* src/security/security_apparmor.c: a few code cleanups following a
  review on the list

Fixes https://launchpad.net/bugs/453335

* src/security/virt-aa-helper.c: suppress confusing and misleading
  apparmor denied message when kvm/qemu tries to open a libvirt specified
  readonly file (such as a cdrom) with write permissions. libvirt uses
  the readonly attribute for the security driver only, and has no way
  of telling kvm/qemu that the device should be opened readonly

Fixes https://launchpad.net/bugs/460271

* src/security/virt-aa-helper.c: require absolute path for dynamic added
  files. This is required by AppArmor and conveniently prevents adding
  tcp consoles to the profile

* src/security/virt-aa-helper.c: get_definition() now calls the new
  caps_mockup() function which will parse the XML for os.type,
  os.type.arch and then sets the wordsize.  These attributes are needed
  only to get a valid virCapsPtr for virDomainDefParseString(). The -H
  and -b options are now removed from virt-aa-helper (they weren't used
  yet anyway).
* tests/virt-aa-helper-test: extend and fixes tests, chmod'ed 755

When running qemu:///system instance, libvirtd runs as root,
but QEMU may optionally be configured to run non-root. When
then saving a guest to a state file, the file is initially
created as root, and thus QEMU cannot write to it. It is also
missing labelling required to allow access via SELinux.

* src/qemu/qemu_driver.c: Set ownership on save image before
  running migrate command in virDomainSave impl. Call out to
  security driver to set save image labelling
* src/security/security_driver.h: Add driver APIs for setting
  and restoring saved state file labelling
* src/security/security_selinux.c: Implement saved state file
  labelling for SELinux

- Don't duplicate SystemError
- Use proper error code in domain_conf
- Fix a broken error call in qemu_conf
- Don't use VIR_ERR_ERROR in security driver (isn't a valid code in this case)

Nearly all of the methods in src/util/util.h have error codes that
must be checked by the caller to correct detect & report failure.
Add ATTRIBUTE_RETURN_CHECK to ensure compile time validation of
this

* daemon/libvirtd.c: Add explicit check on return value of virAsprintf
* src/conf/domain_conf.c: Add missing check on virParseMacAddr return
  value status & report error
* src/network/bridge_driver.c: Add missing OOM check on virAsprintf
  and report error
* src/qemu/qemu_conf.c: Add missing check on virParseMacAddr return
  value status & report error
* src/security/security_selinux.c: Remove call to virRandomInitialize
  that's done in libvirt.c already
* src/storage/storage_backend_logical.c: Add check & log on virRun
  return status
* src/util/util.c: Add missing checks on virAsprintf/Run status
* src/util/util.h: Annotate all methods with ATTRIBUTE_RETURN_CHECK
  if they return an error status code
* src/vbox/vbox_tmpl.c: Add missing check on virParseMacAddr
* src/xen/xm_internal.c: Add missing checks on virAsprintf
* tests/qemuargv2xmltest.c: Remove bogus call to virRandomInitialize()

* configure.in: look for AppArmor and devel
* src/security/security_apparmor.[ch] src/security/security_driver.c
  src/Makefile.am: add and plug the new driver
* src/security/virt-aa-helper.c: new binary which is used exclusively by
  the AppArmor security driver to manipulate AppArmor.
* po/POTFILES.in: registers the new files
* tests/Makefile.am tests/secaatest.c tests/virt-aa-helper-test:
  tests for virt-aa-helper and the security driver, secaatest.c is
  identical to seclabeltest.c except it initializes the 'apparmor'
  driver instead of 'selinux'

When James Morris originally submitted his sVirt patches (as seen in
libvirt 0.6.1), he did not require on disk labelling for
virSecurityDomainRestoreImageLabel. A later commit[2] changed this
behavior to assume on disk labelling, which halts implementations for
path-based MAC systems such as AppArmor and TOMOYO where
vm->def->seclabel is required to obtain the label.

* src/security/security_driver.h src/qemu/qemu_driver.c
  src/security/security_selinux.c: adds the 'virDomainObjPtr vm'
  argument back to *RestoreImageLabel

A simple misplaced break out of a switch results in:

  libvir: error : Failed to open file '/sys/bus/pci/devices/0000:00:54c./vendor': No such file or directory
  libvir: error : Failed to open file '/sys/bus/pci/devices/0000:00:54c./device': No such file or directory
  libvir: error : this function is not supported by the hypervisor: Failed to read product/vendor ID for 0000:00:54c.

when trying to passthrough a USB host device to qemu.

* src/security_selinux.c: fix a switch/break thinko

Signed-off-by: NChris Lalancette <clalance@redhat.com>

Use virStorageFileGetMetadata() to find any backing stores for images
and re-label them

Without this, qemu cannot access qcow2 backing files, see:

  https://bugzilla.redhat.com/497131

* src/security/security_selinux.c: re-label backing store files in
  SELinuxSetSecurityImageLabel()

* src/Makefile.am, src/qemu/qemu_conf.h, src/qemu/qemu_driver.c,
  tests/seclabeltest.c: Adapt for changed paths
* src/security.c: Rename to src/security/security_driver.c
* src/security.h: Rename to src/security/security_driver.h
* src/security_selinux.c, src/security_selinux.h: Move to src/security/