-10  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Close logfile fd after spawning qemu
	* src/qemu_driver.c: avoid a leak of file descriptor when exec'ing qemu

2009-09-10  Charles Duffy  <charles@dyfis.net>

	Reintroduce support for lzop compression
	lzop was removed due to some confusion over whether it provided functional
	advantages distinct from xz. This has been addressed in the mailing list post
	archived at http://permalink.gmane.org/gmane.comp.emulators.libvirt/16487, and
	support for lzop is re-added here.

	* libvirt.spec.in: add dependancy on lzop
	* src/qemu.conf: update documentation of save_image_format
	* src/qemu_driver.c: re-add lzop compression option

2009-09-09  Daniel Veillard  <veillard@redhat.com>

	Deprecate lzma and lzop in favor of xz, add dep
	* src/qemu_driver.c: drop lzma and lzop images compression options
	  as they are deprecated by xz
	* libvirt.spec.in: add requires for xz/bzip2/gzip as they are needed
	  to implement the compression options

2009-09-09  Maximilian Wilhelm  <max@rfc2324.org>

	Check for libssh2 >= 1.0 for phy driver
	* configure.in: phyp driver uses libssh2_session_block_directions()
	  which is only available in libssh2 >= 1.0, so check for this symbol
	  too when configuring

2009-09-09  Jim Meyering  <meyering@redhat.com>

	qemu_driver.c: factor out duplication in compression-type handling
	* src/qemu_driver.c (QEMUD_SAVE_FORMAT_LAST): Define.
	(qemudSaveCompressionTypeFromString): Declare.
	(qemudSaveCompressionTypeToString): Declare.
	(qemudDomainSave): Use those functions rather than open-coding them.
	Use "cat >> '%s' ..." in place of equivalent
	"dd of='%s' oflag=append conv=notrunc ...".

	also allow use of XZ for Qemu image compression
	* src/qemu_driver.c (enum qemud_save_formats) [QEMUD_SAVE_FORMAT_XZ]:
	New member.
	[QEMUD_SAVE_FORMAT_LZMA]: Mark as deprecated.
	Use an explicit value for each member.
	(qemudDomainSave, qemudDomainRestore): Handle the new member.
	* src/qemu.conf: Mention xz, too.

	openvz_conf.c: remove dead store to "p"; use strchrnul
	* src/openvz_conf.c (openvzReadNetworkConf): Replace open-coded
	while loop with equivalent use of strchrnul.
	* bootstrap (modules): Add strchrnul.

	build: update gnulib submodule to latest

2009-09-08  Daniel Veillard  <veillard@redhat.com>

	Remove some tabs used for indent

2009-09-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	Avoid another leak in src/xend_internal.c
	* src/xend_internal.c: in xenDaemonLookupByID() if virGetDomain fails
	  free up the name

2009-09-08  Daniel Veillard  <veillard@redhat.com>

	Updated a number of localizations and regenerated

	Add flags and requires for Multipath storage
	* libvirt.spec.in: the new multipath module requires device-mapper
	  and device-mapper-devel for build

2009-09-08  Dave Allan  <dallan@redhat.com>

	Multipath storage support module
	* configure.in src/Makefile.am src/storage_backend.[ch]
	  src/storage_conf.[ch] src/storage_backend_mpath.[ch] po/POTFILES.in:
	  add a new module for storage multipath, it requires device-mapper

2009-09-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	Avoid a leak in xenDaemonLookupByID
	* src/xend_internal.c: free name in xenDaemonLookupByID() if
	  virGetDomain() fails

2009-09-08  Miloslav Trmač  <mitr@redhat.com>

	Add a missing comment
	* src/libvirt_private.syms: Add a missing comment for
	  storage_encryption_conf.h entries

	Fix a pasto in storage_encryption_conf.c
	* src/storage_encryption_conf.c: small typo fix in top comment

2009-09-08  Jim Meyering  <meyering@redhat.com>

	xm_internal.c: remove four useless comparisons after strchr
	* src/xm_internal.c (xenXMDomainConfigParse): After t=strchr...
	don't test *t; it's known.  This was *not* detected by clang,
	but I spotted it since once instance was in the vicinity of the
	dead increment of "data".

	xm_internal.c: remove dead increment of "data"
	* src/xm_internal.c (xenXMDomainConfigParse): Don't increment it.

	network_driver.c: remove dead store to "err"
	* src/network_driver.c (networkSetAutostart): ...and its decl.

	iptables.c: remove dead store to "s"
	* src/iptables.c (iptablesAddRemoveRule): Remove dead store.

	util.c: avoid dead store to "flag"
	* src/util.c (virExecDaemonize): Change flag |= VAR to "flag | VAR".

	domain_conf.c: remove two dead stores
	* src/domain_conf.c (virDomainSaveXML): Remove use and decl of "err".
	(virDomainDefParseXML): Likewise.

	xm_internal.c: remove two ret=... dead stores
	* src/xm_internal.c (xenXMDomainCreate): Remove dead stores.

	xm_internal.c: remove dead stores of local, "type"
	* src/xm_internal.c (xenXMDomainConfigParse): Remove declaration
	and useless containing if-block, too.

2009-09-07  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox fix minor bugs in display and added OOM checks
	* src/vbox/vbox_tmpl.c: minor bug in selecting the graphics type. if the
	  graphics type was desktop it was assumed that display is set for it,
	  and thus crashed on strdup. Also adds a number of missing OOM checks.

2009-09-07  Jim Meyering  <meyering@redhat.com>

	network_conf.c: remove dead store to "err"
	* src/network_conf.c (virNetworkDefParseXML): ...and its decl.

	openvz_driver.c: avoid dead store to "err"
	* src/openvz_driver.c (openvzGenerateContainerVethName): Remove use
	and decl of "err".

	xend_internal.c: Remove two dead stores to "ret"
	* src/xend_internal.c (xenDaemonCreateXML): Don't set "ret" after
	last use.

	storage_driver.c: remove two dead stores to "backend"
	* src/storage_driver.c (storagePoolGetInfo, storagePoolDefine):
	Remove variable, backend, since its value was never used.

2009-09-07  Daniel Veillard  <veillard@redhat.com>

	Merge branch 'tmp'

2009-09-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	Some close/fclose/closedir calls are missing
	* src/openvz_conf.c src/qemu_driver.c src/storage_backend_scsi.c
	  src/xen_inotify.c: closes various file descriptors leaks

2009-09-05  Jim Meyering  <meyering@redhat.com>

	lxc_container.c: avoid a leak on error paths
	* src/lxc_container.c (lxcContainerMountBasicFS): Don't leak upon failure.
	Add "cleanup:" label and change each post-allocation failure to
	use "goto cleanup" rather than returning immediately.

	qemu_conf.c: add a comment suggesting why we leave a dead-store
	* src/qemu_conf.c (qemuBuildHostNetStr): Do not remove the type_sep=','
	dead store, since not having it would be a problem if we ever add a
	new attribute=VAL option.

	hash.c: remove a dead store
	* src/hash.c (virHashFree): Remove useless assignment to inside_table.

	interface_conf.c: remove a dead-store and declaration
	* src/interface_conf.c (virInterfaceDefParseDhcp): Remove unused "old".

	eventtest.c: detect write failure and avoid dead stores
	* tests/eventtest.c (mymain): Exit nonzero upon write failure.
	This also avoids several dead stores of the form ret = safewrite...

	openvz_conf.c: Remove dead store to copy_fd
	* src/openvz_conf.c (openvz_copyfile): Remove unused assignment.

	storage_backend_logical.c: appease clang: remove useless increment
	* src/storage_backend_logical.c (virStorageBackendLogicalBuildPool):
	Don't increment "n" when we won't use the result.

2009-09-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX raise error if UUID parse failed
	* src/esx/esx_util.c: let esxUtil_GetConfigUUID() report an error if
	  virUUIDParse() fails

	ESX add domain undefine based on esxVI_UnregisterVM
	* src/esx/esx_driver.c: add esxDomainUndefine() based on
	  esxVI_UnregisterVM()
	* src/esx/esx_vi_methods.[ch]: add esxVI_UnregisterVM()

	ESX add esxGetCapabilities() with basic defaults
	* src/esx/esx_driver.c: add esxCapsInit() with default caps and add
	  esxGetCapabilities()

	ESX simplify SOAP request and response handling
	* src/esx/esx_vi.[ch]: convert esxVI_RemoteRequest_Execute() to a
	  simpler esxVI_Context_Execute() version, remove esxVI_RemoteRequest
	  and convert esxVI_RemoteResponse to esxVI_Response
	* src/esx/esx_vi_methods.c: update and simplify callers to use
	  esxVI_Context_Execute() instead of esxVI_RemoteRequest_Execute()

	ESX use virXPathNode*() to simplify XPath handling
	* src/esx/esx_vi.[ch]: use virXPathNode*() in
	  esxVI_RemoteRequest_Execute() and remove
	  esxVI_RemoteResponse_DeserializeXPathObject*()
	* src/esx/esx_vi_methods.c: update callers to use the new syntax of
	  esxVI_RemoteRequest_Execute()

	ESX: make esxVI_GetVirtualMachineIdentity() robust
	* src/esx/esx_driver.c: add configStatus to the requested properties
	  to check it in esxVI_GetVirtualMachineIdentity()
	* src/esx/esx_vi.[ch]: add esxVI_GetManagedEntityStatus()
	  and use it in esxVI_GetVirtualMachineIdentity()
	* src/esx/esx_vi_types.[ch]: add VI type esxVI_ManagedEntityStatus

2009-09-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX: Fix VMX path parsing and URL encoding
	* src/esx/esx_driver.c: handle spaces in VMX file path and use a
	  virBuffer to encode spaces correctly in the resulting URL
	* src/esx/esx_vi.c: include the URL in the error message in case
	  of a download error

2009-09-04  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox add Storage Volume support
	* src/vbox/vbox_driver.c src/vbox/vbox_tmpl.c: adds the driver for
	  storage volumes

2009-09-04  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Fix several memory leaks
	* src/domain_conf.c src/network_conf.c src/qemu_conf.c
	  src/storage_backend_fs.c: various problems spotted by valgrind
	  through libvirt code

2009-09-04  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox driver cleanups
	* src/vbox/vbox_tmpl.c: a bit of cleanup

2009-09-04  Laine Stump  <laine@laine.org>

	Minor comment changes
	* src/libvirt.c: fix some minor grammer (and one other) nits in comments
	  that end up in generated API reference documentation

	Fix a memory leak in virsh
	* src/virsh.c: cmdNodeDeviceDumpXML wasn't freeing
	  virNodeDeviceGetXMLDesc() return string

2009-09-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix ID field in virDomainPtr after starting Xen VM
	* src/xend_internal.c: Lookup guest after starting persistent
	  config in order to refresh the domain ID field

2009-09-04  Daniel Veillard  <veillard@redhat.com>

	PHYP driver cleanups
	* libvirt.spec.in: activate phyp and fix the BuildDep to libssh2-devel
	* src/phyp/phyp_driver.c: fix a debug macro to use the normal logging API

2009-09-04  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	Switch Power Hypervisor to libssh2
	* configure.in src/Makefile.am: change detection and flags
	* src/phyp/phyp_driver.c src/phyp/phyp_driver.h: connection now
	  need to be done as part of the driver code, cleaned up by DV

2009-09-04  Chris Lalancette  <clalance@redhat.com>

	Allow libvirtd to RPC to external libvirtd
	* src/remote_internal.c: in remoteOpen() allow the daemon itself to make
	  RPCs to an external libvirtd, but only if the URI is fully specified.

2009-09-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix memory leak of monitor character device
	* src/qemu_driver.c: Free the vm->monitor_chr field at VM shutdown.
	  Unlink the UNIX domain socket at VM shutdown to avoid littering
	  FS with old sockets

	Automatically set correct ownership of QEMU state directories
	* src/qemu_driver.c: Change ownership of /var/{lib,cache}/libvirt/qemu
	  to match user/group that QEMU VMs are configured to run as.

	Move QEMU monitor socket in /var/lib/libvirt/qemu
	Separate the guest created QEMU monitor socket location
	from the libvirtd create XML / PID data files, to improve
	security separation when running QEMU non-root

	* libvirt.spec.in: Leave /var/run/libvirt/qemu as root:root
	* src/qemu_conf.h: Add libDir and cacheDir directory paths
	* src/qemu_driver.c: Move QEMU monitor socket from
	  stateDir to libDir to avoid making security critical directory
	  accessible to QEMU guests.
	* src/util.c: Delay running hook till after damonizing to
	  ensure pidfile is still written before changing UID/GID

	Avoid polling on FDs with no events enabled
	If a file descriptor with events=0 was added to the libvirtd
	event loop, it would still be added to the poll() fds' array.
	While it wouldn't see any POLLIN/OUT events, it'd still get
	triggered for HANGUP/ERROR events which was not in compliance
	with the libvirt events API contract.

	* qemud/event.c: Don't poll on FDs with events=0
	* tests/eventtest.c: Add test case to validate fix to event.c

2009-09-04  Jim Meyering  <meyering@redhat.com>

	xen_internal.c: remove two unused local variables
	* src/xen_internal.c (xenHypervisorSetSchedulerParameters): Remove
	set-but-never-used local variables, cap_set and weight_set.

2009-09-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx_vi: return -1 upon failure, as intended
	* src/esx/esx_vi.c (esxVI_Enumeration_Deserialize): Fix
	reversed goto and result=-1 statements.

2009-09-04  Jim Meyering  <meyering@redhat.com>

	python: let libvirt_virConnectDomainEventCallback indicate success
	* python/libvir.c (libvirt_virConnectDomainEventCallback): Return 0
	when successful, rather than always returning -1.
	clang flagged this function for its dead-store of "ret=0".
	Once "ret" was set to 0, it was never used, and
	the function would always return -1.

	mdns.c: remove dead initialization
	* qemud/mdns.c (libvirtd_mdns_client_callback): Remove dead
	initialization.

	node_device_conf.c: remove dead initialization
	* src/node_device_conf.c (virNodeDeviceDefFormat): Remove dead
	initialization.

	openvz_conf.c: don't use undefined local, "net"
	* src/openvz_conf.c (openvzReadNetworkConf): Initialize "net".
	Otherwise, upon openvzRead... failure, we would "goto error;"
	where an uninitialized "net" could be dereferenced.

	test.c: don't use undefined local, "def"
	* src/test.c (testOpenVolumesForPool): Upon early virAsprintf or
	virXPathNodeSet failure, "goto error" would take us to
	virStorageVolDefFree(def), but with "def" not defined.
	Initialize it to NULL.

	uml_conf.c: don't return an uninitialized pointer
	* src/uml_conf.c (umlBuildCommandLineChr): Initialize "ret".

	storage_backend.c: assure clang that inputvol can't be NULL
	* src/storage_backend.c: Include "internal.h".
	(virStorageBackendCopyToFD): Mark inputvol parameter as "nonnull".
	Remove test for non-NULL inputvol.  Both callers ensure it's non-NULL.

	libvir.c: avoid NULL dereference in virStoragePoolSetAutostart
	* src/libvirt.c (virStoragePoolSetAutostart): Return -1 if the pool
	argument is invalid, rather than "goto error" where we could dereference
	that possibly-NULL "pool".
	(virConnectFindStoragePoolSources): Likewise.
	(virConnectNumOfDomains): Likewise.
	Daniel P. Berrange spotted that the two latter functions
	needed the same treatment.

	remote_internal.c: appease clang
	* src/remote_internal.c (remoteNetworkOpen): Mark "conn" parameter
	as non-NULL.  Remove now-unnecessary "conn == NULL" test.
	(remoteDevMonOpen): Likewise.
	(remoteSecretOpen): Likewise.
	(remoteStorageOpen): Likewise.
	(remoteInterfaceOpen): Likewise.

	infra: define ATTRIBUTE_NONNULL to mark non-NULL parameters
	* src/internal.h (ATTRIBUTE_NONNULL): Define.

	lxc: don't unlink(NULL) in main
	* src/lxc_controller.c (main): Unlink sockpath only if it's non-NULL.

	lxc: avoid NULL dereference upon getmntent failure
	* src/lxc_container.c (lxcContainerUnmountOldFS): Don't pass
	a NULL pointer to qsort.

	storage_conf.c: avoid overflow upon use of "z" or "Z" (zebi) suffix
	* src/storage_conf.c (virStorageSize): Don't try to compute 1024^7,
	since it's too large for a 64-bit type.

	storage_backend_fs: avoid NULL dereference on opendir failure
	* src/storage_backend_fs.c (virStorageBackendFileSystemRefresh):
	Don't call closedir on a NULL pointer.

