Pull in all bug fixes from rawhide

branch

@@ -0,0 +1 @@
+F-8

libvirt-0.3.3-example-config.patch

@@ -1,207 +0,0 @@
-changeset:   1147:7481eafdde8d
-user:        berrange
-date:        Fri Oct 12 18:54:15 2007 +0000
-files:       libvirt.spec.in qemud/Makefile.am qemud/libvirtd.conf src/Makefile.am src/qemu.conf
-description:
-Added default example configs for libvirtd/qemu driver
-
-
-diff -r c48e81e685a3 -r 7481eafdde8d qemud/libvirtd.conf
---- /dev/null	Thu Jan 01 00:00:00 1970 +0000
-+++ b/qemud/libvirtd.conf	Fri Oct 12 18:54:15 2007 +0000
-@@ -0,0 +1,141 @@
-+# Master libvirt daemon configuration file
-+#
-+# For further information consult http://libvirt.org/format.html
-+
-+
-+# Flag listening for secure TLS connections on the public TCP/IP port.
-+# NB, must pass the --listen flag to the libvirtd process for this to
-+# have any effect.
-+#
-+# It is neccessary to setup a CA and issue server certificates before
-+# using this capability.
-+#
-+# This is enabled by default, uncomment this to disable it
-+# listen_tls = 0
-+
-+# Listen for unencrypted TCP connections on the public TCP/IP port.
-+# NB, must pass the --listen flag to the libvirtd process for this to
-+# have any effect.
-+#
-+# NB, this is insecure. Do not use except for development.
-+#
-+# This is disabled by default, uncomment this to enable it.
-+# listen_tcp = 1
-+
-+
-+
-+# Override the port for accepting secure TLS connections
-+# This can be a port number, or service name
-+#
-+# tls_port = "16514"
-+
-+# Override the port for accepting insecure TCP connections
-+# This can be a port number, or service name
-+# 
-+# tcp_port = "16509"
-+
-+
-+
-+# Flag toggling mDNS advertizement of the libvirt service.
-+#
-+# Alternatively can disable for all services on a host by
-+# stopping the Avahi daemon
-+#
-+# This is enabled by default, uncomment this to disable it
-+# mdns_adv = 0
-+
-+# Override the default mDNS advertizement name. This must be
-+# unique on the immediate broadcast network.
-+# 
-+# The default is "Virtualization Host HOSTNAME", where HOSTNAME
-+# is subsituted for the short hostname of the machine (without domain)
-+#
-+# mdns_name "Virtualization Host Joe Demo" 
-+
-+
-+
-+# Set the UNIX domain socket group ownership. This can be used to
-+# allow a 'trusted' set of users access to management capabilities
-+# without becoming root.
-+# 
-+# This is restricted to 'root' by default. 
-+# unix_sock_group "libvirt"
-+
-+# Set the UNIX socket permissions for the R/O socket. This is used
-+# for monitoring VM status only
-+#
-+# Default allows any user. If setting group ownership may want to
-+# restrict this to:
-+# unix_sock_ro_perms "0777"
-+
-+# Set the UNIX socket permissions for the R/W socket. This is used
-+# for full management of VMs
-+#
-+# Default allows only root. If setting group ownership may want to
-+# relax this to:
-+# unix_sock_rw_perms "octal-perms" 	"0770"
-+
-+
-+
-+# Flag to disable verification of client certificates
-+#
-+# Client certificate verification is the primary authentication mechanism.
-+# Any client which does not present a certificate signed by the CA
-+# will be rejected.
-+#
-+# Default is to always verify. Uncommenting this will disable
-+# verification - make sure an IP whitelist is set
-+# tls_no_verify_certificate 1 
-+
-+# Flag to disable verification of client IP address
-+#
-+# Client IP address will be verified against the CommonName field
-+# of the x509 certificate. This has minimal security benefit since
-+# it is easy to spoof source IP.
-+#
-+# Uncommenting this will disable verification
-+# tls_no_verify_address 1
-+
-+# Override the default server key file path
-+#
-+# key_file "/etc/pki/libvirt/private/serverkey.pem"
-+
-+# Override the default server certificate file path
-+#
-+# cert_file "/etc/pki/libvirt/servercert.pem"
-+
-+# Override the default CA certificate path
-+#
-+# ca_file "/etc/pki/CA/cacert.pem"
-+
-+# Specify a certificate revocation list.
