* src/security/virt-aa-helper.c: Add missing include.

In this patch I am extending and fixing the nwfilter module's reload support to stop all ongoing threads (for learning IP addresses of interfaces) and rebuild the filtering rules of all interfaces of all VMs when libvirt is started. Now libvirtd rebuilds the filters upon the SIGHUP signal and libvirtd restart.

About the patch: The nwfilter functions require a virConnectPtr. Therefore I am opening a connection in qemudStartup, which later on needs to be closed outside where the driver lock is held since otherwise it ends up in a deadlock due to virConnectClose() trying to lock the driver as well.

I have tested this now for a while with several machines running and needing the IP address learner thread(s). The rebuilding of the firewall rules seems to work fine following libvirtd restart or a SIGHUP. Also the termination of libvirtd worked fine.

* .gnulib: Update to latest.
Reported by Matthias Bolte.

floppy0.present defaults to true. Therefore, it needs to be
explicitly set to false when the XML config doesn't specify the
corresponding floppy device.

Also update tests accordingly.

I changed virStorage[Open|Close] to virVIOSDriver[Open|Close] so
the network driver can use it - since the network driver deals
with Open/Close in the same way.

This patch does two things:

 * It makes umlConnectTapDevice ask brAddTap for a persistent tap by
   passing it a NULL tapfd argument.
 * Stops umlConnectTapDevice from immediately dismantling the bridge
   it just set up.
Signed-off-by: NSoren Hansen <soren@linux2go.dk>

When passing a NULL tapfd argument to brAddTap, we need to close the fd
of the tap device. If we don't, libvirt will keep the fd open
indefinitely and renders the the guest unable to configure its side of
the tap device.
Signed-off-by: NSoren Hansen <soren@linux2go.dk>

If umlBuildCommandLineChr fails (e.g. due to an unsupported chardev
type), it returns NULL. umlBuildCommandLine does not check for this and
sets this as an argument on the comand line, effectively ending the
argument list. This patch checks for this case and sets the chardev to
"none".
Signed-off-by: NSoren Hansen <soren@linux2go.dk>

When sniffing the network traffic, discard class D and E IP addresses when sniffing traffic. This was a reason why filters were not correctly rebuilt on VMs on the local 192.* network when libvirt was restarted and those VMs did not use a DHCP request to get its IP address.

While testing the SIGHUP handling and reloading of the nwfilter driver, I found that when the filters are rebuilt and mutlipe threads handled the individual interfaces, concurrently running multiple external bash scripts causes strange failures even though the executed ebtables commands are working on different tables for different interfaces. I cannot say for sure where the concurrency problems are caused, but introducing this lock definitely helps.

Since the qemu process is running as qemu:qemu, it can't actually
look at the unix socket in /var/run/libvirt/qemu which is owned by
root and has permission 700.  Move the unix socket to
/var/lib/libvirt/qemu, which is already owned by qemu:qemu.

Thanks to Justin Clift for test this out for me.
Signed-off-by: NChris Lalancette <clalance@redhat.com>

The problem is that on the source of the migration, libvirtd
is responsible for creating the unix socket over which the data
will flow.  Since libvirtd is running as root, this file will
be created as root.  When the qemu process running as qemu:qemu
goes to access the unix file to write data to it, it will get
permission denied and fail.  Make sure to change the owner
of the unix file to qemu:qemu.

Thanks to Justin Clift for testing this patch out for me.
Signed-off-by: NChris Lalancette <clalance@redhat.com>

This patch fixes a couple of complaints from valgrind when tickling libvirtd with SIGHUP.

The first two files contain fixes for memory leaks. The 3rd one initializes an uninitialized variable. The 4th one is another memory leak.

 Basically a followup of the previous patch about balloon desactivation
if desactivated, to not ask for balloon information to qemu as we will
just get an error back.
 This can make a huge difference in the time needed for domain
information or list when a machine is loaded, and balloon has been
desactivated in the guests.

* src/qemu/qemu_driver.c: do not get the balloon info if the balloon
  suppor is disabled

--dhcp-no-override description from dnsmasq man page:

      Disable  re-use  of  the  DHCP servername and filename fields as
      extra option space. If it can, dnsmasq moves the boot server and
      filename  information  (from  dhcp-boot)  out of their dedicated
      fields into DHCP options. This make extra space available in the
      DHCP  packet  for options but can, rarely, confuse old or broken
      clients. This flag forces "simple and safe" behaviour  to  avoid
      problems in such a case.

It seems some virtual network card ROMs are this old/buggy so let's add
--dhcp-no-override as a workaround for them. We don't use extra DHCP
options so this should be safe. The option was added in dnsmasq-2.41,
which becomes the minimum required version.

For parsing try to match by datastore mount path first, if that
fails fallback to /vmfs/volumes/<datastore>/<path> parsing. This
also fixes problems with GSX on Windows. Because GSX on Windows
doesn't use /vmfs/volumes/ style file names.

For formatting use the datastore mount path too, instead of using
/vmfs/volumes/<datastore>/<path> as fixed format.

We add --dhcp-lease-max=xxx argument when network->def->nranges > 0 but
we only allocate space for in the opposite case :-) I guess we are lucky
enough to miscount somewhere else so that we actually allocate more
space than we need since no-one has hit this bug so far.

Introduce esxVMX_Context containing functions pointers to
glue both parts together in a generic way.

Move the ESX specific part to esx_driver.c.

This is a step towards making the VMX code reusable in a
potential VMware Workstation and VMware Player driver.