2009-09-03  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox cleanup and update of networking shutdown
	* src/vbox/vbox_tmpl.c: merged vboxNetworkUndefine() and
	  vboxNetworkDestroy() and added code to handle multiple hostonly
	  interfaces.

	VBox cleanup and update of networking XML functions
	* src/vbox/vbox_tmpl.c: merged vboxNetworkCreateXML() and
	  vboxNetworkDefineXML() and added code to handle multiple hostonly
	  interfaces.

2009-09-03  Daniel P. Berrange  <berrange@redhat.com>

	Add support for setting disk drive serial numbers
	* docs/schemas/domain.rng: Add <serial> element to disks
	* src/domain_conf.h, src/domain_conf.c: XML parsing and
	  formatting for disk serial numbers
	* src/qemu_conf.c: Set serial number when launching guests
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-shared.args,
	  tests/qemuxml2argvdata/qemuxml2argv-disk-drive-shared.xml: Add
	  serial number to XML test

	Support configuration of huge pages in guests
	Add option to domain XML for

	     <memoryBacking>
	        <hugepages/>
	     </memoryBacking>

	* configure.in: Add check for mntent.h
	* qemud/libvirtd_qemu.aug, qemud/test_libvirtd_qemu.aug, src/qemu.conf
	  Add 'hugetlbfs_mount' config parameter
	* src/qemu_conf.c, src/qemu_conf.h: Check for -mem-path flag in QEMU,
	  and pass it when hugepages are requested.
	  Load hugetlbfs_mount config parameter, search for mount if not given.
	* src/qemu_driver.c: Free hugetlbfs_mount/path parameter in driver shutdown.
	  Create directory for QEMU hugepage usage, chowning if required.
	* docs/formatdomain.html.in: Document memoryBacking/hugepages elements
	* docs/schemas/domain.rng: Add memoryBacking/hugepages elements to schema
	* src/util.c, src/util.h, src/libvirt_private.syms: Add virFileFindMountPoint
	  helper API
	* tests/qemuhelptest.c: Add -mem-path constants
	* tests/qemuxml2argvtest.c, tests/qemuxml2xmltest.c: Add tests for hugepage
	  handling
	* tests/qemuxml2argvdata/qemuxml2argv-hugepages.xml,
	  tests/qemuxml2argvdata/qemuxml2argv-hugepages.args: Data files for
	  hugepage tests

	Fix misc OOM bugs
	* tests/testutils.c: Run test function twice, once to prime it for
	  static allocations, once to count the non-static allocations.
	* tests/testutilsqemu.c: Initialize variable correctl
	* src/capabilities.c: Don't free machines variable upon failure
	  since caller must do that
	* src/xm_internal.c: Add missing check for OOM in building VIF
	  config param

2009-09-03  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox support for defining/dumping video devices
	* src/vbox/vbox_tmpl.c: add setting of video and acceleration in
	  VBox driver, and the ability to save this back for serialization

	Generic parsing support for video acceleration
	* docs/schemas/domain.rng: augment the video model with an optional
	  acceleration element with optional accel2d and accel3d flags
	* src/domain_conf.c src/domain_conf.h: exten the virDomainVideoDef
	  structure with an optional accel field, virDomainVideoAccelDefParseXML
	  and virDomainVideoAccelDefFormat functions to parse and serialize
	  the structure.

2009-09-02  Chris Lalancette  <clalance@redhat.com>

	Fix bugs in virDomainMigrate v2 code.
	Paolo Bonzini points out that in my refactoring of the code for
	virDomainMigrate(), I added a check for the return value from
	virDomainMigratePerform().  The problem is that we don't want to
	exit if we fail, we actually want to go on and do
	virDomainMigrateFinish2() with a non-0 return code to clean things
	up.  Remove the check.

	While reproducing this issue, I also noticed that we wouldn't
	always properly propagate an error message.  In particular, I
	found that if you blocked off the migration ports (with iptables)
	and then tried the migration, it would actually fail but we would
	get no failure output from Qemu.  Therefore, we would think we
	succeeded, and leave a huge mess behind us.  Execute the monitor
	command "info migrate", and look for a failure string in there
	as well.

2009-09-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	VMware ESX: Don't warn on some query parameter
	* src/esx/esx_util.c: esxUtil_ParseQuery() warns if a known query
	  parameter should be ignored due to the corresponding char/int pointer
	  being NULL, instead of silently ignoring it. Fix the control flow.

	VMware ESX: Allow ethernet address type 'vpx'
	* src/esx/esx_vmx.c: add an extra type of addressType beside 'static'
	  and 'generated', 'vpx' indicates that the MAC address was generated
	  by a vCenter.

2009-09-02  Daniel P. Berrange  <berrange@redhat.com>

	Don't blindly reorder disk drives
	Calling qsort() on the disks array causes disk to be
	unneccessarily re-ordered, potentially breaking the
	ability to boot if the boot disk gets moved later in
	the list. The new algorithm will insert a new disk as
	far to the end of the list as possible, while being
	ordered correctly wrt other disks on the same bus.

	* src/domain_conf.c, src/domain_conf.h: Remove disk sorting
	  routines. Add API to insert a disk into existing list at
	  the optimal position, without resorting disks
	* src/libvirt_private.syms: Export virDomainDiskInsert
	* src/xend_internal.c, src/xm_internal.c: Remove calls to
	  qsort, use virDomainDiskInsert instead.
	* src/qemu_driver.c: Remove calls to qsort, use virDoaminDiskInsert
	  instead. Fix reordering bugs when hotunplugging disks and
	  networks. Fix memory leak in disk/net unplug

2009-09-02  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	Support for getting/setting number of cpus in VBox
	* src/vbox/vbox_tmpl.c: adds support for getting/setting number of cpus

2009-09-02  Daniel P. Berrange  <berrange@redhat.com>

	Misc fixes to secrets API code
	* proxy/Makefile.am: Build storage_encryption_conf.c since its a
	  dependancy of domain_conf.c
	* src/storage_encryption_conf.c: Disable XML parsing APis when
	  build under proxy
	* src/test.c: Add a dummy no-op secrets driver for test suite

	Only add glusterfs dep for Fedora >= 11
	* libvirt.spec.in: Conditionalize glusterfs requires line for
	  Fedora >= 11, since other distros don't have it available

	Remove redundant base64 include file
	* src/storage_encryption_conf.c: Remove base64.h

	Add Miloslav Trmač to AUTHORS file

2009-09-02  Miloslav Trmač  <mitr@redhat.com>

	Make handling of monitor prompts more general.
	* src/qemu_driver.c: Support arbitrary callbacks for "secondary
	  prompts".  Reimplement qemudMonitorCommandExtra using such a
	  callback.

	Don't assume buffered output echoes the command.
	The if ((nlptr...)) implicitly assumes commptr != NULL (and that "buf"
	starts with "cmd").  Make the assumption explicit, it will be broken in
	a future patch.

	* src/qemu_driver.c: Don't assume buffered monitor output echoes the
	  command.

	Attach encryption information to virDomainDiskDef.
	The XML allows <encryption format='unencrypted'/>, this implementation
	canonicalizes the internal representation so that "disk->encryption" is
	non-NULL iff encryption information is available.

	A domain with partial encryption information can be defined,
	completeness of the information is not verified.  The domain won't
	start until the remaining information is added, of course.

	* docs/formatdomain.html, docs/formatdomain.html.in: Document
	  new encryption options for disks
	* docs/schemas/domain.rng: Pull in storage encryption schema
	  rules
	* src/domain_conf.h, src/domain_conf.c: Wire up storage encryption
	  XML parsing/formatting APIs

	Add support for encrypted (qcow) volume creation.
	Supports only virStorageVolCreateXML, not virStorageVolCreateXMLFrom.

	Curiously, qemu-img does not need the passphrase for anything to create
	an encrypted volume.  This implementation thus does not need to touch
	any secrets to work with cooperating clients.  More generic passphrase
	handling is added in the next patch.

	* src/storage_backend.c: Request encryption when creating qcow/qcow2
	  files
	* src/storage_backend_disk.c, src/storage_backend_fs.c,
	  src/storage_backend_logical.c: Refuse to create volumes with
	  encryption params set.

	Recognize encryption format of qcow volumes.
	(The implementation is not very generic, but that can be very
	easily rectified if/when new encryption formats appear.)

	* src/storage_backend_fs.c: Probe for qcow/qcow2 encryption
	  algorithm field

	Attach encryption information to virStorageVolDef.
	The XML allows <encryption format='unencrypted'/>, this implementation
	canonicalizes the internal representation so that "vol->encryption" is
	non-NULL iff the volume is encrypted.

	Note that partial encryption information (e.g. specifying an encryption
	format, but not the key/passphrase) is valid, libvirt will automatically
	choose value for the missing information during volume creation.  The
	user can read the volume XML, and use the unmodified <encryption> tag in
	future operations (without having to be able to understand) its contents.

	* docs/formatstorage.html, docs/formatstorage.html.in: Document
	  storage volume encryption options
	* src/storage_conf.c, src/storage_conf.h: Hook up storage
	  encryption XML handling
	* tests/storagevolschemadata/vol-qcow2.xml: Test case for encryption
	  schema changes

	Add volume encryption information handling.
	Define an <encryption> tag specifying volume encryption format and
	format-depenedent parameters (e.g. passphrase, cipher name, key
	length, key).

	Currently the only defined parameter is a reference to a "secret"
	(passphrase/key) managed using the virSecret* API.

	Only the qcow/qcow2 encryption format, and a "default" format used to
	let libvirt choose the format during volume creation, is currently
	supported.

	This patch does not add any users; the <encryption> tag is added in
	the following patches to both volumes (to support encrypted volume
	creation) and domains.

	* docs/*.html: Re-generate
	* docs/formatstorageencryption.html.in, docs/sitemap.html.in:
	  Add page describing storage encryption data format
	* docs/schemas/Makefile.am, docs/schemas/storageencryption.rng:
	  Add RNG schema for storage encryption format
	* po/POTFILES.in: Add src/storage_encryption_conf.c
	* src/libvirt_private.syms: Export virStorageEncryption* functions
	* src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal
	  helper APIs for dealing with storage encryption format
	* libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng
	  RNG schema

	Secret manipulation API docs refresh & wire up python generator
	Sample session:

	>>> import libvirt
	>>> c = libvirt.open('qemu:///session')

	>>> c.listSecrets()
	['12247729-47d2-a783-88ce-b329d4781cd3', 'reee', 'abc']

	>>> s = c.secretDefineXML("<secret ephemeral='no' private='no'>\n<description>Something for use</description>\n<volume>/foo/bar</volume>\n</secret>\n")

	>>> s.UUIDString()
	'340c2dfb-811b-eda8-da9e-25ccd7bfd650'

	>>> s.XMLDesc()
	"<secret ephemeral='no' private='no'>\n  <uuid>340c2dfb-811b-eda8-da9e-25ccd7bfd650</uuid>\n  <description>Something for use</description>\n  <volume>/foo/bar</volume>\n</secret>\n"

	>>> s.setValue('abc\0xx\xffx')
	0

	>>> s.value()
	'abc\x00xx\xffx'

	>>> s.undefine()
	0

	* python/generator.py: Add rules for virSecret APIs
	* python/libvir.c, python/libvirt-python-api.xml: Manual impl of
	  virSecretSetValue, virSecretGetValue$ and virConnectListSecrets APIs
	* python/libvirt_wrap.h, python/types.c: Wrapper for virSecret objects
	* docs/libvirt-api.xml, docs/libvirt-refs.xml,
	  docs/html/libvirt-virterror.html, docs/html/libvirt-libvirt.html,
	  docs/devhelp/libvirt-virterror.html, docs/devhelp/libvirt-libvirt.html:
	  Re-generate with 'make api'

	Secret manipulation remote client
	* src/remote_internal.c: Implement client binding for new secrets
	  APIs
	* src/datatypes.h: Add 'void *secretPrivateData' to virConnectPtr
	  struct

	Secret manipulation libvirtd wire protocol & remote dispatcher
	* qemud/remote_protocol.x: Define wire protocol for secrets public
	  APIs
	* qemud/remote_protocol.h, qemud/remote_protocol.c,
	  qemud/remote_dispatch_table.h, qemud/remote_dispatch_ret.h,
	  qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_args.h:
	  Re-generate from updated protocol definition
	* qemud/remote.c: Implement RPC dispatchers for new secrets APIs

	Secret manipulation public API implementation
	* include/libvirt/virterror.h, src/virterror.c: Add VIR_ERR_INVALID_SECRET
	  and VIR_FROM_SECRET
	* src/libvirt.c: Define stubs for every new public API

	Secret manipulation internal API
	* include/libvirt/virterror.h, src/virterror.c: Add VIR_WAR_NO_SECRET
	* src/libvirt_private.syms, src/datatypes.h, src/datatypes.c: Type
	  virSecret struct definition and helper APIs
	* src/driver.h: Sub-driver API definitions for secrets
	* src/libvirt.c: Define new sub-driver for secrets

	Secret manipulation public API
	This patch adds a "secret" as a separately managed object, using a
	special-purpose API to transfer the secret values between nodes and
	libvirt users.

	* docs/schemas/secret.rng, docs/schemas/Makefilem.am: Add new
	  schema for virSecret objects
	* docs/*html: Re-generated
	* docs/formatsecret.html.in, docs/sitemap.html.in: Add page
	  describing the virSecret XML schema
	* include/libvirt/libvirt.h.in: Define the new virSecret public
	  API
	* src/libvirt_public.syms: Export symbols for new public APIs
	* mingw32-libvirt.spec.in, libvirt.spec.in: Add secret.rng to
	  files list

2009-09-01  Daniel Veillard  <veillard@redhat.com>

	Update chinese, polish and spanish localizations
	* po/*: and update the po set

2009-09-01  Charles Duffy  <charles@dyfis.net>

	support lzop save compression for qemu
	Per prior discussion -- this was, indeed, trivial.

	I'm a little disappointed to be breaking the ordering characteristics of
	the enum (as it had been ordered by increasing time requirements and
	decreasing output size), but breaking any save files with the old
	constants in the headers would of course be worse.