-+# 
-+# Defaults to not using a CRL, uncomment to enable it
-+# crl_file "/etc/pki/CA/crl.pem"
-+
-+# A whitelist of allowed x509  Distinguished Names
-+# This list may contain wildcards such as 
-+#
-+#    "C=GB,ST=London,L=London,O=Red Hat,CN=*"
-+#
-+# See the POSIX fnmatch function for the format of the wildcards.
-+#
-+# NB If this is an empty list, no client can connect, so comment out
-+# entirely rather than using empty list to disable these checks
-+#
-+# By default, no DN's are checked
-+# tls_allowed_dn_list ["DN1", "DN2"]
-+
-+
-+# A whitelist of allowed client IP addresses
-+#
-+# This list may contain wildcards such as 192.168.* See the POSIX fnmatch 
-+# function for the format of the wildcards.
-+#
-+# NB If this is an empty list, no client can connect, so comment out
-+# entirely rather than using empty list to disable these checks
-+#
-+# By default, no IP's are checked. This can be IPv4 or IPv6 addresses
-+# tls_allowed_ip_list ["ip1", "ip2", "ip3"]
-+
-+
-diff -r c48e81e685a3 -r 7481eafdde8d src/qemu.conf
---- /dev/null	Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/qemu.conf	Fri Oct 12 18:54:15 2007 +0000
-@@ -0,0 +1,49 @@
-+# Master configuration file for the QEMU driver.
-+# All settings described here are optional - if omitted, sensible
-+# defaults are used.
-+
-+# VNC is configured to listen on 127.0.0.1 by default.
-+# To make it listen on all public interfaces, uncomment
-+# this next option.
-+#
-+# NB, strong recommendation to enable TLS + x509 certificate
-+# verification when allowing public access
-+#
-+# vnc_listen = "0.0.0.0"
-+
-+
-+# Enable use of TLS encryption on the VNC server. This requires
-+# a VNC client which supports the VeNCrypt protocol extension.
-+# Examples include vinagre, virt-viewer, virt-manager and vencrypt
-+# itself. UltraVNC, RealVNC, TightVNC do not support this
-+#
-+# It is neccessary to setup CA and issue a server certificate
-+# before enabling this.
-+#
-+# vnc_tls = 1
-+
-+
-+# Use of TLS requires that x509 certificates be issued. The
-+# default it to keep them in /etc/pki/libvirt-vnc. This directory
-+# must contain
-+#
-+#  ca-cert.pem - the CA master certificate
-+#  server-cert.pem - the server certificate signed with ca-cert.pem
-+#  server-key.pem  - the server private key
-+#
-+# This option allows the certificate directory to be changed
-+#
-+# vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
-+
-+
-+# The default TLS configuration only uses certificates for the server
-+# allowing the client to verify the server's identity and establish
-+# and encrypted channel. 
-+#
-+# It is possible to use x509 certificates for authentication too, by
-+# issuing a x509 certificate to every client who needs to connect.
-+# 
-+# Enabling this option will reject any client who does not have a
-+# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem
-+#
-+# vnc_tls_x509_verify = 1
-

libvirt-0.3.3-qemu-config.patch

@@ -1,230 +0,0 @@
-changeset:   1146:c48e81e685a3
-user:        berrange
-date:        Fri Oct 12 15:05:44 2007 +0000
-files:       ChangeLog src/qemu_conf.c src/qemu_conf.h src/qemu_driver.c
-description:
-Added QEMU driver config file
-
-
-diff -r 522efe7f7e8f -r c48e81e685a3 src/qemu_conf.c
---- a/src/qemu_conf.c	Wed Oct 10 18:46:17 2007 +0000
-+++ b/src/qemu_conf.c	Fri Oct 12 15:05:44 2007 +0000
-@@ -45,6 +45,7 @@
- #include "qemu_conf.h"
- #include "uuid.h"
- #include "buf.h"
-+#include "conf.h"
- 
- #define qemudLog(level, msg...) fprintf(stderr, msg)
- 
-@@ -65,6 +66,68 @@ void qemudReportError(virConnectPtr conn
-     __virRaiseError(conn, dom, net, VIR_FROM_QEMU, code, VIR_ERR_ERROR,
-                     NULL, NULL, NULL, -1, -1, errorMessage);
- }
-+
-+int qemudLoadDriverConfig(struct qemud_driver *driver,
-+                          const char *filename) {
-+    virConfPtr conf;
-+    virConfValuePtr p;
-+
-+    /* Setup 2 critical defaults */
-+    strcpy(driver->vncListen, "127.0.0.1");
-+    if (!(driver->vncTLSx509certdir = strdup(SYSCONF_DIR "/pki/libvirt-vnc"))) {
-+        qemudReportError(NULL, NULL, NULL, VIR_ERR_NO_MEMORY,
-+                         "vncTLSx509certdir");
-+        return -1;
-+    }
-+
-+    /* Just check the file is readable before opening it, otherwise
-+     * libvirt emits an error.