  The balloon device is automatically added to qemu guests if supported,
but it may be useful to desactivate it. The simplest to not change the
existing behaviour is to allow
  <memballoon type="none"/>
as an extra option to desactivate it (it is automatically added if the
memballoon construct is missing for the domain).
The following simple patch just adds the extra option and does not
change the default behaviour but avoid creating a balloon device if
type="none" is used.

* docs/schemas/domain.rng: add the extra type attribute value
* src/conf/domain_conf.c src/conf/domain_conf.h: add the extra enum
  value
* src/qemu/qemu_conf.c: if enum is NONE, don't activate the device,
  i.e. don't pass the args to qemu/kvm

Added a more detailed error message when adding a tap devices fails and
the kernel is missing tun support.
Signed-off-by: NDoug Goldstein <cardoe@gentoo.org>

Fix the error checking to use the return value from brAddTap() instead
of checking the current errno value which might have been changed by
clean up calls inside of brAddTap().
Signed-off-by: NDoug Goldstein <cardoe@gentoo.org>

https://bugzilla.redhat.com/622515 - When hot-unplugging CPUs,
libvirt failed to start a guest that had been pinned to CPUs that
were still online.

Tested on a dual-core laptop, where I also discovered that, per
http://www.cyberciti.biz/files/linux-kernel/Documentation/cpu-hotplug.txt,
/sys/devices/system/cpu/cpu0/online does not exist on systems where it
cannot be hot-unplugged.

* src/nodeinfo.c (linuxNodeInfoCPUPopulate): Ignore CPUs that are
currently offline.  Detect readdir failure.
(parse_socket): Move guts...
(get_cpu_value): ...to new function, shared with...
(cpu_online): New function.

device_del command is not synchronous for PCI devices, it merely asks
the guest to release the device and returns. If the host wants to use
that device before the guest actually releases it, we are in big
trouble. To avoid this, we already added a loop which waits up to 10
seconds until the device is actually released before we do anything else
with that device. But we only added this loop for managed PCI devices
before we try reattach them back to the host.

However, we need to wait even for non-managed devices. We don't reattach
them automatically, but we still want to prevent the host from using it.
This was revealed thanks to sVirt: when we relabel sysfs files
corresponding to the PCI device before the guest finished releasing the
device, qemu is no longer allowed to access those files and if it wants
(as a result of guest's request) to write anything to them, it just
exits, which kills the guest.

This is not a proper fix and needs some further work both on libvirt and
qemu side in the future.

* AUTHORS (Soren Hansen): Update address.
* .mailmap: Alias other addresses to new preference.

This avoids building the tests when testing libvirt is not the aim.

virDiskNameToIndex has a list of disk name prefixes that it uses in the
process of finding the disk's index. This list is missing "ubd" which
is the disk prefix used for UML domains.
Signed-off-by: NSoren Hansen <soren@linux2go.dk>

That way it can be used to verify a numeric address without storing
the details
* src/util/network.c: change virSocketParseAddr to allow a null @addr
  parameter

According to <xen-3.4.3/tools/python/xen/xm/create.py:158>
	gopts.var('bootargs', val='NAME',
			  fn=set_value, default=None,
			  use="Arguments to pass to boot loader")
the "bootloader_args" parameter needs to be translated into "bootargs"
when using "virsh domxml-to-native xen-xm".
The reverse direction (domxml-from-native) is already okay.

This patch fixes domxml-to-native and adds two test files to catch this
problem.
Signed-off-by: NPhilipp Hahn <hahn@univention.de>

src/phyp/phyp_driver.c:phypListDomainsGeneric was crashing due to a buffer
overflow if any line returned from virRun wasn't <=10 characters.

Since virStrToLong_i recognizes any non-numeric as a terminator (not
just NULL), there actually is no need to copy the number into a
separate string anyway, so this patch eliminates that copy, the fixed
length buffer, and therefore the potential to overflow.

This change also provided the oppurtunity to eliminate the character
counting loop, instead using the return from virStrToLong_i to point
past the end of the number, then simply skip the \n to get to the
next.

Since the rule to build libvirtd.8 is within the WITH_LIBVIRTD conditional,
so declare the man page in there as well. Without this change, build
without daemon will fail.

Fix the error checking to use the return value from brAddTap() instead
of checking the current errno value which might have been changed by
clean up calls inside of brAddTap().
Signed-off-by: NDoug Goldstein <cardoe@gentoo.org>

Added a more detailed error message when adding a tap devices fails and
the kernel is missing tun support.
Signed-off-by: NDoug Goldstein <cardoe@gentoo.org>

There has been a frequent complaint of:

make[2]: Entering directory `/home/remote/eblake/libvirt/po'
make[2]: *** No rule to make target `/config.status', needed by `Makefile'.  Stop.

It happens after nuking and regenerating the po directory,
which is a common action after running anything like
'make dist' or 'make rpm' that dirties all the .po files.

Teach autogen.sh that it must regenerate po/Makevars to avoid
the missing variable declaration, and teach cfg.mk to recognize
that a nuked po directory is cause to rerun autogen.sh.

* cfg.mk (_update_required): Check for po/Makevars.
* autogen.sh (bootstrap): Run bootstrap if it got lost.
Diagnosed by Justin Clift.

the followup on the boot=on problem, basically it's not needed to
specify it when booting out of IDE devices when using KVM
* src/qemu/qemu_conf.c: do not use boot=on for IDE devices
* tests/qemuxml2argvdata/qemuxml2argv*.args: this changes the output
  for 5 of the tests

* configure.ac docs/news.html.in libvirt.spec.in: updates
* po/*.po*: update and regenerated