	>From 2a9cdcfc88de091a8d34aa3fc3b1208d7681790e Mon Sep 17 00:00:00 2001
	From: Charles Duffy <Charles_Duffy@dell.com>
	Date: Fri, 28 Aug 2009 11:49:54 -0500
	Subject: [PATCH] support lzop save compression for qemu

	One of the larger disincentives towards use of compression for migrated-out save
	files is performance impact. This patch adds support for lzop; CPU time for
	compression is about 5x faster than gzip (the next most performant algorithm)
	and decompression is about 3x faster.

2009-09-01  Chris Lalancette  <clalance@redhat.com>

	OpenVZ: accept NULL as type for GetMaxVCPUs.
	All of the other drivers that support the getMaxVcpus callback
	also accept a NULL value for type.  Make openvz also accept a
	NULL value.

	Remove use of strncpy in qemudExtractMonitorPath.
	qemudExtractMonitorPath() was doing a VIR_ALLOC_N followed by a
	strncpy.  However, this isn't necessary; we can do the same thing
	using strndup, which is much safer.

	Fix up virNodeGetCellsFreeMemory
	The documentation for virNodeGetCellsFreeMemory claims the values
	returned are in kilobytes, but that's actually wrong; the value
	returned is actually in bytes.  Fix up the documentation to be
	correct.

2009-08-30  Jim Fehlig  <jfehlig@novell.com>

	Fix sexpr2string() to handle empty list.
	S-expression containing empty lists, e.g. (cpus (() () () ())),
	was not being handled properly in sexpr2string() serialization.
	Emit an empty list when encountering NIL sexpr kind.

2009-08-28  Daniel P. Berrange  <berrange@redhat.com>

	Fix driver entry table for UML numa APIs
	* src/uml_driver.c: Fix numa API driver entries to avoid
	  infinite loop

2009-08-28  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	Fix crash in virsh vol-key command
	* src/virsh.c: Pass in pool object to avoid crash in key lookup

2009-08-26  Daniel P. Berrange  <berrange@redhat.com>

	Refactor policycode auth code to avoid compiler warnings
	* src/remote_internal.c: Split remoteAuthPolkit into separate
	  impls for v0 and v1 to avoid compile warnings due to unused
	  variables/params
	* qemud/remote.c: Remove accidental tabs

2009-08-25  Daniel P. Berrange  <berrange@redhat.com>

	Support new PolicyKit 1.0 API
	* configure.in: Check for pkcheck which indicates new policykit
	* qemud/Makefile.am: Install different versions of policy
	* qemud/libvirtd.policy: Rename to libvirtd.policy-0
	* qemud/libvirtd.policy-1: new style policy
	* qemud/qemud.c, qemud/qemud.h, qemud/remote.c: Support new
	  policykit API via external pkcheck helper
	* src/remote_internal.c: Don't prompt for polkit auth with new
	  policykit API
	* libvirt.spec.in: deal with new policy install locations & deps

2009-08-21  Darryl L. Pierce  <dpierce@redhat.com>

	517157 fix selinux problem with images on NFS
	* src/security_selinux.c: ignores EOPNOTSUPP when attempting to access an
	  NFS share

2009-08-21  Mark McLoughlin  <markmc@redhat.com>

	spec file: add URL to Source tag
	See https://fedoraproject.org/wiki/Packaging:SourceURL

2009-08-20  Mattias Bolte  <matthias.bolte@googlemail.com>

	Fix phypOpen() escape_specialcharacters
	Matthias correctly points out that escape_specialcharaters() takes a
	length, and since we are now malloc()'ing string in phypOpen instead of
	making it a static array, we can't use sizeof(string) anymore.  Calculate
	the proper strlen and then use that both to allocate the string and also
	pass it to escape_specialcharacters().

	Power Hypervisor: fix potential segfault
	I came across this line in the phypOpen function:

	char string[strlen(conn->uri->path)];

	Here the path part of the given URI is used without checking it for
	NULL, this can cause a segfault as strlen expects a string != NULL.
	Beside that uuid_db and connection_data leak in case of an error.

	In this line

	conn->uri->path = string;

	the original path of the URI leaks. The patch adds a VIR_FREE call
	before setting the new path.

	The attached patch is compile-tested but I don't have a Power
	Hypervisor installation at hand to test it for real.

	Matthias

2009-08-20  Chris Lalancette  <clalance@redhat.com>

	Small fixes for qemu save compression.
	Fix up a small memory leak pointed out by DanB; I was forgetting
	to release memory allocated to driver->saveImageFormat.
	Also add the "save_image_format" and "security" entries to
	the augeas lens.

2009-08-20  Daniel P. Berrange  <berrange@redhat.com>

	Add test for recently fixed crash with latest XenD
	Test case for the fix applied in

	  commit 14435163a086c0bcdff04308077fa46a5fa08bb0
	  Author: Daniel Veillard <veillard@redhat.com>
	  Date:   Fri Jun 26 18:14:16 2009 +0000

	* tests/sexpr2xmldata/sexpr2xml-pv-vfb-type-crash.sexpr,
	  tests/sexpr2xmldata/sexpr2xml-pv-vfb-type-crash.xml: Data
	  files exhibiting the crash
	* tests/sexpr2xmltest.c: Process new data files

	Fix some typos & remove unhelpful acronyms in QEMU docs

2009-08-19  Daniel P. Berrange  <berrange@redhat.com>

	Add documentation about the QEMU driver security features
	* docs/drvqemu.html.in: Document DAC usage, SELinux integration,
	  Linux capabilities, and Cgroups device ACLs

2009-08-18  Mark McLoughlin  <markmc@redhat.com>

	Fix bridge/tap system error reporting
	* src/qemu_conf.c, src/uml_conf.c: use virReportSystemError() to report
	  system errors

	Don't expose 'vnet%d' to the user
	https://bugzilla.redhat.com/517371

	Matt Booth points out that if you use a non-existent bridge name when
	start a guest you get a weird error message:

	  Failed to add tap interface 'vnet%d' to bridge 'virbr0'

	and dev='vnet%d' appears in the dumpxml output.

	Fix that by not including 'vnet%d' in the error message and freeing the
	'vnet%d' string if adding the tap device to the bridge fails.

	* src/qemu_conf.c, src/uml_conf.c: fix qemudNetworkIfaceConnect()
	  and umlConnectTapDevice() to not expose 'vnet%d' to the user

	Maintain a list of active PCI hostdevs and use it in pciResetDevice()
	As we start/shutdown guests, or hotplug/hot-unplug devices, we can add
	or delete devices as appropriate from a list of active devices.

	Then, in pciReset(), we can use this to determine whether its safe to
	reset a device as a side effect of resetting another device.

	* src/qemu_conf.h: add activePciHostdevs to qemud_driver

	* src/qemu_driver.c: maintain the activePciHostdevs list, and pass it
	  to pciResetDevice()

	* src/pci.[ch]: pass the activeDevs list to pciResetDevice() and use
	  it to determine whether a Secondary Bus Reset is safe

	Simplify PCI hostdev prepare/re-attach using a pciDeviceList type
	The qemuPrepareHostDevices() and qemuDomainReAttachHostDevices()
	functions are clutter with a bunch of calls to pciGetDevice() and
	pciFreeDevice() obscuring the basic logic.

	Add a pciDeviceList type and add a qemuGetPciHostDeviceList() function
	to build a list from a domain definition. Use this in prepare/re-attach
	fto simplify things and eliminate the multiple pciGetDevice calls.

	This is especially useful because in the next patch we need to iterate
	the hostdevs list a third time and we also need a list type for keeping
	track of active devices.

	* src/pci.[ch]: add pciDeviceList type and also a per-device 'managed'
	  property

	* src/libvirt_private.syms: export the new functions

	* src/qemu_driver.c: add qemuGetPciHostDeviceList() and re-write
	  qemuPrepareHostDevices() and qemuDomainReAttachHostDevices() to use it

	Use pci_addr=auto with QEMU's pci_add monitor command
	Newer versions of QEMU accept 'pci_add auto', but older versions require
	'pci_add pci_addr=auto'

	* src/qemu_driver.c: use pci_addr= in qemudDomainAttachHostPciDevice()
	  for older versions of QEMU

	Fix thinko in PCI hostdev detach
	* src/qemu_driver.c: Add missing break statement in
	  qemudDomainDetachHostDevice()

	Reset PCI host devices after hot-unplug
	When we hot-unplug a PCI host device from a guest, we should reset it.

	Both managed and unmanaged devices should be reset, but only managed
	devices should be re-attached.

	* src/qemu_driver.c: reset devices in qemudDomainDetachHostPciDevice()

	Reset unmanaged PCI host devices before hotplug
	Right now we're only resetting managed devices before hotplug, but we
	should reset them irrespective of whether they are managed.

	* src/qemu_driver.c: reset all PCI hostdevs before hotplug

	Revert changes to allow pciResetDevice() reset multiple devices
	It turns out that the previous attempt at this doesn't work well
	in the case of hotplug. We need qemuCheckPciHostDevice() to
	disallow the reset affecting devices already attach to the guest,
	but we still need to avoid double locking the virDomainObjPtr.

	This is all getting messy, I've a better idea.

	This reverts commit 6318808270dd7679cd5dc082dcf2c7d85a432bd6 and
	c106c8a18c63d9e4f2547724a4a563706f8f6778.

	* src/qemu_driver.c, src/pci.[ch], src/xen_unified.c,
	  src/libvirt_private.syms: revert a bunch of stuff.

	Fix list updating after disk/network/hostdev hot-unplug
	The current code makes a poor effort at updating the device arrays after
	hot-unplug. Fix that and combine the two code paths into one.

	* src/qemu_driver.c: fix list updating in qemudDomainDetachNetDevice(),
	  qemudDomainDetachPciDiskDevice() and qemudDomainDetachHostPciDevice()

	Re-name remote_internal.c:driver to remote_driver
	Confused me when poking at another 'driver' variable in gdb which gcc
	had optimized away

	* src/remote_internal.c: rename driver to remote_driver

	Cosmetic change to 'virsh nodedev-list --tree' output
	Maybe it's just me, but I try to select an item from the tree using
	double-click and get annoyed when "+-" gets included in the selection.

	* src/virsh.c: add a space between "+-" and the node device name
	  in 'virsh nodedev-list --tree'

2009-08-18  Chris Lalancette  <clalance@redhat.com>

	Fix up connection reference counting.
	Currently the reference counting for connections is busted.  I
	first noticed it while trying to use virConnectRef; it would
	eventually cause a crash in the remote_internal driver, although
	that was really just a victim.  Really, we should only call the
	close callbacks on the methods when the references drop to 0.  To
	accomplish this, move all of the close callbacks into
	virUnrefConnect (since there are lots of internal users of that
	function), and arrange for virConnectClose to call that.

	V2: Make sure to drop the connection lock before we call the close
	    callbacks, otherwise we could deadlock the daemon
	V3: Fix up a crash when we got an error from one of the drivers

2009-08-17  Daniel P. Berrange  <berrange@redhat.com>

	Fix LXC driver crash when kernel doesn't support clone
	* src/domain_conf.c: Make virDomainObjListFree a no-op if list
	  is NULL
	* src/domain_event.c: make virDomainEventCallbackListFree a no-op
	  if event list is NULL
	* src/lxc_driver.c: Log a message if LXC driver does not startup
	  due to lacking kernel support

2009-08-17  Chris Lalancette  <clalance@redhat.com>

	Compressed save image format for Qemu.
	Implement a compressed save image format for qemu.  While ideally
	we would have the choice between compressed/non-compressed
	available to the libvirt API, unfortunately there is no "flags"
	parameter to the virDomainSave() API.  Therefore, implement this
	as a qemu.conf option.  gzip, bzip2, and lzma are implemented, and
	it should be very easy to implement additional compression
	methods.

	One open question is if/how we should detect the compression
	binaries.  One way to do it is to do compile-time setting of the
	paths (via configure.in), but that doesn't seem like a great thing
	to do.  My preferred solution is not to detect at all;
	when we go to run the commands that need them, if they
	aren't available, or aren't available in one of the standard paths,
	then we'll fail.  That's also the solution implemented in this patch.

	In the future, we'll have a more robust (managed) save/restore API,
	at which time we can expose this functionality properly in the API.

	V2: get rid of redundant dd command and just use >> to append data.
	V3: Add back the missing pieces for the enum and bumping the save version.
	V4: Make the compressed field in the save_header an int.
	    Implement LZMA compression.

2009-08-14  Daniel P. Berrange  <berrange@redhat.com>

	Remove 'the the' typo in docs

2009-08-14  Mark McLoughlin  <markmc@redhat.com>

	Check active domain hostdevs before allowing PCI reset
	If a PCI device reset causes other devices to be reset, allow it so long
	as those other devices are note assigned to another active domain.

	Note, we need to take the driver lock qemudNodeDeviceReset() because the
	check function will iterate over the domain list.

	* src/qemu_conf.c: add qemuCheckPciHostDevice() to iterate over active
	  domains checking whether the affected device is assigned

	* src/pci.[ch]: add pciDeviceEquals() helper

	Allow pciResetDevice() to reset multiple devices
	When using a Secondary Bus Reset, all devices on the bus are reset.

	Extend the pciResetDevice() API so that a 'check' callback can be
	supplied which will verify that it is safe to reset the other devices
	on the bus.

	The virDomainObjPtr parameter is needed so that when the check function
	iterates over the domain list, it can avoid double locking.

	* src/pci.[ch]: add a 'check' callback to pciResetDevice(), re-work
	  pciIterDevices() to pass the check function to the iter functions,
	  use the check function in the bus iterator, return the first unsafe
	  device from pciBusCheckOtherDevices() and include its details in
	  the bus reset error message.

	* src/qemu_driver.c, src/xen_uninified.c: just pass NULL as the
	  check function for now

	Improve PCI host device reset error message
	Currently, if we are unable to reset a PCI device we return a fairly
	generic 'No PCI reset capability available' error message.

	Fix that by returning an error from the individual reset messages and
	using that error to construct the higher level error mesage.

	* src/pci.c: set errors in pciTryPowerManagementReset() and
	  pciTrySecondaryBusReset() on failure; use those error messages
	  in pciResetDevice(), or explain that no reset support is available

	Reset and re-attach PCI host devices on guest shutdown
	When the guest shuts down, we should attempt to restore all PCI host
	devices to a sane state.

	In the case of managed hostdevs, we should reset and re-attach the
	devices. In the case of unmanaged hostdevs, we should just reset them.

	Note, KVM will already reset assigned devices when the guest shuts
	down using whatever means it can, so we are only doing it to cover the
	cases the kernel can't handle.

	* src/qemu_driver.c: add qemuDomainReAttachHostDevices() and call
	  it from qemudShutdownVMDaemon()

	Allow PM reset on multi-function PCI devices
	It turns out that a PCI Power Management reset only affects individual
	functions, and not the whole device.

	The PCI Power Management spec talks about resetting the 'device' rather
	than the 'function', but Intel's Dexuan Cui informs me that it is
	actually a per-function reset.

	Also, Yu Zhao has added pci_pm_reset() to the kernel, and it doesn't
	reject multi-function devices, so it must be true! :-)

	(A side issue is that we could defer the PM reset to the kernel if we
	could detect that the kernel has PM reset support, but barring version
	number checks we don't have a way to detect that support)

	* src/pci.c: remove the pciDeviceContainsOtherFunctions() check from
	  pciTryPowerManagementReset() and prefer PM reset over bus reset
	  where both are available

	Cc: Cui, Dexuan <dexuan.cui@intel.com>
	Cc: Yu Zhao <yu.zhao@intel.com>

	Detect KVM's PCI device assignment support
	PCI device assignment is only supported in KVM's fork of qemu, so we
	should really detect its availability and give a nice error if its
	not supported.