-+     */
-+    if (access (filename, R_OK) == -1) return 0;
-+
-+    conf = virConfReadFile (filename);
-+    if (!conf) return 0;
-+
-+
-+#define CHECK_TYPE(name,typ) if (p && p->type != (typ)) {               \
-+        qemudReportError(NULL, NULL, NULL, VIR_ERR_INTERNAL_ERROR,      \
-+                         "remoteReadConfigFile: %s: %s: expected type " #typ "\n", \
-+                         filename, (name));                             \
-+        virConfFree(conf);                                              \
-+        return -1;                                                      \
-+    }
-+
-+    p = virConfGetValue (conf, "vnc_tls");
-+    CHECK_TYPE ("vnc_tls", VIR_CONF_LONG);
-+    if (p) driver->vncTLS = p->l;
-+
-+    p = virConfGetValue (conf, "vnc_tls_x509_verify");
-+    CHECK_TYPE ("vnc_tls_x509_verify", VIR_CONF_LONG);
-+    if (p) driver->vncTLSx509verify = p->l;
-+
-+    p = virConfGetValue (conf, "vnc_tls_x509_cert_dir");
-+    CHECK_TYPE ("vnc_tls_x509_cert_dir", VIR_CONF_STRING);
-+    if (p && p->str) {
-+        free(driver->vncTLSx509certdir);
-+        if (!(driver->vncTLSx509certdir = strdup(p->str))) {
-+            qemudReportError(NULL, NULL, NULL, VIR_ERR_NO_MEMORY,
-+                             "vncTLSx509certdir");
-+            virConfFree(conf);
-+            return -1;
-+        }
-+    }
-+
-+    p = virConfGetValue (conf, "vnc_listen");
-+    CHECK_TYPE ("vnc_listen", VIR_CONF_STRING);
-+    if (p && p->str) {
-+        strncpy(driver->vncListen, p->str, sizeof(driver->vncListen));
-+        driver->vncListen[sizeof(driver->vncListen)-1] = '\0';
-+    }
-+
-+    virConfFree (conf);
-+    return 0;
-+}
-+
- 
- struct qemud_vm *qemudFindVMByID(const struct qemud_driver *driver, int id) {
-     struct qemud_vm *vm = driver->vms;
-@@ -1234,7 +1297,7 @@ static struct qemud_vm_def *qemudParseXM
-             if (vnclisten && *vnclisten)
-                 strncpy(def->vncListen, (char *)vnclisten, BR_INET_ADDR_MAXLEN-1);
-             else
--                strcpy(def->vncListen, "127.0.0.1");
-+                strcpy(def->vncListen, driver->vncListen);
-             def->vncListen[BR_INET_ADDR_MAXLEN-1] = '\0';
-             xmlFree(vncport);
-             xmlFree(vnclisten);
-@@ -1750,15 +1813,30 @@ int qemudBuildCommandLine(virConnectPtr 
-     }
- 
-     if (vm->def->graphicsType == QEMUD_GRAPHICS_VNC) {
--        char vncdisplay[BR_INET_ADDR_MAXLEN+20];
-+        char vncdisplay[PATH_MAX];
-         int ret;
--        if (vm->qemuCmdFlags & QEMUD_CMD_FLAG_VNC_COLON)
--            ret = snprintf(vncdisplay, sizeof(vncdisplay), "%s:%d",
-+
-+        if (vm->qemuCmdFlags & QEMUD_CMD_FLAG_VNC_COLON) {
-+            char options[PATH_MAX] = "";
-+            if (driver->vncTLS) {
-+                strcat(options, ",tls");
-+                if (driver->vncTLSx509verify) {
-+                    strcat(options, ",x509verify=");
-+                } else {
-+                    strcat(options, ",x509=");
