Since PIDs can be reused, polkit prefers to be given
a (PID,start time) pair. If given a PID on its own,
it will attempt to lookup the start time in /proc/pid/stat,
though this is subject to races.

It is safer if the client app resolves the PID start
time itself, because as long as the app has the client
socket open, the client PID won't be reused.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 979e9c56)

Conflicts:
	src/util/virprocess.c
	src/util/virstring.c
	src/util/virstring.h

No need to check the run_dir variable twice for NULL.

Add checks for existence of GNUTLS and automatically disable
it if not found.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The virtlockd daemon maintains file locks on behalf of libvirtd
and any VMs it is running. These file locks must be held for as
long as any VM is running. If virtlockd itself ever quits, then
it is expected that a node would be fenced/rebooted. Thus to
allow for software upgrads on live systemd, virtlockd needs the
ability to re-exec() itself.

Upon receipt of SIGUSR1, virtlockd will save its current live
state out to a file /var/run/virtlockd-restart-exec.json
It then re-exec()'s itself with exactly the same argv as it
originally had, and loads the state file, reconstructing any
objects as appropriate.

The state file contains information about all locks held and
all network services and clients currently active. An example
state document is

 {
    "server": {
        "min_workers": 1,
        "max_workers": 20,
        "priority_workers": 0,
        "max_clients": 20,
        "keepaliveInterval": 4294967295,
        "keepaliveCount": 0,
        "keepaliveRequired": false,
        "services": [
            {
                "auth": 0,
                "readonly": false,
                "nrequests_client_max": 1,
                "socks": [
                    {
                        "fd": 6,
                        "errfd": -1,
                        "pid": 0,
                        "isClient": false
                    }
                ]
            }
        ],
        "clients": [
            {
                "auth": 0,
                "readonly": false,
                "nrequests_max": 1,
                "sock": {
                    "fd": 9,
                    "errfd": -1,
                    "pid": 0,
                    "isClient": true
                },
                "privateData": {
                    "restricted": true,
                    "ownerPid": 1722,
                    "ownerId": 6,
                    "ownerName": "f18x86_64",
                    "ownerUUID": "97586ba9-df27-9459-c806-f016c8bbd224"
                }
            },
            {
                "auth": 0,
                "readonly": false,
                "nrequests_max": 1,
                "sock": {
                    "fd": 10,
                    "errfd": -1,
                    "pid": 0,
                    "isClient": true
                },
                "privateData": {
                    "restricted": true,
                    "ownerPid": 1784,
                    "ownerId": 7,
                    "ownerName": "f16x86_64",
                    "ownerUUID": "7b8e5e42-b875-61e9-b981-91ad8fa46979"
                }
            }
        ]
    },
    "defaultLockspace": {
        "resources": [
            {
                "name": "/var/lib/libvirt/images/f16x86_64.raw",
                "path": "/var/lib/libvirt/images/f16x86_64.raw",
                "fd": 14,
                "lockHeld": true,
                "flags": 0,
                "owners": [
                    1784
                ]
            },
            {
                "name": "/var/lib/libvirt/images/shared.img",
                "path": "/var/lib/libvirt/images/shared.img",
                "fd": 12,
                "lockHeld": true,
                "flags": 1,
                "owners": [
                    1722,
                    1784
                ]
            },
            {
                "name": "/var/lib/libvirt/images/f18x86_64.img",
                "path": "/var/lib/libvirt/images/f18x86_64.img",
                "fd": 11,
                "lockHeld": true,
                "flags": 0,
                "owners": [
                    1722
                ]
            }
        ]
    },
    "lockspaces": [

    ],
    "magic": "30199"
 }
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

This enhancement virtlockd so that it can receive a pre-opened
UNIX domain socket from systemd at launch time, and adds the
systemd service/socket unit files

* daemon/libvirtd.service.in: Require virtlockd to be running
* libvirt.spec.in: Add virtlockd systemd files
* src/Makefile.am: Install systemd files
* src/locking/lock_daemon.c: Support socket activation
* src/locking/virtlockd.service.in, src/locking/virtlockd.socket.in:
  systemd unit files
* src/rpc/virnetserverservice.c, src/rpc/virnetserverservice.h:
  Add virNetServerServiceNewFD() method
* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add virNetSocketNewListenFD
  method
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Introduce a lock_daemon_dispatch.c file which implements the
server side dispatcher the RPC APIs previously defined in the
lock protocol.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The virtlockd daemon will maintain locks on behalf of libvirtd.
There are two reasons for it to be separate

 - Avoid risk of other libvirtd threads accidentally
   releasing fcntl() locks by opening + closing a file
   that is locked
 - Ensure locks can be preserved across libvirtd restarts.
   virtlockd will need to be able to re-exec itself while
   maintaining locks. This is simpler to achieve if its
   sole job is maintaining locks
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>