	* src/qemu_conf.[ch]: introduce QEMUD_CMD_FLAG_PCIDEVICE indicating
	  that the -pcidevice command line option is available

	* tests/*: update the tests

	Add host PCI device hotplug support
	Attaching a host PCI device to a qemu guest is done with a
	straightforward 'pci_add auto host host=XX:XX.X' command.

	Like with NIC and disk hotplug, we need to retain the guest PCI address
	assigned by qemu so that we can use it for hot-unplug.

	Identifying a device for detach is done using the host PCI address.

	Managed mode is handled by detaching/resetting the device before
	attaching it to the guest and re-attaching it after detaching it from
	the guest.

	* src/qemu_driver.c: add qemudDomainAttachHostPciDevice() and
	  qemudDomainDetachHostPciDevice()

	* src/domain_conf.h: add somewhere to store the guest PCI address

	* src/domain_conf.c: handle formatting and parsing the guest PCI
	  address

	Re-factor hostdev hotplug
	Re-factor the hostdev hotplug code so that we can easily add PCI
	hostdev hotplug to qemudDomainAttachHostDevice().

	* src/qemu_driver.c: rename qemudDomainAttachHostDevice() to
	  qemudDomainAttachHostUsbDevice(); make qemudDomainAttachHostDevice()
	  handle all hostdev types

	* src/libvirt_private.syms: export a couple of hostdev related
	  ToString() functions

2009-08-13  Daniel P. Berrange  <berrange@redhat.com>

	Make LXC / UML drivers robust against NUMA topology brokenness
	Some kernel versions expose broken NUMA topology for some machines.
	This causes the LXC/UML drivers to fail to start. QEMU driver was
	already fixed for this problem

	* src/lxc_conf.c: Log and ignore failure to populate NUMA info
	* src/uml_conf.c: Log and ignore failure to populate NUMA info
	* src/capabilities.c: Reset nnumaCell to 0 after freeing

2009-08-11  Mark McLoughlin  <markmc@redhat.com>

	Fix some URLs in virsh manpage
	* docs/virsh.pod: don't reference format.html anymore, reference
	  the formatdomain.html etc. pages

	* virsh.1: re-generate

2009-08-11  Chris Lalancette  <clalance@redhat.com>

	Remove a duplicated assignment in Xen PCI parsing.

	Fix up a few minor indentation issues.

	Fix phyp escape_specialcharacters.
	A couple of minor fixes to phyp escape_specialcharacters.  Make it
	a static function (since it's only used in phyp/phyp_driver.c), and
	make it take a dstlen parameter.  This paves the way for removing
	strncpy in the future.

	Make openvzGetVPSUUID take a len.
	Minor fix to openvzGetVPSUUID to make it take a length parameter.
	This ensures that it doesn't make assumptions about the length
	of the UUID buffer, and paves the way for removal of strncpy in
	the future.

	Minor cleanup of error path for c_oneVmInfo.

	Fix up a whitespace in comments in src/console.c

	Fix up a stray whitespace in virHashGrow.

	Run 'cont' on successful migration finish.
	As of qemu 0.10.6, qemu now honors the -S flag on incoming migration.
	That means that when the migration completes, we have to issue a
	'cont' command to get the VM running again.  We do it unconditionally
	since it won't hurt on older qemu.

	Split virDomainMigrate into functions.
	Re-factor virDomainMigrate to split out the version 1 and version 2
	protocols into their own functions.  In reality, the two versions share
	very little in common, so forcing them together in the same function was
	just confusing.  This will also make adding tunnelled migration easier.

	Fix QEMU domain status after restore.
	When doing a restore, we were forgetting to update the state file
	for the VM.  That means that if you do a save/restore, then shut
	down libvirtd, then start it back up, you'll see the state of the
	guest as "paused", even though it is really running.  We were
	just forgetting a "virDomainSaveStatus" call in the restor path.

2009-08-10  Mark McLoughlin  <markmc@redhat.com>

	Handle kernels with no ipv6 support
	If the ipv6 kernel module is not loaded, then we get this when starting
	a virtual network:

	  libvir: Network Config error :
	  cannot enable /proc/sys/net/ipv6/conf/virbr0/disable_ipv6:
	  No such file or directory

	If disable_ipv6 is not present, we should just merrily continue on our
	way.

	* src/network_driver.c: make networkDisableIPV6() not fail if the kernel
	  has no ipv6 support

	Set perms on /var/lib/libvirt/boot to 0711
	Allow qemu user to open kernel/initrds in this dir, but still prevent
	others from listing it.

	* libvirt.spec.in: set /var/lib/libvirt/boot perms to 0711

	chown kernel/initrd before spawning qemu
	If we're running qemu unprivileged, we need to chown any supplied kernel
	or initrd before spawning it.

	* src/qemu_driver.c: rename qemuDomainSetDiskOwnership() to
	  qemuDomainSetFileOwnership(), pass it a path string instead of a disk
	  definition and use it for chowning the kernel/initrd in
	  qemuDomainSetAllDeviceOwnership()

2009-08-07  Daniel P. Berrange  <berrange@redhat.com>

	Add link to AbiCloud web management system

2009-08-07  Chris Lalancette  <clalance@redhat.com>

	Remove unsafe strncpy from esx_vmx.c
	While trying to remove uses of unsafe strncpy in the tree, I came
	across a couple of usages in the ESX driver.  To my eyes, the snprintf
	replacements do the same thing in less code, and are also safer.

	Tested-by: Mattias Bolte <matthias.bolte@googlemail.com>

2009-08-06  Amy Griffis  <amy.griffis@hp.com>

	Update logging documentation
	* docs/logging.html[.in] try to include a little more description about
	  the corner cases, things someone might get hung up on on.

	Consolidate code for parsing the logging env
	* src/logging.c src/logging.h src/libvirt_private.syms:
	  define new functions virLogSetFromEnv and virLogParseDefaultPriority
	* qemud/qemud.c src/libvirt.c tests/eventtest.c: cleanup to use the
	  unified functions

	Cleanup VIR_LOG_DEBUG parsing in eventtest
	* tests/eventtest.c: don't covert high priority levels to debug level.
	  Consider an invalid priority level setting a setup failure.

	Several fixes to libvirtd's log setup
	* qemud/qemud.c src/logging.[ch]: Similar as for general libvirt, don't
	  convert high priority levels to debug level. Ignore LIBVIRT_LOG_FILTERS
	  and LIBVIRT_LOG_OUTPUTS when they're set to the empty string, otherwise
	  they can override a valid setting from the config file. Send all
	  settings through the parser functions for validation, so that the
	  existence of a bad setting doesn't nullify a good setting that should
	  have applied -- particularly the default output. Keep the order of
	  precedence consistent for all variables between the environment and
	  the config file.  Warn when an invalid log level, filter, or output
	  is ignored.
	* src/libvirt_private.syms: export internally a few convenience functions

	Tighten libvirt's parsing of logging env
	* src/libvirt.c src/logging.c: Don't convert high priority levels to the
	  debug level. Don't parse LIBVIRT_LOG_FILTERS and LIBVIRT_LOG_OUTPUTS
	  when they're set to the empty string. Warn when the user specifies an
	  invalid value (empty string remains a noop).
	* po/POTFILES.in: src/logging.c now include translatable strings

2009-08-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	Cleanup structure name naming
	* src/esx/esx_driver.c src/esx/esx_util.[ch] src/esx/esx_vi.[ch]:
	  just a name change

	Fix memleak if esxOpen fails
	* src/esx/esx_driver.c: if esxOpen failed, priv->transport wasn't freed

	Add proper OOM reporting for esxDomainGetOSType
	* src/esx/esx_driver.c: catch an unchecked strdup in
	  esxDomainGetOSType()

2009-08-05  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.7.0
	* configure.in NEWS docs/* libvirt.spec.in include/libvirt/libvirt.h:
	  Release of 0.7.0
	* po/*.po*: updated and regenerated the localization pool

2009-08-05  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Add an allocation unit when calling qemu-img
	* src/storage_backend.c: as the absence of units can be interpreted
	  in diverging ways depending on the version

2009-08-05  Daniel P. Berrange  <berrange@redhat.com>

	Add uniqness checking for LXC define/create methods
	* src/lxc_driver.c: Check for name & UUID uniqueness when
	  defining or creating domains

	Fix removal of transient VMs when LXC aborts
	* src/lxc_driver.c: Remove transient VM after monitor triggered
	  shutdown

	Don't try to activate cgroups if not present for LXC
	* src/lxc_controller.c: Don't throw error in LXC startup if
	  the cgroups driver mount isn't available. Improve error
	  logging for resource setup

	Fix configure checks from previous commits
	* configure.in: Don't set AM_CONDITIIONAL until *after* making
	  the checks

	Avoid a warning if compiling without inotify
	* src/xm_internal.c: split the implementations of xenInotifyActive()

2009-08-05  Aron Griffis  <aron.griffis@hp.com>

	Typo and comment fixes
	* docs/schemas/*.rng: the comments were wrong
	* src/qemu_conf.c: typo in an error message

2009-08-05  Cole Robinson  <crobinso@redhat.com>

	Refresh /etc/xen if inotify wasn't
	* src/xm_internal.c: in case of multiple connections to the xen driver
	  and some clients were not using domain events, the whole /etc/xen
	  monitoring would break leading to disapearing domains.

	Don't loose id on xen domain redefine
	* src/xm_internal.c: bug when redefining a domain, if it was running
	  we would loose its id

2009-08-05  Daniel Veillard  <veillard@redhat.com>

	Remove a stray semicolon
	* src/xend_internal.c: extraneous ; in xenDaemonParseSxprGraphicsNew

2009-08-05  Maximilian Wilhelm  <max@rfc2324.org>

	Workaround for broken GCC in Debian Etch
	* src/storage_conf.c src/internal.h: move previous check in internal.h
	  and add a workaround for a GCC bug in Debian Etch on limit definitions

	Xen Inotify support needs sys/inotify.h
	* configure.in: to activate Xen Inotify checking we need to check for
	  sys/inotify.h availability

	LXC driver requires sched.h and unshare()
	* configure.in: make it check by default for both

	Configure UML support only if sys/inotify.h present
	* configure.in: UML support requires sys/inotify.h so make it check
	  by default.

	Fix libcurl automatic check and ESX status
	* configure.in: if libcurl is not present ESX should be desactivated
	  so default to check for esx

2009-08-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	Extend the ESX URL to habdle ports and GSX
	* src/esx/esx_driver.c src/esx/esx_vi.[ch] src/esx/esx_vmx.[ch]:
	  adds version checking for GSX 2.0, allows to pass a specific port
	  for the connection and also add a new specific gsx scheme for
	  easier connections to GSX hosts

2009-08-05  Daniel P. Berrange  <berrange@redhat.com>

	Fix escaping of 8-bit high characters
	Fix  https://bugzilla.redhat.com/show_bug.cgi?id=479517

	* src/buf.c: Cast to 'unsigned char' before doing compare to
	  avoid rejecting 8-bit high characters

2009-08-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix memory leak in openvz driver
	* src/openvz_driver.c: Remove unneccessary strdup() on hypervisor
	  type api call

2009-08-02  Chris Lalancette  <clalance@redhat.com>

	Remove ATTRIBUTE_UNUSED from flags to qemudDomainMigratePerform.

	Add a comment about setting errors after qemudStartVMDaemon().

	Fix an erroneous debug error to KVM; it should read QEMU/KVM.

	Remove a stray semicolon in qemudDomainMigratePrepare2.

	Convert a few stray users of free() in libvirt.c to VIR_FREE().

	Use virGetHostname instead of gethostname.
	Fix up qemudDomainMigratePrepare2 to use virGetHostname instead of
	gethostname.  Besides the fact that virGetHostname is far more clever,
	there was a latent bug in the handling that could cause a buffer overflow
	on a very long hostname.

	Fix up a minor indentation issue with virDomainMigratePrepare.

	Fix virCapabilitiesDefaultGuestMachine documentation.

	Fix up a silly typo in apibuild.py.

2009-08-01  Daniel P. Berrange  <berrange@redhat.com>

	Protected against potential crash scenarios
	* src/qemu_driver.c: Check that monitor device is not NULL
	  before runing a command to protect against bugs in caller

	Improve diagnostics when pidfile writing fails
	* src/util.c: Include path & pid when logging pidfile failure

	Fix crash when attempting to shutdown inactive QEMU vm
	* src/qemu_driver.c: Add check that QEMU is active before attemting
	  to shutdown. Fix error code for check in destroy method

2009-07-31  Daniel P. Berrange  <berrange@redhat.com>

	Enable ESX driver build on Mingw32
	* autobuild.sh, mingw32-libvirt.spec.in: Enable esx on mingw32
	* src/esx/esx_driver.c: Define AI_ADDRCONFIG if not set
	* src/esx/esx_util.c, src/esx/esx_vi_types.c: Always use
	  %lld & friends, since gnulib guarentees we have these
	  and not the target's own variants

	Disable IPv6 on virtual networks
	If the bridge device is configured to have IPv6 address and
	accept router advertisments, then a malicious guest can send
	out bogus advertisments and hijack/DOS host IPv6 connectivity

	* src/network_driver.c: Set accept_ra=0, disable_ipv6=1, autoconf=0
	  for IPv6 sysctl on virual network bridge devices

2009-07-31  Mark McLoughlin  <markmc@redhat.com>

	Fix PCIe FLR detection
	PCIe DevCap register is actually 32 bits, not 16 bits. Since FLR is
	bit 28, we clearly are failing to detect FLR support.

	Known to fix device reset with some SR-IOV devices.

	* src/pci.c: fix pciDetectFunctionLevelReset()

	Set perms on /var/lib/libvirt/images to 0711
	Allow qemu user to open images in this dir, but still prevent others
	from listing it.

	* libvirt.spec.in: set /var/lib/libvirt/images perms to 0711

2009-07-31  Daniel P. Berrange  <berrange@redhat.com>

	Fix problem writing QEMU pidfile
	* src/util.c: Don't drop capabilities until after the PID file has
	  been written. Kill off child if writing the PID file fails
	* src/qemu_driver.c: Remove bogus trailing '/' in state dir

	Allow dnsmasq to provide DNS without DHCP
	* src/network_driver.c: Always start dnsmasq to allow it to provide
	  DNS, even if no DHCP ranges are enabled

2009-07-30  Maximilian Wilhelm  <max@rfc2324.org>

	Avoid warning when compiling without IFF_VNET_HDR
	* src/bridge.c: avoid a couple of unused var/func warnings

2009-07-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix build on mingw32 by disabling netcf
	* autobuild.sh, mingw32-libvirt.spec.in: Set --without-netcf for
	  mingw32 builds

2009-07-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX Scheduler documentation and cleanup
	* esx/esx_driver.c: add some documentation about the CPU scheduler
	  parameters and remove some old, unnecessary compensation code, since
	  virsh uses the proposed parameter types now.

