* src/qemu/qemu_monitor.c: add error check for qemuMonitorOpenXXX
  returned file descriptor

When running qemu:///system instance, libvirtd runs as root,
but QEMU may optionally be configured to run non-root. When
then saving a guest to a state file, the file is initially
created as root, and thus QEMU cannot write to it. It is also
missing labelling required to allow access via SELinux.

* src/qemu/qemu_driver.c: Set ownership on save image before
  running migrate command in virDomainSave impl. Call out to
  security driver to set save image labelling
* src/security/security_driver.h: Add driver APIs for setting
  and restoring saved state file labelling
* src/security/security_selinux.c: Implement saved state file
  labelling for SELinux

* src/qemu/qemu.conf:  disables the mac_filter config switch by default
  to match existing convention, also document the option

* src/qemu/qemu_conf.c: don't initialize ebtables if
  disabled

* src/qemu/qemu_monitor.c src/qemu/qemu_monitor_text.c: cast size_t to
  int when passing to '%d'

This implements the virConnectIsSecure, virConnectIsEncrypted,
virDomainIsPersistent, virDomainIsActive, virNetworkIsActive,
virNetworkIsPersistent, virStoragePoolIsActive,
virStoragePoolIsPersistent, virInterfaceIsActive APIs in
(nearly) all drivers. Exceptions are:

 phyp: missing domainIsActive/Persistent
 esx: missing domainIsPersistent
 opennebula: missing domainIsActive/Persistent

* src/remote/remote_protocol.x: Define remote wire ABI for newly
  added APIs.
* daemon/remote_dispatch*.h: Re-generated from remote_protocol.x
* src/esx/esx_driver.c, src/lxc/lxc_driver.c, src/network/bridge_driver.c,
  src/opennebula/one_driver.c, src/openvz/openvz_conf.c,
  src/openvz/openvz_driver.c, src/phyp/phyp_driver.c,
  src/remote/remote_driver.c, src/storage/storage_driver.c,
  src/test/test_driver.c, src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
  src/xen/xen_driver.c, src/xen/xen_driver.h, src/xen/xen_inotify.c,
  src/xen/xen_inotify.h: Implement all the new APIs where possible

Introduce a number of new APIs to  expose some boolean properties
of objects, which cannot otherwise reliably determined, nor are
aspects of the XML configuration.

 * virDomainIsActive: Checking virDomainGetID is not reliable
   since it is not possible to distinguish between error condition
   and inactive domain for ID of -1.
 * virDomainIsPersistent: Check whether a persistent config exists
   for the domain

 * virNetworkIsActive: Check whether the network is active
 * virNetworkIsPersistent: Check whether a persistent config exists
   for the network

 * virStoragePoolIsActive: Check whether the storage pool is active
 * virStoragePoolIsPersistent: Check whether a persistent config exists
   for the storage pool

 * virInterfaceIsActive: Check whether the host interface is active

 * virConnectIsSecure: whether the communication channel to the
   hypervisor is secure
 * virConnectIsEncrypted: whether any network based commnunication
   channels are encrypted

NB, a channel can be secure, even if not encrypted, eg if it does
not involve the network, like a UNIX socket, or pipe.

 * include/libvirt/libvirt.h.in: Define public API
 * src/driver.h: Define internal driver API
 * src/libvirt.c: Implement public API entry point
 * src/libvirt_public.syms: Export API symbols
 * src/esx/esx_driver.c, src/lxc/lxc_driver.c,
   src/interface/netcf_driver.c, src/network/bridge_driver.c,
   src/opennebula/one_driver.c, src/openvz/openvz_driver.c,
   src/phyp/phyp_driver.c, src/qemu/qemu_driver.c,
   src/remote/remote_driver.c, src/test/test_driver.c,
   src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
   src/xen/xen_driver.c: Stub out driver tables

