This patch is a partial resolution to the following bug:

   https://bugzilla.redhat.com/show_bug.cgi?id=667756

(to complete the fix, an updated selinux-policy package is required,
to add the policy that allows libvirt to set the context of a fifo,
which was previously not allowed).

Explanation : When an incoming migration is over a pipe (for example,
if the image was compressed and is being fed through gzip, or was on a
root-squash nfs server, so needed to be opened by a child process
running as a different uid), qemu cannot read it unless the selinux
context label for the pipe has been set properly.

The solution is to check the fd used as the source of the migration
just before passing it to qemu; if it's a fifo (implying that it's a
pipe), we call the newly added virSecurityManagerSetFDLabel() function
to set the context properly.

A need was found to set the SELinux context label on an open fd (a
pipe, as a matter of fact). This patch adds a function to the security
driver API that will set the label on an open fd to secdef.label. For
all drivers other than the SELinux driver, it's a NOP. For the SElinux
driver, it calls fsetfilecon().

If the return is a failure, it only returns error up to the caller if
1) the desired label is different from the existing label, 2) the
destination fd is of a type that supports setting the selinux context,
and 3) selinux is in enforcing mode. Otherwise it will return
success. This follows the pattern of the existing function
SELinuxSetFilecon().

So people looking to download the language bindings, but don't know
they're under the "Docs" area.

bugfix for https://bugzilla.redhat.com/show_bug.cgi?id=671050

virsh simply refutes to detach-interface in case when multiple
interfaces are attached and --mac is not specified.

Signed-off-by: NWen Congyang <wency@cn.fujitsu.com>

The problem was introduced by commit 4303c91c, which removed the checking
of domain state, this patch is to fix it.

Otherwise, improper error will be thrown, e.g.

error: Failed to save domain rhel6 state
error: cannot resolve symlink /var/lib/libvirt/qemu/save/rhel6.save: No such
file or directory

Running 'make check' can sometimes fail in the gnulib/tests
subdirectory, when doing an incremental build, because
./bootstrap generates a Makefile.am that tries to refer to
../../.. instead of ../.., and gets lost.

This may be an upstream gnulib bug, where a more elegant
solution will present itself in the future:
http://thread.gmane.org/gmane.comp.lib.gnulib.bugs/24898

But in the meantime, I was able to reproduce both the issue,
and this solution to work around it.

* bootstrap.conf (bootstrap_epilogue): Ensure that no stray
../../.. components remain in gnulib/tests/Makefile.in.
Reported by Serge Hallyn.

In QEMU, the card itself is a PCI device, but it requires a codec
(either -device hda-output or -device hda-duplex) to actually output
sound. Specifying <sound model='ich6'/> gives us -device intel-hda
-device hda-duplex I think it's important that a simple <sound model='ich6'/>
sets up a useful codec, to have consistent behavior with all other sound cards.

This is basically Dan's proposal of

    <sound model='ich6'>
        <codec type='output' slot='0'/>
        <codec type='duplex' slot='3'/>
    </sound>

without the codec bits implemented.

The important thing is to keep a consistent API here, we don't want some
<sound> devs require tweaking codecs but not others. Steps I see to
accomplishing this:

    - every <sound> device has a <codec type='default'/> (unless codecs are
        manually specified)
    - <codec type='none'/> is required to specify 'no codecs'
    - new audio settings like mic=on|off could then be exposed in
        <sound> or <codec> in a consistent manner for all sound models

v2:
    Use model='ich6'

v3:
    Use feature detection, from eblake
    Set codec id, bus, and cad values

v4:
    intel-hda isn't supported if -device isn't available

v5:
    Comment spelling fixes

This bug has been present since before the time that commit
f8a519 (Dec 2008) tried to make the dispatch loop re-entrant.

Dereferencing eventLoop.handles outside the lock risks crashing, since
any other thread could have reallocated the array in the meantime.
It's a narrow race window, however, and one that would have most
likely resulted in passing bogus data to the callback rather than
actually causing a segv, which is probably why it has gone undetected
this long.

* daemon/event.c (virEventDispatchHandles): Cache data while
inside the lock, as the array might be reallocated once outside.

* .gnulib: Update to latest, for maintainer-makefile fix.
Reported by Matthias Bolte.

- Add augeas tests
- Clarify vnc_auto_unix_socket precedence in qemu.conf

If vnc_auto_unix_socket is enabled, any VNC devices without a hardcoded
listen or socket value will be setup to serve over a unix socket in
/var/lib/libvirt/qemu/$vmname.vnc.

We store the generated socket path in the transient VM definition at
CLI build time.

QEMU supports serving VNC over a unix domain socket rather than traditional
TCP host/port. This is specified with:

<graphics type='vnc' socket='/foo/bar/baz'/>

This provides better security access control than VNC listening on
127.0.0.1, but will cause issues with tools that rely on the lax security
(virt-manager in fedora runs as regular user by default, and wouldn't be
able to access a socket owned by 'qemu' or 'root').

