The github.com/rgbkrk/libvirt-go bindings were the most complete
bindings historically, but their API coverage stops at 1.2.4,
with exception of a couple of newer APIs.

The new bindings at http://libvirt.org/git/?p=libvirt-go.git;a=log
how have (almost[1]) 100% API coverage all the way to 2.5.0. They also
expose the APIs in a way that allows for much stronger go type
checking by the compiler, and expose typed parameters as explicit
structs. Finally the bindings are able to conditionally compile against
any libvirt version 1.2.0 -> 2.5.0 without use of go build tags.

Change the docs to point to these new bindings, since they'll be
a better bet for users long term.

[1] virEvent & virStream callbacks are still TODO to be fixed
    real soon.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Similarly to localOnly DNS domain, localPtr attribute can be used to
tell the DNS server not to forward reverse lookups for unknown IPs which
belong to the virtual network.
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>

The API creates PTR domain which corresponds to a given addr/prefix.
Both IPv4 and IPv6 addresses are supported, but the prefix must be
divisible by 8 for IPv4 and divisible by 4 for IPv6.

The generated PTR domain has the following format

IPv4: 1.2.3.4.in-addr.arpa
IPv6: 0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f.0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f.ip6.arpa
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>

Iterating over all child nodes when we only support one instance of each
child is pretty weird. And it would even cause memory leaks if more
than one <tftp> element was specified.
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>

Similarly to 29bb0669 forbid paths used with blockjobs to be relative.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1300177

Other systems (despite having sys/mount.h) do not support bind
mounts.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Some of the functions are not called on non-linux platforms
which makes them useless there.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

There's no -lacl on FreeBSD.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

The PERF_COUNT_HW_REF_CPU_CYCLES constant is not available
on all Linux distros libvirt targets, so its use must be
made conditional. Other constant have existed long enough
that we can assume they exist, as we don't support very
old distros like RHEL-5 any more.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Documents in formatdomain.html that when migrating a guest
defined with the host-passthrough CPU model from a machine that
is running on a newer CPU model than the destination machine's
CPU model, it is very likely that the guest will crash upon
arrival.
Signed-off-by: NJason J. Herne <jjherne@linux.vnet.ibm.com>

This patch adds support and documentation for
the ref_cpu_cycles perf event.
Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com>

This patch adds support and documentation for
the stalled_cycles_backend perf event.
Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com>

This patch adds support and documentation
for the stalled_cycles_frontend perf event.
Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com>

This patch adds support and documentation
for the bus_cycles perf event.
Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com>

Signed-off-by: NErik Skultety <eskultet@redhat.com>

Provide a simple C example demonstrating the use of both query APIs as
well as setter APIs.
Signed-off-by: NErik Skultety <eskultet@redhat.com>

Finally, now that all APIs have been introduced, wire them up to virt-admin
and introduce daemon-log-outputs and daemon-log-filters commands.
Signed-off-by: NErik Skultety <eskultet@redhat.com>

Enable libvirt users to modify logging filters of a daemon from outside.
Signed-off-by: NErik Skultety <eskultet@redhat.com>

Enable libvirt users to modify daemon's logging output settings from outside.
If either an empty string or NULL is passed, a default logging output will be
used the same way as it would be in case writing an empty string to the
libvirtd.conf
Signed-off-by: NErik Skultety <eskultet@redhat.com>

Enable libvirt users to query logging filter settings.
Signed-off-by: NErik Skultety <eskultet@redhat.com>

Enable libvirt users to query logging output settings.
Signed-off-by: NErik Skultety <eskultet@redhat.com>

Now that virLog{Get,Set}DefaultOutput routines are introduced we can wire them
up to the daemon's logging initialization code. Also, change the order of
operations a bit so that we still strictly honor our precedence of settings:
cmdline > env > config now that outputs and filters are not appended anymore.
Signed-off-by: NErik Skultety <eskultet@redhat.com>

Along with an empty string, it should also be possible for users to pass
NULL to the public APIs which in turn would trigger a routine(future
work) responsible for defining an appropriate default logging output
given the current circumstances.
Signed-off-by: NErik Skultety <eskultet@redhat.com>

These helpers will manage the log destination defaults (fetch/set). The reason
for this is to stay consistent with the current daemon's behaviour with respect
to /etc/libvirt/<daemon>.conf file, since both assignment of an empty string
or not setting the log output variable at all trigger the daemon's decision on
the default log destination which depends on whether the daemon runs daemonized
or not.
This patch also changes the logic of the selection of the default
logging output compared to how it is done now. The main difference though is
that we should only really care if we're running daemonized or not, disregarding
the fact of (not) having a TTY completely (introduced by commit eba36a38) as
that should be of the libvirtd's parent concern (what FD it will pass to it).