* src/libvirt.c src/lxc/lxc_conf.c src/lxc/lxc_container.c
  src/lxc/lxc_controller.c src/node_device/node_device_hal.c
  src/openvz/openvz_conf.c src/qemu/qemu_driver.c
  src/qemu/qemu_monitor_text.c src/remote/remote_driver.c
  src/storage/storage_backend_disk.c src/storage/storage_driver.c
  src/util/logging.c src/xen/sexpr.c src/xen/xend_internal.c
  src/xen/xm_internal.c: Steve Grubb <sgrubb@redhat.com> sent a code
  review and those are the fixes correcting the problems

Some monitor commands may take a very long time to complete. It is
not desirable to block other incoming API calls forever. With this
change, if an existing API call is holding the job lock, additional
API calls will not wait forever. They will time out after a short
period of time, allowing application to retry later.

* include/libvirt/virterror.h, src/util/virterror.c: Add new
  VIR_ERR_OPERATION_TIMEOUT error code
* src/qemu/qemu_driver.c: Change to a timed condition variable
  wait for acquiring the monitor job lock

QEMU monitor commands may sleep for a prolonged period of time.
If the virDomainObjPtr or qemu driver lock is held this will
needlessly block execution of many other API calls. it also
prevents asynchronous monitor events from being dispatched
while a monitor command is executing, because deadlock will
ensure.

To resolve this, it is neccessary to release all locks while
executing a monitor command. This change introduces a flag
indicating that a monitor job is active, and a condition
variable to synchronize access to this flag. This ensures that
only a single thread can be making a state change or executing
a monitor command at a time, while still allowing other API
calls to be completed without blocking

* src/qemu/qemu_driver.c: Release driver and domain lock when
  running monitor commands. Re-add locking to disk passphrase
  callback
* src/qemu/THREADS.txt: Document threading rules

Change the QEMU monitor file handle watch to poll for both
read & write events, as well as EOF. All I/O to/from the
QEMU monitor FD is now done in the event callback thread.

When the QEMU driver needs to send a command, it puts the
data to be sent into a qemuMonitorMessagePtr object instance,
queues it for dispatch, and then goes to sleep on a condition
variable. The event thread sends all the data, and then waits
for the reply to arrive, putting the response / error data
back into the qemuMonitorMessagePtr and notifying the condition
variable.

There is a temporary hack in the disk passphrase callback to
avoid acquiring the domain lock.  This avoids a deadlock in
the command processing, since the domain lock is still held
when running monitor commands. The next commit will remove
the locking when running commands & thus allow re-introduction
of locking the disk passphrase callback

* src/qemu/qemu_driver.c: Temporarily don't acquire lock in
  disk passphrase callback. To be reverted in next commit
* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Remove
  raw I/O functions, and a generic qemuMonitorSend() for
  invoking a command
* src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
  Remove all low level I/O, and use the new qemuMonitorSend()
  API. Provide a qemuMonitorTextIOProcess() method for detecting
  command/reply/prompt boundaries in the monitor data stream

In preparation of the monitor I/O process becoming fully asynchronous,
it is neccessary to ensure all access to internals of the qemuMonitorPtr
object is protected by a mutex lock.

* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add mutex for locking
  monitor.
* src/qemu/qemu_driver.c: Add locking around all monitor commands

Change the QEMU driver to not directly invoke the text mode monitor
APIs. Instead add a generic wrapper layer, which will eventually
invoke either the text or JSON protocol code as needed. Pass an
qemuMonitorPtr object into the monitor APIs instead of virDomainObjPtr
to complete the de-coupling of the monitor impl from virDomainObj
data structures

* src/qemu/qemu_conf.h: Remove qemuDomainObjPrivate definition
* src/qemu/qemu_driver.c: Add qemuDomainObjPrivate definition.
  Pass qemuMonitorPtr into all monitor APIs instead of the
  virDomainObjPtr instance.
* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add thin
  wrappers for all qemuMonitorXXX command APIs, calling into
  qemu_monitor_text.c/h
* src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
  Rename qemuMonitor -> qemuMonitorText & update to accept
  qemuMonitorPtr instead of virDomainObjPtr

Decouple the monitor code from the virDomainDefPtr structure
by moving the disk encryption lookup code back into the
qemu_driver.c file. Instead provide a function callback to
the monitor code which can be invoked to retrieve encryption
data as required.

