In commit 3c80fac2 'vmxnet3' handling
was added to esxVMX_ParseEthernet(), but not to the inverse function
esxVMX_FormatEthernet().

* docs/drivers.html.in: list the ESX driver
* docs/drvesx.html.in: the new ESX driver documentation
* docs/hvsupport.html.in: add the ESX driver to the matrix
* docs/index.html.in, docs/sitemap.html.in: list the ESX driver
* src/esx/esx_driver.c: fix and cleanup some comments

Debian's /etc/xml/catalog doesn't contain system identifiers, so use
public identifiers instead.

* docs/Makefile.am: use public instead of system identifier
* docs/site.xsl: use matching public identifier

* src/xen/xen_hypervisor.c: xen-unstable changeset 19788 removed
  MAX_VIRT_CPUS from public headers, breaking compilation of libvirt
  on -unstable.  Its semanitc was retained with XEN_LEGACY_MAX_VCPUS.
  Ensure MAX_VIRT_CPUS is defined accordingly.

If 'with_udev=check' then missing pciaccess should not be a fatal
error. It should merely disable the udev driver.

* configure.in: Fix pciaccess check to be non-fatal

Device kit support was removed, but the configure.ac checks were
left in place. A number of the XXX_REQUIRED=X.Y.Z variables were
not declared in the correct location (ie top of the file)

* configure.in: Remove device kit checks & move mis-placed variables
  to correct location

The QEMU monitor open method would not take a reference on
the virDomainObjPtr until it had successfully opened the
monitor. The cleanup code upon failure to open though would
call qemuMonitorClose() which would in turn decrement the
reference count. This caused the virDoaminObjPtr to be mistakenly
freed and then the whole driver crashes

* src/qemu/qemu_monitor.c: Fix reference counting in
  qemuMonitorOpen

The HAL driver returns a fatal error code in the case where HAL
is not running. This causes the entire libvirtd daemon to quit
which isn't desirable. Instead it should simply disable the HAL
driver

* src/node_device/node_device_hal.c: Quietly disable HAL if it is
  not running

* daemon/libvirtd.c: Fix incorrect goto label causing cleanup to
  be missed when state driver init fails

* src/qemu/qemu_conf.c: Remove and inline qemudBuildCommandLineChrDevTargetStr

* src/security/security_apparmor.c: a few code cleanups following a
  review on the list

Fixes https://launchpad.net/bugs/453335

* src/security/virt-aa-helper.c: suppress confusing and misleading
  apparmor denied message when kvm/qemu tries to open a libvirt specified
  readonly file (such as a cdrom) with write permissions. libvirt uses
  the readonly attribute for the security driver only, and has no way
  of telling kvm/qemu that the device should be opened readonly

Fixes https://launchpad.net/bugs/460271

* src/security/virt-aa-helper.c: require absolute path for dynamic added
  files. This is required by AppArmor and conveniently prevents adding
  tcp consoles to the profile

* examples/apparmor/libvirt-qemu: adds pulseaudio, alsa and preliminary
  save/restore to the example apparmor abstraction
* examples/apparmor/usr.sbin.libvirtd: allows libvirtd access to inet
  dgram, inet6 dgram, inet6 stream and /usr/lib/libvirt/*

The 'virsh console' command did not check if the domain was
already running before attempting to fetch the XML and extract
the console PTY path. This caused a slightly unhelpful / misleading
error message for the user. The explicit check ensures the user
gets an explicit 'domain is not running' message.

* tools/virsh.c: Validate that state != VIR_DOMAIN_SHUTOFF in
  virsh console command

The wrong variable was being passed in with the LXC event callback
resulting in a later deadlock or crash

* src/lxc/lxc_driver.c: Pass 'vm' instead of 'driver' to event
  callback

In the scenario where the cgroups were mounted but the
particular group did not exist, and the caller had not
requested auto-creation, the code would fail to return
an error condition. This caused the lxc_controller to
think the cgroup existed, and it then later failed when
attempting to use it

* src/util/cgroup.c: Raise an error if the cgroup path does not
  exist

There is a race condition in HAL driver startup where the callback
can get triggered before we have finished startup. This then causes
a deadlock in the driver.

* src/node_device/node_device_hal.c: RElease driver lock before
  registering DBus callbacks

If the virDomainDefPtr object has an 'id' of -1, then forcably
set the VIR_DOMAIN_XML_INACTIVE flag to ensure generated XML
does not include any cruft from the previously running guest
such as console PTY path, or VNC port.

* src/conf/domain_conf.c: Set VIR_DOMAIN_XML_INACTIVE if
  def->id is -1. Replace checks for def->id == -1 with
  check against flags & VIR_DOMAIN_XML_INACTIVE.

The capng_lock() call sets the SECURE_NO_SETUID_FIXUP and SECURE_NOROOT
bits on the process. This prevents the kernel granting capabilities to
processes with an effective UID of 0, or with setuid programs. This is
not actually what we want in the container init process. It should be
allowed to run setuid processes & keep capabilities when root. All that
is required is masking a handful of dangerous capabilities from the
bounding set.

* src/lxc/lxc_container.c: Remove bogus capng_lock() call.