2009-07-30  Henrik Persson  <henrik.e.persson@ericsson.com>

	Fix vcpupin on Xen problem
	* src/xend_internal.c: the update on the cpu affinity map format
	  had na error and made the changes in the wrong buffer, fix those

2009-07-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix RPM upgrades from F11 to F12
	* libvirt.spec.in: Create qemu/kvm user/group in %pre script

2009-07-30  Aron Griffis  <aron.griffis@hp.com>

	Fix an initialization problem in previous patch
	* src/bridge.c: fix struct ifreq ifr init in brAddTap()

2009-07-30  Bryan Kearney  <bkearney@redhat.com>

	Update the java bindings page
	* docs/java.html[.in]: update the java bindings html page to reflect the
	  new repositories, JNA usage, and maven access

2009-07-30  Aron Griffis  <aron.griffis@hp.com>

	Remove MAX_TAP_ID and let kernel do numbering
	* src/bridge.c: no need to format the device string in brAddTap()
	  this can be delegated to the kernel and removes an arbitrary limit.

2009-07-29  Ron Yorston  <rmy@tigress.co.uk>

	Kernel command line support for UML
	* src/uml_conf.c: add support for additional kernel command line
	  arguments.

2009-07-29  Daniel P. Berrange  <berrange@redhat.com>

	Fix deadlock in remote driver domain events
	* src/remote_internal.c: Release driver lock when dispatching events
	  to callbacks

2009-07-29  Ryota Ozaki  <ozaki.ryota@gmail.com>

	qemu: fix monitor socket reconnection
	* src/qemu_driver.c: fix qemudOpenMonitorUnix() to retry on ENOENT
	  instead of EACCES which is the error one receive when the socket
	  error hasn't shown up yet

2009-07-29  Mark McLoughlin  <markmc@redhat.com>

	Fix polkit/netcf disabling on older fedoras
	polkit was disabled by default for a reason - because we selectively
	enable it on newer fedoras rather than disable it on older fedoras

	Same fix needed for netcf

	Capilize libvirt-client summary
	Fixes:

	  W: summary-not-capitalized client side library and utilities of the libvirt library

	Move ldconfig calls to libvirt-client %post/%postun
	Now that the library has moved to libvirt-client

	Convert NEWS to UTF-8
	* docs/news.xsl: request UTF-8 as the output encoding

	* NEWS: re-generate with UTF-8 encoding

	Fix trailing whitespace in NEWS
	git wouldn't let me push without this

	No need to build require both python-devel and python
	Since python-devel requires python

	Pointed out by Itamar Reis Peixoto

	Remove executable perms from /etc/sysconfig/libvirtd
	Changed by Rich Jones for:

	  libvirt.x86_64: E: executable-marked-as-config-file /etc/sysconfig/libvirtd

	See:

	  https://bugzilla.redhat.com/226055

	Use a %postun -p for one line scriptlet
	Changed by Rich Jones, presumably for this:

	  libvirt.x86_64: W: one-line-command-in-%postun /sbin/ldconfig

	see:

	  https://bugzilla.redhat.com/226055

	Don't explicitly require libxml2
	Originally done by rjones as part of this package review:

	  https://bugzilla.redhat.com/226055

	Fix some unowned directories
	danpb's fix for:

	  https://bugzilla.redhat.com/483442

	Kill qemu BuildRequires
	It's not needed at build time

	Removed in Fedora by:

	  * Fri Jun  5 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.4-2.fc12
	  - Remove the qemu BuildRequires

	Enable netcf by default
	Disabled on < f12 for now until netcf is in Fedora updates

	BuildRequires netcf if enabled, pass --without-netcf if its disabled

	* libvirt.spec.in: enabled netcf by default

	Default to with_polkit
	Unless there's some reason we shouldn't

	Make vbox support configurable
	Added by DV with:

	  * Fri Apr 24 2009 Daniel Veillard <veillard@redhat.com> - 0.6.3-1.fc12
	  - release of 0.6.3
	  - VirtualBox driver

	Build with --without-capng if capng is disabled
	* libvirt.spec: pass --without-capng if appropriate

	BuildRequires libcap-ng-devel not capng-devel
	Fedora CVS changelog is "Fix libcap-ng-devel require, Daniel"

2009-07-28  Shahar Klein  <shaharklein@yahoo.com>

	Drop curl host check when using ESX without check
	* src/esx/esx_vi.c: drop host check if no_verify=1, but as Matthias
	  pointed out if no_verify=2 we should check the host is the right
	  one

2009-07-28  Mark McLoughlin  <markmc@redhat.com>

	Reduce glusterfs dependency to 2.0.1
	* libvirt.spec.in: require glusterfs-client >= 2.0.1

2009-07-27  Daniel P. Berrange  <berrange@redhat.com>

	Fix crashes in Xen capabilities code
	* src/xen_internal.c: Don't free memory now owned by the virCapsPtr
	   structure
	* tests/testutilsxen.c: Fix up for change in internal API

	Fix typo in xen capabilities code

	Fill in vCPU <-> pCPU current mapping, and vCPU cpuTime for QEMU
	* src/qemu_driver.c: implement missing features in qemudDomainGetVcpus
	  for 'cpu' and 'cpuTime' fields

2009-07-27  Mark McLoughlin  <markmc@redhat.com>

	Add support for attaching network/bridge NICs in QEMU driver
	In order to hotplug a network/bridge backed NIC, we need to first create
	the tap file descriptor, add the tap interface to the bridge and then
	pass the file descriptor to the qemu process using the 'getfd' monitor
	command.

	Once the tapfd has been accepted, we create the network backend using
	host_net_add, supplying the name assigned to the tapfd. If this fails,
	we need to close the tapfd in qemu using the 'closefd' monitor command.

	If the version of qemu does not support the getfd/closefd monitor
	commands we detect "unknown command" in the getfd reply and fail the
	attach operation.

	* src/qemu_driver.c: add support for tapfd based hotplug in
	  qemudDomainAttachNetDevice()

	Add SCM_RIGHTS support to QEMU monitor code
	Add qemudMonitorCommandWithFd() which allows a file descriptor to be
	sent to qemu over a unix monitor socket using SCM_RIGHTS. See the
	unix(7) and cmsg(3) man pages.

	* src/qemu_conf.c: add a scm_fd param to qemudMonitorCommandExtra(),
	  add qemudMonitorCommandWithFd(), implement SCM_RIGHTS support in
	  qemudMonitorSendUnix()

	Use sendmsg() on QEMU monitor socket
	Switch from using write() to using sendmsg() on QEMU's monitor socket
	so that we can add support for SCM_RIGHTS.

	* src/qemu_driver.c: add sendmsg() based qemudMonitorSendUnix() and use
	  it when the monitor fd is a unix socket

	Factor qemudMonitorSend() out of qemudMonitorCommandExtra()
	Add a little helper function to write the monitor command followed by
	carriage return in a single write.

	This doesn't make any real difference, but allows us to more easily
	switch to using sendmsg() when using the monitor over a unix socket.

	* src/qemu_conf.c: split qemudMonitorSend() out

	Clean up error handling in qemudDomainAttachNetDevice()
	In subsequent patches we're going to have a file descriptor to close
	too, so centralize the error handling cleanups to make things easier.

	* src/qemu_conf.c: in qemudDomainAttachNetDevice() consolidate the
	  error handling cleanups together

	Make qemuBuildHostNetStr() take tapfd as a string
	With hotplug, we're going to want to pass a tapfd name rather than an
	actual file descriptor, so prepare the way by passing a string tapfd to
	qemuBuildHostNetStr().

	* src/qemu_conf.h: qemuBuildHostNetStr() takes a string tapfd now

	* src/qemu_conf.c: pass qemuBuildHostNetStr() a string rather than an
	  actual file descriptor

	* src/qemu_driver.c: update qemudDomainAttachNetDevice() for change

	Move vnet_hdr logic into qemudNetworkIfaceConnect() and export it
	* src/qemu_conf.h: export qemudNetworkIfaceConnect()

	* src/qemu_conf.c: move vnet_hdr logic into qemudNetworkIfaceConnect()
	  since we need it for hotplug too

	Only probe qemu for machine types when binary changes
	By probing for qemu machine types, we increased the time of a
	GetCapabilities call from 100us to a whopping 60ms.

	This patch takes the approach of only probing for machine types
	when the mtime of the emulator binary changed since the last time
	the capabilities were generated.

	* src/capabilities.h: cache the emulator binary mtime

	* src/qemu_conf.c: add qemudGetOldMachines() to copy the machine
	  types from the old caps struct if the mtime for the binary hasn't
	  changed

	* src/qemu_conf.h, src/qemu_driver.c: pass the old caps pointer to
	  qemudCapsInit()

	Add canonical machine name to capabilities output
	e.g. <machine canonical='pc'>pc-0.11</machine>

	* src/capabilities.c: output the canonical machine names in the
	  capabilities output, if available

	* docs/schemas/capabilities.rng: add the new attribute

	Probe QEMU directly for machine aliases if not found in capabilties
	Not all possible emulators are actually in the capabilities, so if we
	don't find the supplied emulator we should probe it directly for machine
	types.

	* src/qemu_driver.c: add qemudCanonicalizeMachineDirect() to directly
	  probe an emulator for the canonical machine type

	Canonicalize qemu machine types
	In qemu-0.11 there is a 'pc-0.10' machine type which allows you to run
	guests with a machine which is compatible with the pc machine in
	qemu-0.10 - e.g. using the original PCI class for virtio-blk and
	virtio-console and disabling MSI support in virtio-net. The idea here
	is that we don't want to suprise guests by changing the hardware when
	qemu is updated.

	I've just posted some patches for qemu-0.11 which allows libvirt to
	canonicalize the 'pc' machine alias to the latest machine version.

	This patches makes us use that so that when a guest is configured to
	use the 'pc' machine type, we resolve that to 'pc-0.11' machine and
	save that in the guest XML.

	See also:

	  https://fedoraproject.org/wiki/Features/KVM_Stable_Guest_ABI

	* src/qemu_conf.c: add qemudCanonicalizeMachine() to canonicalize
	  the machine type according to the machine aliases in capabilities

	* src/qemu_driver.c: parse aliases in qemudParseMachineTypesStr()

	Add virCapsGuestMachine structure
	A subsequent commit will add a "canonical" field to this structure,
	this patch basically just prepares the way for that.

	The new type is added, along with virCapabilitiesAlloc/FreeMachines()
	helpers and a whole bunch of code to make the transition.

	One quirk is that virCapabilitiesAddGuestDomain() and
	virCapabilitiesAddGuest() take ownership of the machine list rather
	than duping it. This makes sense to avoid needless copying.

	* src/capabilities.h: add the virCapsGuestMachine struct and use it
	  in virCapsGuestDomainInfo, add prototypes for new functions and
	  update the AddGuest() prototypes

	* src/capabilities.c: add code for allocating and freeing the new
	  type, change the machines parameter to AddGuest() etc.

	* src/libvirt_private.syms: export the new helpers

	* src/qemu_conf.c: update all the machine type code to use the new
	  struct

	* src/xen_internal.c: ditto

	* tests/testutilsqemu.c: ditto

	Probe for QEMU machine types
	Currently we hardcode the QEMU machine types. We should really just
	parse the output of 'qemu -M ?' so the lists don't get out of sync.

	xenner doesn't support '-M ?', so we still need to hardcode that.

	The horrible (const char *const *) is removed in a subsequent patch.

	* src/qemu_conf.c: kill the arch_info*machines tables, retain the
	  hardcoded xenner machine type, add qemudProbeMachineTypes() to
	  run and parse 'qemu -M ?' and use it in qemudCapsInitGuest()

	Cleanup qemu binary detection logic in qemudCapsInitGuest()
	There's no need for the hasbase/hasaltbase confusion, just store the
	first binary path found in a variable.

	* src/qemu_conf.c: kill hasbase/hasaltbase logic in qemudCapsInitGuest()

2009-07-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX driver accept VI API version 4.0
	* src/esx/esx_driver.c src/esx/esx_vi.c src/esx/esx_vi.h
	  src/esx/esx_vmx.c src/esx/esx_vmx.h: extend the VI API version checks
	  to accept version 4.0 and takes care of the virtualHW.version change
	  from 4 to 7.

	Allow leading dots in VMX config entry names
	* src/conf.c: the virConfParser must accept leading dot when in VMX mode

	Add no_verify query parameter to ESX URIs
	* src/esx/esx_driver.c src/esx/esx_util.c src/esx/esx_util.h
	  src/esx/esx_vi.c src/esx/esx_vi.h: adds a no_verify query parameter to
	  stop libcurl from verifying theserver certificate for the https
	  transport.

	Fix memory leaks in esxDomainDumpXML
	* src/esx/esx_driver.c: remove leaks in esxDomainDumpXML() and simplify
	  esxDomainXMLFromNative()

2009-07-27  Cole Robinson  <crobinso@redhat.com>

	Commit newly generated docs, after changes from commit 2348cf.

	Add phyp files to POTFILES, to make syntax-check happy.

	test: Implement BlockStats and InterfaceStats
	We fake stats values based on the current time, similar to how it's done
	for cpu time.

	test: Generate net interface names when assigning XML.
	We need interface names to implement InterfaceStats.

	Don't allow NULL paths for BlockStats and InterfaceStats
	Do the check in libvirt.c, to save drivers from the burden. This changes
	behavior slightly in the qemu driver: we no longer explictly error if
	passed an empty string. An error will still be thrown when the device
	lookup fails.

	python: Raise exceptions if virDomain*Stats fail.
	The generator couldn't tell that the stats return values were pointers.
	Stick a white list in the function which tries to make this distinction.

2009-07-25  Guido Günther  <agx@sigxcpu.org>

	document tcp listen and raw wire option

2009-07-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix misc build problems due to new drivers
	* autobuild.sh: Disable esx/phyp build on mingw32
	* configure.in: Fix handling of --without-phyp so it actually works
	* libvirt.spec.in: Add missing interface.rng
	* mingw32-libvirt.spec.in: Disable phyp/esx drivers
	* src/phyp/phyp_driver.c: Fix missing i18n of error messages

2009-07-25  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	Add support for VBox 3 and event callbacks on vbox
	* src/vbox/vbox_driver.c: remove some old 2.5 switches and plug the
	  3.0 driver
	* src/vbox/vbox_V3_0.c src/vbox/vbox_CAPI_v3_0.h: the driver for
	  VirtualBox 3.0
	* src/vbox/vbox_tmpl.c: handle the new driver and add event support
	* src/Makefile.am: plug in the new module

2009-07-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix cgroup compile warnings
	* src/cgroup.c: Fix cast to uint64 from unsigned long long

2009-07-24  Daniel Veillard  <veillard@redhat.com>

	Desactivate phyp build and indicate libssh builreq

2009-07-24  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	First version of the Power Hypervisor driver
	Features supported:
	- Connects to HMC/VIOS or IVM systems.
	- Life cycle commands (resume and shutdown).
	- dumpxml
	- 'list' and 'list --all'

	What is being implemented:
	- better and centralized control for UUID
	- definexml
	- CPU management commands

	* src/domain_conf.c src/domain_conf.h: first version of the driver
	* configure.in src/Makefile.am include/libvirt/virterror.h
	  src/domain_conf.[ch] src/libvirt.c src/virterror.c: glue the driver
	  in the general framework

2009-07-24  Jim Meyering  <meyering@redhat.com>

	docs: say that the old repository is deprecated...
	* docs/downloads.html.in: but will remain for sake of old links.