-+                }
-+                strncat(options, driver->vncTLSx509certdir,
-+                        sizeof(options) - (strlen(driver->vncTLSx509certdir)-1));
-+                options[sizeof(options)-1] = '\0';
-+            }
-+            ret = snprintf(vncdisplay, sizeof(vncdisplay), "%s:%d%s",
-                            vm->def->vncListen,
--                           vm->def->vncActivePort - 5900);
--        else
-+                           vm->def->vncActivePort - 5900,
-+                           options);
-+        } else {
-             ret = snprintf(vncdisplay, sizeof(vncdisplay), "%d",
-                            vm->def->vncActivePort - 5900);
-+        }
-         if (ret < 0 || ret >= (int)sizeof(vncdisplay))
-             goto error;
- 
-diff -r 522efe7f7e8f -r c48e81e685a3 src/qemu_conf.h
---- a/src/qemu_conf.h	Wed Oct 10 18:46:17 2007 +0000
-+++ b/src/qemu_conf.h	Fri Oct 12 15:05:44 2007 +0000
-@@ -289,6 +289,10 @@ struct qemud_driver {
-     char *networkConfigDir;
-     char *networkAutostartDir;
-     char logDir[PATH_MAX];
-+    int vncTLS : 1;
-+    int vncTLSx509verify : 1;
-+    char *vncTLSx509certdir;
-+    char vncListen[BR_INET_ADDR_MAXLEN];
- };
- 
- 
-@@ -311,6 +315,8 @@ void qemudReportError(virConnectPtr conn
-     ATTRIBUTE_FORMAT(printf,5,6);
- 
- 
-+int qemudLoadDriverConfig(struct qemud_driver *driver,
-+                          const char *filename);
- 
- struct qemud_vm *qemudFindVMByID(const struct qemud_driver *driver,
-                                  int id);
-diff -r 522efe7f7e8f -r c48e81e685a3 src/qemu_driver.c
---- a/src/qemu_driver.c	Wed Oct 10 18:46:17 2007 +0000
-+++ b/src/qemu_driver.c	Fri Oct 12 15:05:44 2007 +0000
-@@ -155,6 +155,7 @@ qemudStartup(void) {
-     uid_t uid = geteuid();
-     struct passwd *pw;
-     char *base = NULL;
-+    char driverConf[PATH_MAX];
- 
-     if (!(qemu_driver = calloc(1, sizeof(struct qemud_driver)))) {
-         return -1;
-@@ -167,7 +168,7 @@ qemudStartup(void) {
-         if (snprintf(qemu_driver->logDir, PATH_MAX, "%s/log/libvirt/qemu", LOCAL_STATE_DIR) >= PATH_MAX)
-             goto snprintf_error;
- 
--        if ((base = strdup (SYSCONF_DIR "/libvirt/qemu")) == NULL)
-+        if ((base = strdup (SYSCONF_DIR "/libvirt")) == NULL)
-             goto out_of_memory;
-     } else {
-         if (!(pw = getpwuid(uid))) {
-@@ -179,7 +180,7 @@ qemudStartup(void) {
-         if (snprintf(qemu_driver->logDir, PATH_MAX, "%s/.libvirt/qemu/log", pw->pw_dir) >= PATH_MAX)
-             goto snprintf_error;
- 
--        if (asprintf (&base, "%s/.libvirt/qemu", pw->pw_dir) == -1) {
-+        if (asprintf (&base, "%s/.libvirt", pw->pw_dir) == -1) {
-             qemudLog (QEMUD_ERR, "out of memory in asprintf");
-             goto out_of_memory;
-         }
-@@ -188,24 +189,36 @@ qemudStartup(void) {
-     /* Configuration paths are either ~/.libvirt/qemu/... (session) or
-      * /etc/libvirt/qemu/... (system).