* src/qemu/qemu_driver.c: Add findDomainDiskEncryption,
  and findVolumeQcowPassphrase. Pass address of the method
  findVolumeQcowPassphrase into qemuMonitorOpen()
* src/qemu/qemu_monitor.c: Associate a disk
  encryption function callback with the qemuMonitorPtr
  object.
* src/qemu/qemu_monitor_text.c: Remove findDomainDiskEncryption
  and findVolumeQcowPassphrase.

Introduce a new qemuDomainObjPrivate object which is used to store
the private QEMU specific data associated with each virDomainObjPtr
instance. This contains a single member, an instance of the new
qemuMonitorPtr object which encapsulates the QEMU monitor state.
The internals of the latter are private to the qemu_monitor* files,
not to be shown to qemu_driver.c

* src/qemu/qemu_conf.h: Definition of qemuDomainObjPrivate.
* src/qemu/qemu_driver.c: Register a functions for creating
  and freeing qemuDomainObjPrivate instances with the domain
  capabilities. Remove the qemudDispatchVMEvent() watch since
  I/O watches are now handled by the monitor code itself. Pass
  a new qemuHandleMonitorEOF() callback into qemuMonitorOpen
  to allow notification when the monitor quits.
* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Introduce
  the 'qemuMonitor' object. Temporarily add new APIs
  qemuMonitorWrite, qemuMonitorRead, qemuMonitorWaitForInput
  to allow text based monitor impl to perform I/O.
* src/qemu/qemu_monitor_text.c: Call APIs for reading/writing
  to monitor instead of accessing the file handle directly.

The qemu_driver.c code should not contain any code that interacts
with the QEMU monitor at a low level. A previous commit moved all
the command invocations out. This change moves out the code which
actually opens the monitor device.

* src/qemu/qemu_driver.c: Remove qemudOpenMonitor & methods called
  from it.
* src/Makefile.am: Add qemu_monitor.{c,h}
* src/qemu/qemu_monitor.h: Add qemuMonitorOpen()
* src/qemu/qemu_monitor.c: All code for opening the monitor

* src/util/pci.c, src/util/pci.h: Make the pciDeviceList struct
  opaque to callers of the API. Add accessor methods for managing
  devices in the list
* src/qemu/qemu_driver.c: Update to use APIs instead of directly
  accessing pciDeviceList fields

As it was basically unimplemented and more confusing than useful
at the moment.
* src/libvirt_private.syms: remove from internal symbols list
* src/qemu/qemu_bridge_filter.c src/util/ebtables.c: remove code and
  one use of the unimplemented function

This is what virsh already expects when printing output, and what
'man cpuset' claims to support.

Use this function in the qemu, uml, lxc, and test drivers.

* src/qemu/qemu_conf.c: Update qemudBuildCommandLineChrDevStr to use a
  virBuffer

* src/qemu_qemu_conf.c: Cleanup usage of virBuffer in qemudBuildCommandLine

* src/qemu/qemu_driver.c: in qemudDomainMigratePerform call
  doPeer2PeerMigrate for VIR_MIGRATE_PEER2PEER.

allows the following to be specified in a domain:
<channel type='pipe'>
  <source path='/tmp/guestfwd'/>
  <target type='guestfwd' address='10.0.2.1' port='4600'/>
</channel>

* proxy/Makefile.am: add network.c as dep of domain_conf.c
* docs/schemas/domain.rng src/conf/domain_conf.[ch]: extend the domain
  schemas and the parsing/serialization side for the new construct

QEmu support will add the following on the qemu command line:
 -chardev pipe,id=channel0,path=/tmp/guestfwd
 -net user,guestfwd=tcp:10.0.2.1:4600-chardev:channel0

* src/qemu/qemu_conf.c: Add argument output for channel
* tests/qemuxml2(argv|xml)test.c: Add test for <channel> domain syntax