The libvirtd initscript could get confused between the system and
session instances of the daemon. To avoid this it is neccessary
to check the pidfile explicitly.

* daemon/libvirtd.init.in: Always check the pidfile of the system
  daemon to avoid confusion with the session daemons

* src/security/virt-aa-helper.c: get_definition() now calls the new
  caps_mockup() function which will parse the XML for os.type,
  os.type.arch and then sets the wordsize.  These attributes are needed
  only to get a valid virCapsPtr for virDomainDefParseString(). The -H
  and -b options are now removed from virt-aa-helper (they weren't used
  yet anyway).
* tests/virt-aa-helper-test: extend and fixes tests, chmod'ed 755

uses libpciaccess to provide human readable names for PCI vendor and
device IDs
* configure.in: add a requirement for libpciaccess >= 0.10.0
* src/Makefile.am: add the associated compilation flags and link
* src/node_device/node_device_udev.c: lookup the libpciaccess for
  vendor name and product name based on their ids

* configure.in src/Makefile.am: remove the configuration check and
  build instructions
* src/node_device/node_device_devkit.c: removed the module
* src/node_device/node_device_driver.c src/node_device/node_device_driver.h:
  removed references to the old backend

* src/conf/node_device_conf.h src/conf/node_device_conf.c: add specific
  support for SCSI target in node device capabilities
* src/node_device/node_device_udev.c: add some extra detection code
  when handling udev output

* configure.in: add new --with-udev, disabled by default, and requiring
  libudev > 145
* src/node_device/node_device_udev.c src/node_device/node_device_udev.h:
  the new node device backend
* src/node_device/node_device_linux_sysfs.c: moved node_device_hal_linux.c
  to a better file name
* src/conf/node_device_conf.c src/conf/node_device_conf.h: add a couple
  of fields in node device definitions, and an API to look them up,
  remove a couple of unused fields from previous patch.
* src/node_device/node_device_driver.c src/node_device/node_device_driver.h:
  plug the new driver
* po/POTFILES.in src/Makefile.am src/libvirt_private.syms: add the new
  files and symbols
* src/util/util.h src/util/util.c: add a new convenience macro
  virBuildPath and virBuildPathInternal() function

* src/conf/node_device_conf.h src/conf/node_device_conf.c: add the new
  fields in the structure as well as parsing and serialization

There is currently no way to determine the libvirt version of a remote
libvirtd we are connected to. This is a useful piece of data to enable
feature detection.

* src/xen/xen_driver.c: Add support for VIR_MIGRATE_PERSIST_DEST flag
* src/xen/xend_internal.c: Add support for VIR_MIGRATE_UNDEFINE_SOURCE flag
* include/libvirt/virterror.h, src/util/virterror.c: Add new errorcode
  VIR_ERR_MIGRATE_PERSIST_FAILED

* src/conf/domain_conf.h src/conf/domain_conf.c: add the new entry in
  the enum and lists of virDomainDiskBus
* src/qemu/qemu_conf.c: same for virDomainDiskQEMUBus

* src/lxc/lxc_driver.c: add lxcDomainInterfaceStats implementing
  virDomainInterfaceStats()

The xenstore database sometimes has stale domain IDs which are not
present in the hypervisor anymore. Filter these out to avoid causing
confusion

* src/xen/xs_internal.c: Filter domain IDs against HV's list
* src/xen/xen_hypervisor.h, src/xen/xen_hypervisor.c: Add new
  xenHypervisorHasDomain() method for checking ID validity

The xenUnifiedNumOfDomains and xenUnifiedListDomains methods work
together as a pair, so it is critical they both apply the same
logic. With the current mis-matched logic it is possible to sometimes
get into a state when you miss certain active guests.

* src/xen/xen_driver.c: Change xenUnifiedNumOfDomains ordering to
  match xenUnifiedListDomains.

Sometimes getaddrinfo returns IPv4 addresses before IPv6 addresses.
IPv6 sockets default to attempting to bind to IPv4 addresses too.
So if the IPv4 address is activated first, then binding to IPv6
will unneccessarily fail.

* daemon/libvirtd.c: Bind to IPv6 and IPv4 addresses separately

The numactl package is not applicable for s390[x] arches, so do
not enable it as a build dep.

* libvirt.spec.in: Exclude numactl on s390[x]

* src/qemu/qemu_monitor.c: add error check for qemuMonitorOpenXXX
  returned file descriptor

When running qemu:///system instance, libvirtd runs as root,
but QEMU may optionally be configured to run non-root. When
then saving a guest to a state file, the file is initially
created as root, and thus QEMU cannot write to it. It is also
missing labelling required to allow access via SELinux.

* src/qemu/qemu_driver.c: Set ownership on save image before
  running migrate command in virDomainSave impl. Call out to
  security driver to set save image labelling
* src/security/security_driver.h: Add driver APIs for setting
  and restoring saved state file labelling
* src/security/security_selinux.c: Implement saved state file
  labelling for SELinux

* src/qemu/qemu.conf:  disables the mac_filter config switch by default
  to match existing convention, also document the option

* src/qemu/qemu_conf.c: don't initialize ebtables if
  disabled