-      */
--    if (asprintf (&qemu_driver->configDir, "%s", base) == -1)
-+    if (snprintf (driverConf, sizeof(driverConf), "%s/qemu.conf", base) == -1)
-         goto out_of_memory;
--
--    if (asprintf (&qemu_driver->autostartDir, "%s/autostart", base) == -1)
-+    driverConf[sizeof(driverConf)-1] = '\0';
-+
-+    if (asprintf (&qemu_driver->configDir, "%s/qemu", base) == -1)
-         goto out_of_memory;
- 
--    if (asprintf (&qemu_driver->networkConfigDir, "%s/networks", base) == -1)
-+    if (asprintf (&qemu_driver->autostartDir, "%s/qemu/autostart", base) == -1)
-         goto out_of_memory;
- 
--    if (asprintf (&qemu_driver->networkAutostartDir, "%s/networks/autostart",
-+    if (asprintf (&qemu_driver->networkConfigDir, "%s/qemu/networks", base) == -1)
-+        goto out_of_memory;
-+
-+    if (asprintf (&qemu_driver->networkAutostartDir, "%s/qemu/networks/autostart",
-                   base) == -1)
-         goto out_of_memory;
- 
--    if (qemudScanConfigs(qemu_driver) < 0)
-+    free(base);
-+
-+    if (qemudLoadDriverConfig(qemu_driver, driverConf) < 0) {
-         qemudShutdown();
-+        return -1;
-+    }
-+
-+    if (qemudScanConfigs(qemu_driver) < 0) {
-+        qemudShutdown();
-+        return -1;
-+    }
-     qemudAutostartConfigs(qemu_driver);
- 
--    free(base);
-     return 0;
- 
-  snprintf_error:
-

libvirt-0.4.1-daemon-startup.patch

@@ -0,0 +1,48 @@
+diff -rup libvirt-0.4.1.orig/qemud/qemud.c libvirt-0.4.1.new/qemud/qemud.c
+--- libvirt-0.4.1.orig/qemud/qemud.c	2008-03-10 17:31:09.000000000 -0400
++++ libvirt-0.4.1.new/qemud/qemud.c	2008-03-10 17:31:36.000000000 -0400
+@@ -393,7 +393,7 @@ static int qemudGoDaemon(void) {
+             case -1:
+                 return -1;
+             default:
+-                return nextpid;
++                _exit(0);
+             }
+ 
+         cleanup:
+@@ -418,8 +418,7 @@ static int qemudGoDaemon(void) {
+                 status != 0) {
+                 return -1;
+             }
+-
+-            return pid;
++            _exit(0);
+         }
+     }
+ }
+@@ -2116,16 +2115,12 @@ int main(int argc, char **argv) {
+         goto error1;
+ 
+     if (godaemon) {
+-        int pid;
+         openlog("libvirtd", 0, 0);
+-        pid = qemudGoDaemon();
+-        if (pid < 0) {
++        if (qemudGoDaemon() < 0) {
+             qemudLog(QEMUD_ERR, _("Failed to fork as daemon: %s"),
+                      strerror(errno));
+             goto error1;
+         }
+-        if (pid > 0)
+-            goto out;
+ 
+         /* Choose the name of the PID file. */
+         if (!pid_file) {
+@@ -2172,7 +2167,6 @@ int main(int argc, char **argv) {
+     if (godaemon)
+         closelog();
+ 
+- out:
+     ret = 0;
+ 
+  error2:

libvirt-0.4.1-polkit.patch

@@ -0,0 +1,400 @@
+diff -rup libvirt-0.4.1.orig/configure.in libvirt-0.4.1.new/configure.in
+--- libvirt-0.4.1.orig/configure.in	2008-03-03 09:14:19.000000000 -0500
++++ libvirt-0.4.1.new/configure.in	2008-04-03 15:37:49.000000000 -0400
+@@ -450,10 +450,6 @@ if test "x$with_polkit" = "xyes" -o "x$w
+     CFLAGS="$old_CFLAGS"
+     LDFLAGS="$old_LDFLAGS"
+ 
+-    AC_PATH_PROG(POLKIT_GRANT, polkit-grant)
+-    if test "x$POLKIT_GRANT" != "x"; then
+-      AC_DEFINE_UNQUOTED([POLKIT_GRANT],["$POLKIT_GRANT"],[Location of polkit-grant program])
+-    fi
+     AC_PATH_PROG(POLKIT_AUTH, polkit-auth)
+     if test "x$POLKIT_AUTH" != "x"; then
+       AC_DEFINE_UNQUOTED([POLKIT_AUTH],["$POLKIT_AUTH"],[Location of polkit-auth program])