2009-07-24  Daniel Veillard  <veillard@redhat.com>

	Added Matthias Bolte to AUTHORS list

2009-07-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	First version of the driver for VMWare ESX
	* src/esx/esx_*.[ch]: the driver, uses a remote minimal SOAP client
	  to talk to the VI services on ESX nodes.
	* configure.in include/libvirt/virterror.h src/Makefile.am src/driver.h
	  src/libvirt.c src/virterror.c: glue in the new driver

2009-07-24  Daniel P. Berrange  <berrange@redhat.com>

	Make QEMU cgroups use configurable
	 * qemud/libvirtd_qemu.aug, qemud/test_libvirtd_qemu.aug,
	   src/qemu.conf: Add 'cgroups_controllers' and 'cgroups_device_acl'
	   parameters
	 * src/qemu_conf.h, src/qemu_conf.c: Load & parse configuration params
	   for cgroups
	 * src/qemu_driver.c: Only use cgroups controllers that are activated,
	   and use configured device whitelist instead of default, if set.

	Use cgroups for block device whitelisting in QEMU guests
	* src/qemu_driver.c: Set a restrictive block device whitelist for
	  all QEMU guests. Update whitelist when hotplugging disks.
	* src/cgroup.h, src/cgroup.c: Add some more convenience methods
	  for dealing with block device whitelists.

	Implement schedular tunables API using cgroups
	* src/qemu_driver.c:  Add driver methods qemuGetSchedulerType,
	  qemuGetSchedulerParameters, qemuSetSchedulerParameters
	* src/lxc_driver.c: Fix to use unsigned long long consistently
	  for schedular parameters
	* src/cgroup.h, src/cgroup.c: Fix cpu_shares to take unsigned
	  long long
	* src/util.c, src/util.h, src/libvirt_private.syms: Add a
	  virStrToDouble helper
	* src/virsh.c: Fix handling of --set arg to schedinfo command
	  to honour the designated data type of each schedular tunable
	  as declared by the driver

	Place every QEMU guest in a private cgroup
	* src/qemu_driver.c: Place guest in cgroup upon startup. Remove
	  cgroup upon shutdown

	Refactor cgroups to allow a group per driver to be managed directly
	Allow the driver level cgroup to be managed explicitly by the
	hypervisor drivers, in order to detect whether to enable or
	disable cgroup support for domains. Provides better error
	reporting of failures. Also allow for creation of cgroups for
	unprivileged drivers if controller is accessible by the user.

	* src/cgroup.c, src/cgroup.h: Add an API to obtain a driver cgroup
	* src/lxc_conf.h, src/lxc_controller.c, src/lxc_driver.c:
	  Obtain a driver cgroup at startup and use that instead of
	  re-creating everytime.
	* src/util.c, src/util.h, src/libvirt_private.syms: Add a
	  virGetUserName() helper

	Make cgroups a little more efficient
	* src/cgroup.c: Detect the mount location of every controller at
	  time a virCgroupPtr is created. Detect current process' placement
	  within group to avoid assuming it is in the root. Pass controller
	  ID into SetValueStr/GetValueStr to enable much duplicated code to
	  be eliminated

2009-07-24  Laine Stump  <laine@laine.org>

	Add bare format string to printf-derivatives troubles
	* src/datatypes.c src/domain_conf.c src/interface_conf.c
	  src/lxc_driver.c src/qemu_driver.c src/storage_backend.c src/virsh.c:
	  add bare %s format string to printf-derivatives called with no format
	  string

2009-07-23  Daniel P. Berrange  <berrange@redhat.com>

	Don't restore labels on shared/readonly disks
	* src/security_selinux.c: Skip relabelling of shared/readonly
	  disks upon shutdown, since this breaks other VMs still active
	  using those disks

	Use virFileReadAll/virFileWriteStr for key cgroup read/write helpers

	Use enums for cgroup controller types / labels

	Add domain autostart for LXC driver
	* src/lxc_driver.c: Implement support for domain autostart

	Add domain events support to LXC driver
	* src/lxc_conf.h: Add queue for dispatch of domain events
	* src/lxc_driver.c: Trigger domain events upon important lifecycle transitions

	Fix misc Win32 compile warnings
	GCC >= 4.4 assumes the 'printf' attribute refers to the native
	runtime libraries format specifiers. Thanks to gnulib, libvirt
	has GNU format specifiers everywhere.  This means we need to
	use 'gnu_printf' with GCC >= 4.4 to get correct compiler
	checking of printf format specifiers.

	* HACKING: Document new rules for ATTRIBUTE_FMT_PRINTF
	* autobuild.sh, mingw32-libvirt.spec.in: Disable OpenNebula
	  driver on mingw32 builds
	* qemud/dispatch.h, qemud/qemu.h, src/buf.h src/internal.h,
	  src/logging.h, src/security.h, src/sexpr.h, src/util.h,
	  src/virterror_internal.h, src/xend_internal.c: Change
	  over to ATTRIBUTE_FMT_PRINTF.
	* src/virsh.c: Disable 'cd' and 'pwd' commands on Win32
	  since they don't compile
	* src/threads-win32.c: Add missing return value check

2009-07-23  Jim Paris  <jim@jtan.com>

	Always add -no-kvm and -no-kqemu, for qemu domains
	If the qemu binary supports "-no-kvm" and/or "-no-kqemu", they should
	always be added for plain "qemu" domains.  Previously, we omitted them
	whenever the host and guest architectures implied that they would be
	disabled automatically, but that logic was flawed in some cases
	(such as i686 and x86_64).
	* src/qemu_conf.c: fix the conditions for adding "-no-kvm" and/or "-no-kqemu"

2009-07-23  Laine Stump  <laine@laine.org>

	Release conn lock before reporting errors (end)
	* src/datatypes.c: more cleanup, where lock must be released before
	  calling error handling which tries to get it.

	Rename variable for compilation in Mingw32 (end)
	* qemud/remote.c src/interface_conf.[ch] src/veth.[ch]: more renaming
	  from interface to iface

2009-07-22  Nguyen Anh Quynh  <aquynh@gmail.com>

	Add support for physical memory access for QEmu
	* include/libvirt/libvirt.h include/libvirt/libvirt.h.in: adds the new
	  flag VIR_MEMORY_PHYSICAL for virDomainMemoryPeek
	* src/libvirt.c: update the front-end checking
	* src/qemu_driver.c: extend the QEmu driver

2009-07-22  Jim Meyering  <meyering@redhat.com>

	avoid a make distcheck failure: distribute docs/schemas/interface.rng
	* docs/schemas/Makefile.am (schema_DATA): Add interface.rng.

	avoid a make distcheck failure: distribute tests/interfaceschemadata/
	* tests/Makefile.am (EXTRA_DIST): Add interfaceschemadata.

2009-07-22  Laine Stump  <laine@laine.org>

	Release conn lock before reporting interface errors
	* src/datatypes.c: fix a lock problem on error handling, as the
	  error report takes the lock, it must be released before, fixes
	  the problem but just for Interface objects

	Update modified mac address in place in virGetInterface
	* src/datatypes.c: handle the nasty case where an interface
	  mac address change, while it's already in use

	Fix multiple memory leaks in virsh
	* virsh.c: fix a number of leaks of virDomain, virStoragePool,
	  virNodeDevice, etc.

2009-07-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in storage cloning

2009-07-22  Mark McLoughlin  <markmc@redhat.com>

	Add support for network device detach
	qemu network devices are hot-unplugged in two stages - first the PCI NIC
	is removed using 'pci_del <pci_addr>' and then the backend is removed
	using 'host_net_remove <vlan> <name>'.

	In order to perform these operations we need to have retained the
	PCI address, backend name and vlan number.

	* src/qemu_driver.c: add qemudDomainDetachNetDevice()

	Retain PCI address from NIC attach
	When we pci_add a NIC, we need to retain the PCI address assigned by
	qemu for using during detach.

	* src/qemu_driver.c: use qemudParsePciAddReply() to pull the PCI
	  address from the pci_add reply

	* src/domain_conf.c: handle storing and parsing the PCI address in the
	  domain state XML file

	Re-factor pci_add reply parsing and parse domain/bus numbers
	The current code for parsing pci_add replies ignores the the domain and
	bus numbers. Re-write the code to rectify that.

	Also, since pci_add is used for NIC hotplug as well ask disk hotplug,
	re-factor the code into a separate function.

	* src/qemu_driver.c: add qemudParsePciAddReply() function which can
	  handle parsing domain and bus numbers

	Remove the network backend if NIC hotplug fails
	If we fail to pci_add a NIC, we should remove the network backend and
	leave things the way we found them. To do that, we pre-allocate a
	host_net_remove monitor command and issue that if the pci_add fails.
	If the remove fails, we just log a warning.

	We can only do this if we have a name for the network backend and
	we know the vlan number its associated with.

	* src/qemu_driver.c: host_net_remove the network backend if the
	  pci_add fails

	Basic qemu NIC hotplug support
	Implement basic NIC hotplug support using the 'host_net_add' and
	'pci_add' qemu monitor commands.

	For now, we don't support 'bridge' or 'network' types.

	Also, if pci_add fails, we currently fail to remove the backend
	which we added.

	Finally, NIC hot-unplug support is missing.

	* src/qemu_driver.c: add qemudDomainAttachNetDevice()

	* src/qemu_conf.[ch]: export qemuBuildNicStr(), qemuBuildHostNetStr()
	  and qemuAssignNames()

	* src/libvirt_private.syms: export virDomainNetTypeToString()

	Make qemuCmdFlags available in qemudDomainAttachDevice()
	qemudDomainChangeEjectableMedia() currently extracts the qemu command
	line flags, but other device attaching code might need it, so move
	the qemudExtractVersionInfo() call up a frame.

	* src/qemu_driver.c: move the qemudExtractVersionInfo() call from
	  qemudDomainChangeEjectableMedia() to qemudDomainAttachDevice()

	Store the interface vlan number in the domain state
	Currently, an interface's vlan number corresponds to its index in
	the table of network interfaces. That is no longer true when we
	allow devices to be removed.

	To fix this, we store the vlan number in the domain's state XML
	so that it survives libvirtd restarts.

	* src/domain_conf.h: add vlan number to virDomainNetDef

	* src/domain_conf.c: store it in XML as <state vlan='N'/>, defaulting
	  to -1 if this is state saved by a previous version of libvirt

	* src/qemu_conf.c: assign vlan numbers before starting qemu

	Add NIC and hostnet names to domain state XML
	The qemu driver needs to assign and keep track of identifiers for
	network devices so that it can remove them. We need to keep this state
	across libvirtd restarts, but it's not configuration that needs to
	be kept across guest restarts.

	* src/domain_conf.c: parse and format <state nic="foo" hostnet="bar"/>

	Assign names to qemu NICs and network backends
	We need these so that we can remove the devices via the monitor.

	* src/domain_conf.h: add nic_name and hostnet_name to virDomainNetDef

	* src/domain_conf.c: free nic_name and hostnet_name

	* src/qemu_conf.c: add qemuAssignNetNames(), use it if qemu has
	  support for the param and pass the names on the command line

	* tests/qemuxml2argv*: add a test for this

	Add checks for some NIC hotplug related features added in qemu-0.10.0
	Add QEMUD_CMD_FLAG_NET_NAME to indicate that '-net ...,name=foo' is
	supported and QEMUD_CMD_FLAG_HOST_NET_ADD to indicate that the
	'host_net_add' monitor command is available.

	Set both these flags if the qemu version is greater than 0.10.0.
	Checking via the '-help' output would not work for the monitor command
	and even for the command line arg, it would be quite fragile.

	* src/qemu_conf.h: add new flags as aliases of QEMUD_CMD_FLAG_0_10

	* src/qemu_conf.c: set QEMUD_CMD_FLAG_0_10 for versions >= 0.10.0

	* tests/qemuhelptest.c: set QEMUD_CMD_FLAG_0_10 for the appropriate
	  qemu versions

	Factor qemuBuildHostNetStr() out from qemuBuildCommandLine()
	Re-factor this code so that it can be used for NIC hotplug
	too. The awkward prefix and type_sep arguments are needed to
	allow us to do "host_net_add tap vlan=..."

	* src/qemu_conf.c: factor the net backend string formatting
	  code into its own function

	Factor qemuBuildNicStr() out from qemuBuildCommandLine()
	Re-factor this code so that it can be used for NIC hotplug
	too. The awkward arguments are needed to allow use to do
	"pci_add auto nic macaddr=..."

	* src/qemu_conf.c: factor the nic string formatting code into
	  its own function

	Retain disk PCI address across libvirtd restarts
	When we hot-plug a disk device into a qemu guest, we need to retain its
	PCI address so that it can be removed again later. Currently, we do
	retain the slot number, but not across libvirtd restarts.

	Add <state devaddr="xxxx:xx:xx"/> to the disk device XML config when the
	VIR_DOMAIN_XML_INTERNAL_STATUS flag is used. We still don't parse the
	domain and bus number, but the format allows us to do that in future.

	* src/domain_conf.h: replace slotnum with pci_addr struct, add helper
	  for testing whether the address is valid

	* src/domain_conf.c: handle formatting and parsing the address

	* src/qemu_driver.c: store the parsed slot number as a full PCI address,
	  and use this address with the pci_del monitor command

	* src/vbox/vbox_tmpl.c: we're debug printing slotnum here even though
	  it can never be set, just delete it

	Add internal XML parsing/formatting flag
	We need to store things like device names and PCI slot numbers in the
	qemu domain state file so that we don't lose that information on
	libvirtd restart. Add a flag to indicate that this information should
	be parsed or formatted.

	Make bit 16 and above of the flags bitmask for internal use only and
	consume the first bit for this new status flag.

	* include/libvirt/libvirt.h: add VIR_DOMAIN_XML_FLAGS_MASK

	* src/libvirt.c: reject private flags in virDomainGetXMLDesc()

	* src/domain_conf.h: add VIR_DOMAIN_XML_INTERNAL_STATUS

	* src/domain_conf.c: pass the flag from virDomainObjParseXML() and
	  virDomainSaveStatus

2009-07-22  Laine Stump  <laine@laine.org>

	Rename variable for compilation in Mingw32
	* src/virsh.c: rename interface into iface

2009-07-22  Thomas Treutner  <thomas@scripty.at>

	Fix documentation of virStoragePoolUndefine return
	* src/libvirt.c: the documented return was wrong

2009-07-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in check for glusterfs format pools
	* src/storage_backend_fs.c: Replace = with == for comparison

2009-07-21  Harshavardhana  <harsha@gluster.com>

	Set specific flags for glusterfs fs mounts
	* src/storage_backend_fs.c: due to Fuse O_DIRECT problem one need
	  to mount glusterfs with direct-IO mode, until fixed

2009-07-21  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	Fix reconnect bug for VBox
	* src/vbox/vbox_tmpl.c: reconnecting to vbox:///session was failing

2009-07-21  Daniel Veillard  <veillard@redhat.com>

	Activate the interface drivers, and cleanups
	* src/libvirt.c: activate the interface drivers
	* po/POTFILES.in: add the netcf driver as a source of localization strings
	* src/interface_driver.c: NETCF_ENOMEM -> VIR_ERR_NO_MEMORY mapping was
	  breaking syntax checking

2009-07-21  Laine Stump  <laine@laine.org>

	Netcf based interface driver implementation
	* src/interface_driver.c src/interface_driver.h: the new driver
	* src/Makefile.am qemud/Makefile.am qemud/qemud.c: hook the new driver
	  in the build system and get ti activated by the daemon
	* src/libvirt_private.syms: export needed symbols internally

	Add a test interface driver
	* test.c: includes an interface driver to the test framework

2009-07-21  Daniel Veillard  <veillard@redhat.com>

	Remove trailing blank lines

2009-07-21  Laine Stump  <laine@laine.org>

	Add interface object list manipulation functions
	* interface_conf.c interface_conf.h: utilities function usful for
	  interface driver like the test interface driver

	virGetinterface matching of MAC and interface name
	MAC address of a particular interface may change over time, and the
	reduced virInterface object (which contains just name and mac) needs
	to reflect these changes. Since we can't modify the mac address of an
	existing virInterface (some other thread may currently be using it) we
	just create a new virInterface, and let the old one die a dignified
	death when its refct goes to 0.
	* src/datatypes.c: fix the matching and lifetime of virInterface object
	  accordingly

	Add an error code for conflicting mac addresses
	* include/libvirt/virterror.h src/virterror.c: if a driver's
	  virInterfaceLookupByMACString() function finds more than one interface
	  with the desired MAC Address, this new error is raised.