* src/qemu/qemu_conf.h: defines a new QEMUD_CMD_FLAG_CHARDEV flag
* src/qemu/qemu_conf.c: parse the output for -chardev and set flag
  appropriately

A character device's target (it's interface in the guest) had only a
single property: port. This patch is in preparation for adding targets
which require other properties.
Since this changes the conf type for character devices this affects
a number of drivers:

* src/conf/domain_conf.[ch] src/esx/esx_vmx.c src/qemu/qemu_conf.c
  src/qemu/qemu_driver.c src/uml/uml_conf.c src/uml/uml_driver.c
  src/vbox/vbox_tmpl.c src/xen/xend_internal.c src/xen/xm_internal.c:
  target properties are moved into a union in virDomainChrDef, and a
  targetType field is added to identify which union member should be
  used. All current code which touches a virDomainChrDef is updated both
  to use the new union field, and to populate targetType if necessary.

* src/qemu/qemu.conf src/qemu/qemu_conf.c src/qemu/qemu_conf.h: there is
  a new config type option for mac filtering
* src/qemu/qemu_bridge_filter.[ch]: new module for the ebtable entry points
* src/qemu/qemu_driver.c: plug the MAC filtering at the right places
  in the domain life cycle
* src/Makefile.am po/POTFILES.in: add the new module

Pretty sure this would deadlock now that we have proper locking, so
remove the code.

- Don't duplicate SystemError
- Use proper error code in domain_conf
- Fix a broken error call in qemu_conf
- Don't use VIR_ERR_ERROR in security driver (isn't a valid code in this case)

All drivers have copy + pasted inadequate error reporting which wraps
util.c:virGetHostname. Move all error reporting to this function, and improve
what we report.

Changes from v1:
  Drop the driver wrappers around virGetHostname. This means we still need
  to keep the new conn argument to virGetHostname, but I think it's worth
  it.

introduced on commit 9231aa7d
* src/qemu/qemu_driver.c: in qemudRemoveDomainStatus fix a reference
  to an undefined variable buf and free up an allocated string

When building with --disable-nls, I got a few messages like this:

storage/storage_backend.c: In function 'virStorageBackendCreateQemuImg':
storage/storage_backend.c:571: warning: format not a string literal and no format arguments

Fix these up.
Signed-off-by: NChris Lalancette <clalance@redhat.com>

qemudShutdownVMDaemon() calls qemudRemoveDomainStatus(), which
then calls virFileDeletePID().  qemudShutdownVMDaemon() then
unnecessarily calls virFileDeletePID() again.  Remove this second
usage of it, and also slightly refactor qemudRemoveDomainStatus()
to VIR_WARN appropriate error messages.
Signed-off-by: NChris Lalancette <clalance@redhat.com>

The LXC driver was mistakenly returning -1 for lxcStartup()
in scenarios that are not an error. This caused the libvirtd
to quit for unprivileged users. This fixes the return code
of LXC driver, and also adds a "name" field to the virStateDriver
struct and logging to make it easier to find these problems
in the future

* src/driver.h: Add a 'name' field to state driver to allow
  easy identification during failures
* src/libvirt.c: Log name of failed driver for virStateInit
  failures
* src/lxc/lxc_driver.c: Don't return a failure code for
  lxcStartup() if LXC is not available on this host, simply
  disable the driver.
* src/network/bridge_driver.c, src/node_device/node_device_devkit.c,
  src/node_device/node_device_hal.c, src/opennebula/one_driver.c,
  src/qemu/qemu_driver.c, src/remote/remote_driver.c,
  src/secret/secret_driver.c, src/storage/storage_driver.c,
  src/uml/uml_driver.c, src/xen/xen_driver.c: Fill in name
  field in virStateDriver struct

Rename virDomainIsActive to virDomainObjIsActive, and
virInterfaceIsActive to virInterfaceObjIsActive and finally
virNetworkIsActive to virNetworkObjIsActive.