 Before:
 if (godaemon || !hasTTY):
     if (journald):
         use journald

 if (godaemon):
     if (privileged):
         use SYSCONFIG/libvirtd.log
     else:
         use XDG_CONFIG_HOME/libvirtd.log
 else:
     use stderr

 After:
 if (godaemon):
     if (journald):
         use journald

     else:
         if (privileged):
             use SYSCONFIG/libvirtd.log
         else:
             use XDG_CONFIG_HOME/libvirtd.log
 else:
     use stderr
Signed-off-by: NErik Skultety <eskultet@redhat.com>

External disk-only snapshots with recent enough qemu don't require
libvirt to pause the VM. The logic determining when to resume cpus was
slightly flawed and attempted to resume them even if they were not
paused by the snapshot code. This normally was not a problem, but with
locking enabled the code would attempt to acquire the lock twice.

The fallout of this bug would be a error from the API, but the actual
snapshot being created. The bug was introduced with when adding support
for external snapshots with memory (checkpoints) in commit f569b87f.

Resolves problems described by:
https://bugzilla.redhat.com/show_bug.cgi?id=1403691

After qemu delivers the resume event it's already running and thus it's
too late to enter lockspaces since it may already have modified the
disk. The code only creates false log entries in the case when locking
is enabled. The lockspace needs to be acquired prior to starting cpus.

https://bugzilla.redhat.com/show_bug.cgi?id=1404952Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Given how intrusive previous patches are, it might happen that
there's a bug or imperfection. Lets give users a way out: if they
set 'namespaces' to an empty array in qemu.conf the feature is
suppressed.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

When attaching a device to a domain that's using separate mount
namespace we must maintain /dev entries in order for qemu process
to see them.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

When attaching a device to a domain that's using separate mount
namespace we must maintain /dev entries in order for qemu process
to see them.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

When attaching a device to a domain that's using separate mount
namespace we must maintain /dev entries in order for qemu process
to see them.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

When attaching a device to a domain that's using separate mount
namespace we must maintain /dev entries in order for qemu process
to see them.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Instead of trying to fix our security drivers, we can use a
simple trick to relabel paths in both namespace and the host.
I mean, if we enter the namespace some paths are still shared
with the host so any change done to them is visible from the host
too.
Therefore, we can just enter the namespace and call
SetAllLabel()/RestoreAllLabel() from there. Yes, it has slight
overhead because we have to fork in order to enter the namespace.
But on the other hand, no complexity is added to our code.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

When starting a domain and separate mount namespace is used, we
have to create all the /dev entries that are configured for the
domain.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

When starting a domain and separate mount namespace is used, we
have to create all the /dev entries that are configured for the
domain.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

When starting a domain and separate mount namespace is used, we
have to create all the /dev entries that are configured for the
domain.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

When starting a domain and separate mount namespace is used, we
have to create all the /dev entries that are configured for the
domain.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

When starting a domain and separate mount namespace is used, we
have to create all the /dev entries that are configured for the
domain.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

When starting a domain and separate mount namespace is used, we
have to create all the /dev entries that are configured for the
domain.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Prime time. When it comes to spawning qemu process and
relabelling all the devices it's going to touch, there's inherent
race with other applications in the system (e.g. udev). Instead
of trying convincing udev to not touch libvirt managed devices,
we can create a separate mount namespace for the qemu, and mount
our own /dev there. Of course this puts more work onto us as we
have to maintain /dev files on each domain start and device
hot(un-)plug. On the other hand, this enhances security also.

From technical POV, on domain startup process the parent
(libvirtd) creates:

  /var/lib/libvirt/qemu/$domain.dev
  /var/lib/libvirt/qemu/$domain.devpts

The child (which is going to be qemu eventually) calls unshare()
to create new mount namespace. From now on anything that child
does is invisible to the parent. Child then mounts tmpfs on
$domain.dev (so that it still sees original /dev from the host)
and creates some devices (as explained in one of the previous
patches). The devices have to be created exactly as they are in
the host (including perms, seclabels, ACLs, ...). After that it
moves $domain.dev mount to /dev.

What's the $domain.devpts mount there for then you ask? QEMU can
create PTYs for some chardevs. And historically we exposed the
host ends in our domain XML allowing users to connect to them.
Therefore we must preserve devpts mount to be shared with the
host's one.

To make this patch as small as possible, creating of devices
configured for domain in question is implemented in next patches.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>