2009-07-21  Jun Koi  <junkoi2004@gmail.com>

	Fix an uninitialized variable in Unix socket open
	* src/qemu_driver.c: qemudOpenMonitorUnix() had an uninitialized loop
	  counter

2009-07-21  Daniel Veillard  <veillard@redhat.com>

	rpm spec cleanup and split off client only package
	* libvirt.spec.in: make a client rpm with shared libs, client binaries
	  and resources needed by those, and a small number of fixes and
	  cleanups in the spec file.

2009-07-17  Jim Meyering  <meyering@redhat.com>

	build: do not emit a trailing blank line into VC'd file, NEWS
	* docs/Makefile.am ($(top_builddir)/NEWS): Adjust rule to filter
	out any trailing blank lines when generating this file.
	* NEWS: Regenerate, so that it contains entries for 0.6.5.

2009-07-17  Daniel Veillard  <veillard@redhat.com>

	Remove some unused variables and cut long lines
	* src/virsh.c: a bit of cleanup on previous commit

2009-07-17  Laine Stump  <laine@laine.org>

	Add virsh commands for network interface management
	* src/virsh.c: add a number of interface related commands:
	  iface-list, iface-name, iface-mac, iface-dumpxml, iface-define,
	  iface-undefine, iface-edit, iface-start and iface-destroy

2009-07-17  Cole Robinson  <crobinso@redhat.com>

	Fix gitweb link on download page.

	qemu: Try multiple times to open unix monitor socket
	Unlike the pty monitor (which we know exists since we scrape its path from
	stdout), we have no way of knowing that the unix monitor socket should exist/
	be initialized. As a result, some of my KVM guests randomly fail to start on
	F10 host.

	Try to open the unix socket in a 3 second timeout loop. Ignore EACCES (path
	does not exist if a first time run) and ECONNREFUSED (leftover socket from
	a previous run hasn't been removed yet). Fixes things for me.

	storage: Implement CreateVolFrom for logical and disk backend.
	With the previous refactoring, this is a simple process, since the global
	'CreateBlockFrom' in storage_backend does all the work.

	storage: Don't try sparse detection if writing to block device.
	We don't gain any space savings, so skip the detection to speed up
	the cloning operation.

	storage: Implement 'CreateBlockFrom' helper.
	Add a 'CreateBlockFrom' in the global storage_backend, which sets up the
	destination block device: CopyFromFD does the rest of the cloning.

	storage: Break out actual raw cloning to separate function.
	The CreateRaw function has some 'file' only assumptions, so break the agnostic
	cloning bits to a separate function.

	storage: cleanup: do away with 'createFile'
	Have storage building functions be definitions of
	virStorageBackendBuildVolFrom: we will need to do this in the future anyways
	if we ever support the flags attribute.

	storage: Move most of the FS creation functions to common backend.
	These will be used by other pool cloning implementations.

	storage: Refactor FS backend 'create' function choosing.
	Break out separate functions for

	- Determining the supported '*-img' tool,
	- The tool's associated create function,
	- Desired function for cloning (CreateXMLFrom).

	This will be eventually used to unify cloning across all backends.

	storage: Fix deadlock when cloning across pools.
	We need to unlock the first pool before looking up the second, since the
	search locks every pool it checks.

	storage: disk: Use capacity, not allocation, when creating volume.
	There isn't any way to dictate allocation when creating disk volumes, so
	capacity is the only relevant value.

	storage: disk: Default to 'ext2' for new volumes.
	Currently, if no format is specified for a new disk volume, we pass the
	invalid value "none" as the FS type to 'parted mkpart'.

	There doesn't seem to be a way to have parted not format the drive, so
	just default to using 'ext2' in this case: this shouldn't cause any harm,
	since we are creating a new partition in the first place.

	storage: disk: Fix segfault creating volume without target path
	Remove unneeded target path duplication, which could carelessly dereference
	NULL. Make it clear where 'key' is actually filled in.

	storage: disk: Fix parthelper '-g' option handling.
	Typo was breaking 'parthelper -g', preventing disk pool definition.

2009-07-17  Jim Meyering  <meyering@redhat.com>

	build: submodule machinery now works also when no tag is reachable
	The code in cfg.mk to detect when the git submodule was out of date
	worked most of the time, but not when checked out in a certain way.
	* cfg.mk: Extract submodule hash from command output and file,
	and compare only that, since the format of the full line may vary.
	Reported by Mike Burns, with some diagnosis by Daniel P Berrange.

2009-07-17  Daniel P. Berrange  <berrange@redhat.com>

	Run QEMU guests as an unprivileged user
	* configure.in: Add --with-qemu-user and --with-qemu-group args
	* libvirt.spec.in: use 'qemu' for user/group for Fedora >= 12
	* qemud/libvirtd_qemu.arg, qemud/test_libvirtd_qemu.aug,
	  src/qemu.conf: Add 'user' and 'group' args for configuration
	* src/Makefile.am: Create %localstatedir/cache/libvirt/qemu
	* src/qemu_conf.c, src/qemu_conf.h: Load user/group from config
	* src/qemu_driver.c: Change user ID/group ID when launching QEMU
	  guests. Change user/group ownership on disks/usb/pci devs.
	  Put memory dumps in %localstatedir/cache/libvirt/qemu
	* src/util.c, src/util.h: Add convenient APIs for converting
	  username/groupname to user ID / group ID

2009-07-16  Laine Stump  <laine@laine.org>

	Implement the new virinterface functions
	* src/driver.h: add new driver functions virDrvNumOfDefinedInterfaces
	  and virDrvListDefinedInterfaces
	* src/libvirt.c: implements the entry points, calling new driver
	  functions
	* qemud/remote.c qemud/remote_dispatch_args.h qemud/remote_protocol.[chx]
	  qemud/remote_dispatch_prototypes.h qemud/remote_dispatch_ret.h
	  qemud/remote_dispatch_table.h src/remote_internal.c: implement the
	  client/server side of the RPC

	Public API for new virInterface functions
	* include/libvirt/libvirt.h[.in]: adds signatures for the new exported
	  functions virConnectNumOfDefinedInterfaces and
	  virConnectListDefinedInterfaces
	* src/libvirt_public.syms: export the new symbols

2009-07-16  Daniel Veillard  <veillard@redhat.com>

	Fix configure flags in spec file
	* libvirt.spec.in: we were still using deprecated configure switches

2009-07-16  Daniel P. Berrange  <berrange@redhat.com>

	Rename a bunch of internal methods to clarify their meaning
	This renames a lot of the methods in the remote driver client
	to more accurately reflect their responsibility of IO handling
	vs message handling.

	Simplify remote driver error reporting
	Remove redundant error reporting functions which obscured the
	filename/line number reporting. Removed code which created a
	virDomain/virNetwork object, since those are silently dropped
	in error reporting functions now

	* src/remote_internal.c: Remove error() and errorf() in favour of
	 macros, and remove server_error in favour of direct call

	Refactor message sending to allow code reuse for data streams
	Splits up the 'call' method moving generic IO code out into
	separate method to allow it to be easily reused for sending
	data streams

	* src/remote_internal.c: Split 'call' into two methods, the first
	  with same name serializes a set of method arguments into a
	  message, the second 'remoteIO' takes a pre-serialized messages,
	  sends it and awaits a reply

	Refactor incoming message handling to prepare for data stream support
	* src/remote_internal.c: Rename processCallRecvMsg to
	  processCallDispatch, and move code specific to method replies
	  into processCallDispatchReply, and rename processCallAsyncEvent
	  to processCallDispatchMessage

	Rename 'direction' to 'type' in remote_message_header
	The 'remote_message_header' struct has a mis-leadingly named
	field 'direction'. It is really a reflection of the type of
	message, and some types can be sent in either direction. Thus
	the field is more accurately named 'type'. No function change.

	* qemud/remote_protocol.x: Rename 'direction' to 'type' in
	  'remote_message_header. Write better docs describing the
	  message header field semantics & usage
	* qemud/remote_protocol.c, qemud/remote_protocol.h: Regenerate
	* qemud/remote.c, qemud/dispatch.c, src/remote_internal.c
	  Update to reflect rename of 'direction' to 'type'

	Define an API for registering incoming message dispatch filters
	All incoming messages currently get routed to the generic method
	remoteDispatchClientRequest() for processing. To allow incoming
	data stream messages to bypass this and be routed to a specific
	location, a concept of dispatch filters is introduced.

	* qemud/qemud.h: Add a qemud_client_filter struct and a callback
	  qemud_client_filter_func. Maintain a list of filters on every
	  struct qemud_client
	* qemud/qemud.c: Move remoteDecodeClientMessageHeader() out of
	  qemudWorker() into qemudDispatchClientRead(). Check registered
	  message filters in qemudDispatchClientRead() to decide where
	  to send incoming messages for dispatch.

	Split out code for handling incoming method call messages
	The remoteDispatchClientRequest() method is currently hardwired to
	assume there is only one type of incoming message, a method call.
	To allow for alternate types of incoming messags, the code that is
	specific to method calls is being split into a separate method
	remoteDispatchClientCall

	* qemud/dispatch.c: Move method call specific code out into
	  remoteDispatchClientCall. Add a helper remoteSerializeError
	  for returning error messages to client

	Change the way client event loop watches are managed
	The current qemudRegisterClientEvent() code is used both for
	registering the initial socket watch, and updating the already
	registered watch. This causes unneccessary complexity in alot
	of code which only cares about updating existing watches. The
	updating of a watch cannot ever fail, nor is a reference to the
	'qemud_server' object required.

	This introduces a new qemudUpdateClientEvent() method for that
	case, allowing the elimination of unneccessary error checking
	and removal of the server back-reference in struct qemud_client.

	* qemud/qemud.h: Remove 'server' field from struct qemud_client.
	  Add qemudUpdateClientEvent() method. Remove 'update' param
	  from qemudRegisterClientEvent method
	* qemud/dispatch.c, qemud/qemud.c, qemud/remote.c: Update alot
	  of code to use qemudUpdateClientEvent() instead of
	  qemudRegisterClientEvent(). Move more logic from remoteRelayDomainEvent
	  into remoteDispatchDomainEventSend.

	Move queuing of RPC replies into dispatch code
	This removes an assumption from qemudWorker() code that every
	incoming message will generate a reply.

	* qemud/dispatch.c: remoteDispatchClientRequest now has responsibility
	  for queuing the reply message to the RPC call
	* qemud/qemud.c: Do not queue the RPC call reply in qemudWorker(),
	  allowing remoteDispatchClientRequest() to take care of it

	Change code generator to give async event messages their own postfix
	The naming convention for structs used in the RPC layer is for
	incoming requests to be called XXXX_args, and the associated
	outgoing reply to be called XXXX_ret.  Asynchronously emitted
	messages (eg events) are re-using the XXXX_ret naming scheme.
	This patch changes that such that async messages are XXXX_msg,
	and stops adding entries for them in the dispatch table, avoiding
	the need for a dummy no-op implementation.

	* qemud/remote.c: Remove dummy remoteDispatchDomainEvent, no
	  longer required. Update to replace remote_domain_event_ret
	  with xdr_remote_domain_event_msg
	* qemud/remote_protocol.x: Rename remote_domain_event_ret to
	  remote_domain_event_msg
	* qemud/remote_generate_stubs.pl: Adding handling for new
	  XXX_msg structs.
	* src/remote_internal.c: Rename remote_domain_event_ret to
	  remote_domain_event_msg
	* qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h,
	  qemud/remote_dispatch_table.h, qemud/remote_protocol.h,
	  qemud/remote_protocol.c: auto-regenerate

	Separate code for encoding outgoing remote message headers
	Introduces an API for encoding the header field for outgoing messages
	allowing some duplicated code to be eliminated

	* qemud/dispatch.c, qemud/dispatch.h: add remoteEncodeClientMessageHeader
	  for encoding message header. Update remoteDispatchClientRequest to
	  use this method.
	* qemud/remote.c: Update remoteDispatchDomainEventSend to use the
	  generic remoteEncodeClientMessageHeader() for encoding event
	  message hedaders. Push some logic from remoteRelayDomainEvent
	  down into remoteDispatchDomainEventSend.

	Decode incoming request header before invoking dispatch code
	Separate the decoding of incoming request header out from the
	dispatch code. This will allow later code to making dispatcher
	routing decisions based on the header field data.

	* qemud/dispatch.c, qemud/dispatch.h: Add remoteDecodeClientMessageHeader
	  API for decoding the header of a client message. Update the
	  remoteDispatchClientRequest method to assume a pre-decoded
	  header.
	* qemud/qemud.h: Include a 'remote_message_header' field in
	  'struct qemud_client_message' for pre-decoded header data
	* qemud/qemud.c: Decode the incoming client message header before
	  invoking remoteDispatchClientRequest

	Split generic RPC message dispatch code out from remote protocol API handlers
	* po/POTFILES.in: Add qemud/dispatch.c
	* qemud/dispatch.c, qemud/dispatch.h: Generic code handling dispatch of
	  RPC messages.
	* qemud/Makefile.am: Add dispatch.c to build
	* qemud/qemud.c: Include dispatch.h
	* qemud/qemud.h: Remove remoteDispatchClientRequest, remoteRelayDomainEvent
	  now in dispatch.h
	* qemud/remote.c: Remove remoteDispatchClientRequest, remoteRelayDomainEvent
	  now in dispatch.c, and dispatch_args, dispatch_ret, dispatch_fn & dispatch_data
	  now in remote.h
	* qemud/remote.h: Add typedefs for dispatch_args, dispatch_ret,
	  dispatch_fn, dispath_data. Add remoteGetDispatchData() API

2009-07-16  Paolo Bonzini  <pbonzini@redhat.com>

	Implement qemu dump capabilities
	* src/qemu_driver.c (qemudDomainCoreDump): New
	  (qemuDriver): Add core dump function. The behaviour is similar
	  as the current Xen dump

	add cd and pwd commands to virsh
	* src/virsh.c: adds cd and pwd commands to virsh useful for save and
	  restore commands
	* docs/virsh.pod virsh.1: update the documentation
	* AUTHORS: add Paolo Bonzini

2009-07-16  Jim Meyering  <meyering@redhat.com>

	make "make syntax-check" consistent with "git diff --check"
	This makes "make syntax-check" fail when a version-controlled
	file contains a trailing blank line.
	* cfg.mk (sc_prohibit_trailing_blank_lines): New rule.

	remove all trailing blank lines
	by running this command:
	git ls-files -z | xargs -0 perl -pi -0777 -e 's/\n\n+$/\n/'
	This is in preparation for a more strict make syntax-check
	rule that will detect trailing blank lines.