Also not currently supported by any clients, though I have patches for
virt-manager, and virt-viewer should be simple to update.

v2:
    schema: Make listen vs. socket a <choice>

This will allow us to record transient runtime state in vm->def, like
default VNC parameters. Accomplish this by adding an extra 'live' parameter
to SetDefTransient, with similar semantics to the 'live' flag for
AssignDef.

https://bugzilla.redhat.com/show_bug.cgi?id=562743

Also, fixes gnulib bug in dealing with strerror_r from glibc 2.13.

* .gnulib: Update to latest, for improved bootstrap.
* bootstrap: Resync from gnulib.
* autogen.sh (bootstrap): Add --bootstrap-sync, to make it easier
to keep bootstrap up-to-date.  Pass optional --no-git through.
Reported by Aleksey Avdeev.

When restoring a saved qemu instance via JSON monitor, the vm is
left in a paused state.  Turns out the 'cont' cmd was failing with
"MigrationExpected" error class and "An incoming migration is
expected before this command can be executed" error description
due to migration (restore) not yet complete.

Detect if 'cont' cmd fails with "MigrationExpecte" error class and
retry 'cont' cmd.

V2: Fix potential double-free noted by Laine Stump

Report VIR_ERR_CONFIG_UNSUPPORTED instead of VIR_ERR_INTERNAL_ERROR,
as it's valid in our domain schema, just unsupported by hypervisor
here.

* src/qemu/qemu_command.c

The code which set VNC passwords correctly had fallback for
the set_password command, but was lacking it for the
expire_password command. This made it impossible to start
a guest. It also failed to check whether QEMU was still
running after the initial 'set_password' command completed

* src/qemu/qemu_hotplug.c: Fix error handling when
  password expiry fails
* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_text.c: Fix
  return code for missing expire_password command

Avoid overwriting the real error message with a generic
OOM failure message, when machine type probe fails

* src/qemu/qemu_driver.c: Don't overwrite error

If the XML security model is NULL, it is assumed that the current
model will be used with dynamic labelling. The verify step is
meaningless and potentially crashes if dereferencing NULL

* src/security/security_manager.c: Skip NULL model on verify

The function virUnrefConnect() may call virReleaseConnect() to release
the dest connection, and the function virReleaseConnect() will call
conn->driver->close().

So the function virUnrefConnect() should be surrounded by
qemuDomainObjEnterRemoteWithDriver() and
qemuDomainObjExitRemoteWithDriver() to prevent possible deadlock between
two communicating libvirt daemons.

See commit f0c8e1cb for further details.
Signed-off-by: NWen Congyang <wency@cn.fujitsu.com>

* docs/formatdomain.html.in: Talk about <controller> and <address>
throughout.

Added new entries for Hudson, LCFG, Tivoli Provisioning Manager,
virt-what, and Zenoss.  Adjusted the existing entries for BuildBot
and vmware2libvirt.

In some circumstances, libvirtd would issue two STOPPED events after it
stopped a domain. This was because an EOF event can arrive after a qemu
process is killed but before qemuMonitorClose() is called.

qemuHandleMonitorEOF() should ignore EOF when the domain is not running.

I wasn't able to reproduce this bug directly, only after adding an
artificial sleep() into qemudShutdownVMDaemon().

A large number of return values used 'return (0)' instead
of simply 'return 0'. Remove all these redundant brackets
so the style is consistent throughout the file

* src/libvirt.c: Remove redundant brackets

The driver table only has 10 slots, but there are potentially
11 drivers that need activating. Improve the error message
when driver registration fails

* src/libvirt.c: Increase driver table size & improve errors

The virLibConnError() function (and related ones) do not correctly
report line number info. Turn them all into macros so line numbers
are reported correctly. Drop the connection object in all of them
since it is no longer used.

Also from the virLibConnWarning() equivalents completely. Now
that the Xen driver is running 100% inside libvirtd, those
codepaths for secondary drivers cannot be reached.

* src/libvirt.c: Replace error functions with macros

* docs/formatdomain.html.in: Talk about <sysinfo> throughout.

* .gnulib: Update to latest, for sigpipe and sigaction modules.
* bootstrap.conf (gnulib_modules): Add siaction, sigpipe, strerror_r.
* tools/virsh.c (vshSetupSignals) [!SIGPIPE]: Delete, now that
gnulib guarantees it.
(SA_SIGINFO): Define for mingw fallback.
* src/util/virterror.c (virStrerror): Simplify, now that gnulib
guarantees the POSIX interface.
* configure.ac (AC_CHECK_FUNCS_ONCE): Drop redundant check.
(AM_PROG_CC_STDC): Move earlier, to keep autoconf happy.

VIR_ERR_OPERATION_INVALID means that the operation is not valid
for the current state of the involved object.

VIR_ERR_INVALID_* is meant for invalid pointers only.

The public object is called NWFilter but the corresponding private
object is called NWFilterPool. I don't see compelling reasons for this
Pool suffix. One might argue that an NWFilter is a "pool" of rules, etc.

Remove the Pool suffix from NWFilterPool. No functional change included.

Otherwise apibuild.py complains about it.