* src/conf/domain_conf.c, src/conf/domain_conf.h,
  src/conf/interface_conf.h, src/conf/network_conf.c,
  src/conf/network_conf.h, src/lxc/lxc_driver.c,
  src/network/bridge_driver.c, src/opennebula/one_driver.c,
  src/openvz/openvz_driver.c, src/qemu/qemu_driver.c,
  src/test/test_driver.c, src/uml/uml_driver.c: Update for
  renamed APIs.

Nearly all of the methods in src/util/util.h have error codes that
must be checked by the caller to correct detect & report failure.
Add ATTRIBUTE_RETURN_CHECK to ensure compile time validation of
this

* daemon/libvirtd.c: Add explicit check on return value of virAsprintf
* src/conf/domain_conf.c: Add missing check on virParseMacAddr return
  value status & report error
* src/network/bridge_driver.c: Add missing OOM check on virAsprintf
  and report error
* src/qemu/qemu_conf.c: Add missing check on virParseMacAddr return
  value status & report error
* src/security/security_selinux.c: Remove call to virRandomInitialize
  that's done in libvirt.c already
* src/storage/storage_backend_logical.c: Add check & log on virRun
  return status
* src/util/util.c: Add missing checks on virAsprintf/Run status
* src/util/util.h: Annotate all methods with ATTRIBUTE_RETURN_CHECK
  if they return an error status code
* src/vbox/vbox_tmpl.c: Add missing check on virParseMacAddr
* src/xen/xm_internal.c: Add missing checks on virAsprintf
* tests/qemuargv2xmltest.c: Remove bogus call to virRandomInitialize()

The virDomainObjPtr object stores state about a running domain.
This object is shared across all drivers so it is not appropriate
to include driver specific state here. This patch adds the ability
to request a blob of private data per domain object instance. The
driver must provide a allocator & deallocator for this purpose

THis patch abuses the virCapabilitiesPtr structure for storing the
allocator/deallocator callbacks, since it is already being abused
for other internal things relating to parsing. This should be moved
out into a separate object at some point.

* src/conf/capabilities.h: Add privateDataAllocFunc and
  privateDataFreeFunc fields
* src/conf/domain_conf.c: Invoke the driver allocators / deallocators
  when creating/freeing virDomainObjPtr instances.
* src/conf/domain_conf.h: Pass virCapsPtr into virDomainAssignDef
  to allow access to the driver specific allocator function
* src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
  src/openvz/openvz_driver.c, src/qemu/qemu_driver.c,
  src/test/test_driver.c, src/uml/uml_driver.c: Update for
  change in virDomainAssignDef contract

The current virDomainObjListPtr object stores domain objects in
an array. This means that to find a particular objects requires
O(n) time, and more critically acquiring O(n) mutex locks.

The new impl replaces the array with a virHashTable, keyed off
UUID. Finding a object based on UUID is now O(1) time, and only
requires a single mutex lock. Finding by name/id is unchanged
in complexity.

In changing this, all code which iterates over the array had
to be updated to use a hash table iterator function callback.
Several of the functions which were identically duplicating
across all drivers were pulled into domain_conf.c

* src/conf/domain_conf.h, src/conf/domain_conf.c: Change
  virDomainObjListPtr to use virHashTable. Add a initializer
  method virDomainObjListInit, and rename virDomainObjListFree
  to virDomainObjListDeinit, since its not actually freeing
  the container, only its contents. Also add some convenient
  methods virDomainObjListGetInactiveNames,
  virDomainObjListGetActiveIDs and virDomainObjListNumOfDomains
  which can be used to implement the correspondingly named
  public API entry points in drivers
* src/libvirt_private.syms: Export new methods from domain_conf.h
* src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
  src/openvz/openvz_conf.c, src/openvz/openvz_driver.c,
  src/qemu/qemu_driver.c, src/test/test_driver.c,
  src/uml/uml_driver.c, src/vbox/vbox_tmpl.c: Update all code
  to deal with hash tables instead of arrays for domains