2009-07-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix free of unitialized data upon PCI open fail

	Fix SELinux denial during hotplug
	* src/qemu_driver.c: Relabel disk images *before* running QEMU
	hotplug monitor commands

	Fix PCI device hotplug/unplug with newer QEMU
	* src/qemu_driver.c: Try new monitor syntax for hotplug first. If
	  that fails fallback to old KVM specific syntax

	Fix problem with QEMU monitor welcome prompt confusing libvirt after a libvirtd daemon restart with active guests
	* src/qemu_driver: Read and dicard pending monitor data
	  before issuing new monitor commands.

	Ensure spawned children have a stderr/out set to /dev/null if requested

	Allow autostart of libvirtd to be disabled with LIBVIRT_AUTOSTART=0
	* src/remote_internal.c: Disable libvirtd autostart if the
	  LIBVIRT_AUTOSTART=0 env variable is set
	* src/libvirt.c: Document environment variables can impact
	  the virConnectOpen API

2009-07-16  Daniel Veillard  <veillard@redhat.com>

	netcf XML validation and input and output tests
	* tests/interfaceschematest: test all XML data against the interface
	  schemas
	* tests/interfacexml2xmltest.c: parse and reserialize all XML data
	  and check the output is identical
	* tests/Makefile.am: hook up the tests
	* tests/.gitignore: add ignore test

	Add netcf XML schemas and test data
	* docs/schemas/interface.rng: schemas for the interface XML files
	  directly imported from netcf-0.1.0
	* tests/interfaceschemadata/*.xml: set of test files from netcf-0.1.0
	  changed to use single quote instead of double quote

	add support for netcf XML import and export
	* src/interface_conf.c src/interface_conf.h: the import and export
	  routines and the internal APIs
	* src/Makefile.am: hook the new file in the makefiles
	* src/libvirt_private.syms: export a few private symbols internally
	* po/POTFILES.in: the new file contains translatable strings

2009-07-15  Daniel P. Berrange  <berrange@redhat.com>

	Ensure test:/// URIs get routed to the non-privileged libvirtd
	* src/remote_internal.c: Ensure that all test:/// URIs are dealt
	  with by the auto-started, per-user unprivileged libvirtd instances

	Fix error reporting for security driver over remote protocol
	* qemud/remote.c: Send back the actual libvirt connection error
	  rather than formatting a generic error for security driver
	  methods
	* src/libvirt.c: Fix virDomainGetSecurityLabel, and
	  virNodeGetSecurityModel to correctly set the error on
	  the virConnectPtr object, and raise a full error rather
	  than warning when not supported

2009-07-15  Garry Dolley  <gdolley@arpnetworks.com>

	Update the links for RHEL libvirt bugzillas

2009-07-13  Garry Dolley  <gdolley@ucla.edu>

	Update links to bugzilla
	* docs/bugs.html[.in]: general tickets are under the 'Virtualization
	  Tools' product category and Fedora specific tickets are under the
	  'Fedora' product category.

2009-07-11  Cole Robinson  <crobinso@redhat.com>

	Fix docs and code disagreements for character devices.
	The 'pipe' character type wasn't documented.
	TCP uses a <protocol> element, not <wire>
	We weren't doing strict validation for protocol and source mode values.

	qemu: Check driver is initialized up front, to avoid segfault.
	If the qemu_driver was not initialized (possibly due to an error on driver
	startup), we can segfault if attempting to connect to the URI.

2009-07-10  Jim Meyering  <meyering@redhat.com>

	build: automatically rerun ./bootstrap when needed
	When "git pull" (or any other operation) brings in a new version of the
	gnulib git submodule, you must rerun the autogen.sh script.  With this
	change, "make" now fails and tells you to run ./autogen.sh, when needed.
	* autogen.sh: Maintain a new file, .git-module-status, containing
	the current submodule status.  If it doesn't exist or its content
	is different from what "git submodule status" prints, then run
	./bootstrap
	* .gitignore: Add .git-module-status
	* cfg.mk: Diagnose out of date submodule and fail.
	* README-hacking: Update not to mention bootstrap.
	* Makefile.am (MAINTAINERCLEANFILES): Add .git-module-status,
	so that "make maintainerclean" will remove it.

	build: make autogen.sh use autoreconf -if
	* autogen.sh: Use "autoreconf -if" instead of open-coding it with
	manual and unconditional invocation of each separate tool.

2009-07-10  Mark McLoughlin  <markmc@redhat.com>

	Use virDomainChrTypeFromString() instead of open coding
	* src/domain_conf.c: replace open coded chr type parsing with
	  virDomainChrTypeFromString(), retaining the existing semantics
	  where unknown types are silently mapped to the "null" type and
	  "pty" is used if none is specified

	Switch to using a unix socket for the qemu monitor
	We keep support for the pty based monitor so that we can re-connect
	to VMs started by older versions of libvirtd.

	* src/domain_conf.c: handle formatting and parsing unix monitors

	* src/qemu_driver.c: add qemudOpenMonitorUnix(), remove the monitor
	  pty path searching from qemudFindCharDevicePTYs(), switch
	  qemudStartVMDaemon() and qemuDomainXMLToNative() to using a unix
	  monitor

	* tests/qemuxml2argvtest.c: switch to using a unix monitor

	* tests/qemuxml2argvdata/qemuxml2argv-*.args: update test data

	Add the monitor type to the domain state XML
	There are no functional changes in this patch apart from adding the
	monitor type to the state XML.

	The patch mostly consists of switching to use virDomainChrDef every
	where to describe the monitor.

	* src/domain_conf.h: replace monitorpath with monitor_chr

	* src/domain_conf.c: handle parsing the monitor type and initializing
	  monitor chr

	* src/qemu_conf.[ch]: make qemudBuildCommandLine take a
	  virDomainChrDefPtr and use that to build the -monitor parameter

	* src/qemu_driver.c: split pty specific and common code from
	  qemudOpenMonitor, have qemudStartVMDaemon() initialize monitor_chr

	* tests/qemuxml2argvtest.c: update for qemudBuildCommandLine() change

	Minor qemu monitor coding style fixes
	* src/qemu_driver.c: use a consistent coding style for function
	  definitions

	Don't leak vm->monitorpath on re-connect
	* src/qemu_driver.c: vm->monitorpath is already initialized in the case
	  of re-connect, so move the initialization for the normal startup case
	  out of the common code

2009-07-10  Jim Meyering  <meyering@redhat.com>

	build: update from gnulib, for latest maint.mk
	* gnulib: Update submodule to latest.
	This fixes the make syntax-check failure whereby sc_po_check
	would complain about cfg.mk.

	avoid a "make syntax-check" failure
	* .x-sc_avoid_if_before_free: Ignore *all* ChangeLog files,
	now, including ChangeLog-old.

2009-07-09  Daniel P. Berrange  <berrange@redhat.com>

	Fix wierd build problems due to autopoint overwriting gnulib m4
	* Makefile.am: List -I m4 first, in ACLOCAL_AMFLAGS
	* .gitignore: ignore gnulib/, ChangeLog, *rej, *orig, *#*# (emacs
	  temporary files)

2009-07-09  Jim Meyering  <meyering@redhat.com>

	doc: clone+build instructions
	* README-hacking: New file.
	* bootstrap: Remove obsolete comments.

	build: adjust aclocal's search patch to prefer gnulib's m4 files.
	* Makefile.am (ACLOCAL_AMFLAGS): Search gnulib/m4/ before m4/.

2009-07-08  Jim Meyering  <meyering@redhat.com>

	generate ChangeLog from git logs into distribution tarball
	No longer maintain a version-controlled ChangeLog file, but do
	continue to include a ChangeLog file in distribution tarball.
	* Makefile.am (gen-ChangeLog): New rule.
	(dist-hook): Depend on it.
	(EXTRA_DIST): Add ChangeLog-old.
	* bootstrap (modules): Add gitlog-to-changelog.
	* ChangeLog: Remove file.  Renamed to...
	* ChangeLog-old: ...this.  New file.
	* autogen.sh: Touch ChangeLog, to ensure it exists.  For automake.

	use gnumakefile and maintainer-makefile modules from gnulib
	* bootstrap (modules): Add gnumakefile and maintainer-makefile.
	* GNUmakefile: Remove file, now provided by gnulib.
	* Makefile.maint: Remove.  Replaced by maint.mk from gnulib.
	.gitignore: Add GNUmakefile and maint.mk.
	* cfg.mk (prev_version_file): Disable this feature.
	Setting this to /dev/null avoids an otherwise harmless diagnostic.

	remove all .cvsignore files

	make .gnulib a submodule
	This makes it so we record (via a git submodule)
	a snapshot of whatever version of gnulib we're using,
	and none of gnulib sources are in the libvirt repository.
	The result is that we have as much reproducibility as when
	we version-controlled imported copies of the gnulib sources,
	but without the hassle of the manual process we used when
	syncing with upstream.

	Note that when you clone libvirt, you get only the libvirt
	repository, but when you first run ./bootstrap, it clones
	gnulib (at the SHA1 recorded via the submodule), creating
	the .gnulib/ hierarchy.  Then, the bootstrap script runs
	gnulib-tool to populate gnulib/ with the files that make
	up the selected modules.

	Put the following in your ~/.gitconfig file.
	[alias]
	  syncsub = submodule foreach git pull origin master

	The update procedure is simple:
	  git syncsub
	  ...build & test...
	  git commit -m 'gnulib: sync submodule to latest' .gnulib

	* .gitmodules: New file.
	* .gnulib: Initialize.
	* bootstrap: Set up to use the new submodule.
	Stop using --no-vc-files.
	Don't remove .gitignore files.
	Don't use or create .cvsignore.
	Diagnose an invalid --gnulib-srcdir=DIR argument.
	* build-aux/vc-list-files: Delete file, now pulled from gnulib.
	* build-aux/useless-if-before-free: Likewise.
	* po/POTFILES.in: Remove gnulib/lib/gai_strerror.c, since
	it no longer contains translatable strings.
	* gnulib/*: Remove gnulib/ hierarchy.

	skip some of gnulib's new rules
	* cfg.mk (local-checks-to-skip): Add these: sc_error_message_uppercase,
	sc_program_name, sc_require_test_exit_idiom, sc_makefile_check.

	Prepare to use maint.mk from gnulib
	Since Makefile.maint will soon come from gnulib's maint.mk,
	sync Makefile.maint to have the same contents (modulo minor
	things).  In syncing it, we have to remove some libvirt-specific
	rules.  Since we want to keep them (of course), put those in cfg.mk.
	* Makefile.maint: Merge from gnulib's maint.mk.
	* cfg.mk (sc_avoid_write): New rule.  From Makefile.cfg.
	(sc_prohibit_strcmp_and_strncmp): Likewise, and rename.
	(sc_prohibit_asprintf, sc_prohibit_VIR_ERR_NO_MEMORY): Likewise.
	(sc_prohibit_nonreentrant): Likewise.
	(sc_prohibit_ctype_h): Likewise.
	(sc_TAB_in_indentation, sc_avoid_ctype_macros): Likewise.
	(sc_prohibit_virBufferAdd_with_string_literal): Likewise.
	(sc_prohibit_gethostby): Likewise.
	(sc_libvirt_unmarked_diagnostics): Likewise.  Also, rename the
	rule, inserting "_libvirt", since this rule is a specialization of
	the one in gnulib.
	* GNUmakefile: Include cfg.mk, not Makefile.cfg
	* .x-sc_prohibit_strcmp_and_strncmp: New file.
	* Makefile.am (EXTRA_DIST): Add .x-sc_prohibit_strcmp_and_strncmp

	* Makefile.cfg: Rename to...
	* cfg.mk: ...this.  New file.

2009-07-08  Jim Meyering  <jim@meyering.net>

	use automake-1.11's silent-rules option, when possible
	Don't use mylibtool, (subsumed by automake's silent rules)
	Its use was causing a non-srcdir build to fail.
	* Makefile.am (EXTRA_DIST): Remove mylibtool.
	* configure.in: Don't use mylibtool.

	* configure.in: Use AM_SILENT_RULES([yes]),
	but only if that m4 macro is defined.
	Thus, it works even on systems that lack automake-1.11.
	Daniel Berrange suggested adding the conditional, so that
	we don't have a hard requirement on 1.11, e.g., for RHEL5.

2009-07-08  Jim Meyering  <meyering@redhat.com>

	fix another failing "make distcheck" (qemuhelptest)
	It failed in a non-srcdir build because those 5 sample output
	files were not included in the distribution tarball.  Include them.
	* tests/Makefile.am (qemuhelpdata, EXTRA_DIST): Include these:
	kvm-74, kvm-86, qemu-0.10.5, qemu-0.9.1, qemu-kvm-0.10.5.

	fix failing "make distcheck"
	* docs/Makefile.am (xml): Distribute testpool.xml and testvol.xml,
	which are referenced from testnode.xml.

2009-07-08  Daniel P. Berrange  <berrange@redhat.com>

	Make it easier to debug tests running programs
		* tests/testutils.c: Don't discard stderr when running
		external programs during tests

	Support <video> element for QEMU guests
		* src/qemu_conf.c, src/qemu_conf.h: Use -vga or -std-vga
		when starting guests if video card is present
		* tests/qemuhelptest.c: Change to use constants instead
		of hardcoded hex numbers, and add VGA support
		* tests/qemuxml2argvdata/qemuxml2argv-graphics-sdl-fullscreen.xml,
		tests/qemuxml2argvdata/qemuxml2argv-graphics-sdl.args,
		tests/qemuxml2argvdata/qemuxml2argv-graphics-sdl.xml,
		tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args,
		tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.xml,
		tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.xml,
		tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc.xml,
		tests/qemuxml2argvdata/qemuxml2argv-input-xen.xml: Add <video>
		element for testing graphics adapter
		* tests/qemuxml2argvtest.c: Add QEMUD_CMD_FLAG_VGA flag
		* tests/qemuxml2xmltest.c: Add missing graphics-vnc-sasl/tls tests

	Support <video> tag for defining VGA card properties
	 * docs/schemas/domain.rng: Define <video> element schema
	 * src/domain_conf.c, src/domain_conf.h, src/libvirt_private.syms:
	   Add parsing and formatting for <video> element

2009-07-08  Daniel Veillard  <veillard@redhat.com>

	Report the object name on lookup error
	* src/network_driver.c src/node_device.c src/storage_driver.c:
	  many places in the code reported 'No xxx with matching name" after
	  a Lookup error without reporting the name used by the failed lookup

2009-07-08  Harshavardhana  <harsha@gluster.com>

	Add new net filesystem glusterfs
	* src/storage_conf.c src/storage_conf.h: adds glusterfs to the list
	  of network storage
	* libvirt.spec.in: adds the dependency on glusterfs-client

2009-07-07  Paolo Bonzini  <pbonzini@redhat.com>

	Avoid raising an internal error
	* src/qemu_conf.c: when connecting an interface if it reference
	  an undefined network, then we used to raise an internal error.

2009-07-07  Daniel Veillard  <veillard@redhat.com>

	Fix informations about previous git server
	* docs/downloads.html[.in]: update the secton about
	the server on git.et.redhat.com based on the plans
	Jim posted.

2009-07-06  Dan Kenigsberg  <danken@redhat.com>

	Fix python examples to use read-write conn
	* docs/examples/python/domstart.py python/tests/create.py:
	The two example were broken as they needed full-access connection
	but only opened read-only connections

2009-07-06  Daniel Veillard  <veillard@redhat.com>

	update download informations after switch to git * docs/downloads.html docs/downloads.html.in: update download   informations after switch to git daniel