+diff -rup libvirt-0.4.1.orig/qemud/internal.h libvirt-0.4.1.new/qemud/internal.h
+--- libvirt-0.4.1.orig/qemud/internal.h	2008-01-24 12:07:43.000000000 -0500
++++ libvirt-0.4.1.new/qemud/internal.h	2008-04-03 15:38:03.000000000 -0400
+@@ -179,6 +179,9 @@ void qemudLog(int priority, const char *
+ void remoteDispatchClientRequest (struct qemud_server *server,
+                                   struct qemud_client *client);
+ 
++#if HAVE_POLKIT
++int qemudGetSocketIdentity(int fd, uid_t *uid, pid_t *pid);
++#endif
+ 
+ #endif
+ 
+diff -rup libvirt-0.4.1.orig/qemud/qemud.c libvirt-0.4.1.new/qemud/qemud.c
+--- libvirt-0.4.1.orig/qemud/qemud.c	2008-04-03 15:39:15.000000000 -0400
++++ libvirt-0.4.1.new/qemud/qemud.c	2008-04-03 15:38:03.000000000 -0400
+@@ -1040,6 +1040,28 @@ remoteCheckAccess (struct qemud_client *
+     return 0;
+ }
+ 
++#if HAVE_POLKIT
++int qemudGetSocketIdentity(int fd, uid_t *uid, pid_t *pid) {
++#ifdef SO_PEERCRED
++    struct ucred cr;
++    unsigned int cr_len = sizeof (cr);
++
++    if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len) < 0) {
++        qemudLog(QEMUD_ERR, _("Failed to verify client credentials: %s"),
++                 strerror(errno));
++        return -1;
++    }
++
++    *pid = cr.pid;
++    *uid = cr.uid;
++#else
++    /* XXX Many more OS support UNIX socket credentials we could port to. See dbus ....*/
++#error "UNIX socket credentials not supported/implemented on this platform yet..."
++#endif
++    return 0;
++}
++#endif
++
+ static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket *sock) {
+     int fd;
+     struct sockaddr_storage addr;
+@@ -1075,6 +1097,26 @@ static int qemudDispatchServer(struct qe
+     memcpy (&client->addr, &addr, sizeof addr);
+     client->addrlen = addrlen;
+ 
++#if HAVE_POLKIT
++    /* Only do policy checks for non-root - allow root user
++       through with no checks, as a fail-safe - root can easily
++       change policykit policy anyway, so its pointless trying
++       to restrict root */
++    if (client->auth == REMOTE_AUTH_POLKIT) {
++        uid_t uid;
++        pid_t pid;
++
++        if (qemudGetSocketIdentity(client->fd, &uid, &pid) < 0)
++            goto cleanup;
++
++        /* Cient is running as root, so disable auth */
++        if (uid == 0) {
++            qemudLog(QEMUD_INFO, _("Turn off polkit auth for privileged client %d"), pid);
++            client->auth = REMOTE_AUTH_NONE;
++        }
++    }
++#endif
++
+     if (client->type != QEMUD_SOCK_TYPE_TLS) {
+         client->mode = QEMUD_MODE_RX_HEADER;
+         client->bufferLength = REMOTE_MESSAGE_HEADER_XDR_LEN;
+diff -rup libvirt-0.4.1.orig/qemud/remote.c libvirt-0.4.1.new/qemud/remote.c
+--- libvirt-0.4.1.orig/qemud/remote.c	2008-02-29 11:23:17.000000000 -0500
++++ libvirt-0.4.1.new/qemud/remote.c	2008-04-03 15:38:03.000000000 -0400
+@@ -2564,27 +2564,6 @@ remoteDispatchAuthSaslStep (struct qemud
+ 
+ 
+ #if HAVE_POLKIT
+-static int qemudGetSocketIdentity(int fd, uid_t *uid, pid_t *pid) {
+-#ifdef SO_PEERCRED
+-    struct ucred cr;
+-    unsigned int cr_len = sizeof (cr);
+-
+-    if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len) < 0) {
+-        qemudLog(QEMUD_ERR, _("Failed to verify client credentials: %s"),
+-                 strerror(errno));
+-        return -1;
+-    }
+-
+-    *pid = cr.pid;
+-    *uid = cr.uid;
+-#else
+-    /* XXX Many more OS support UNIX socket credentials we could port to. See dbus ....*/
+-#error "UNIX socket credentials not supported/implemented on this platform yet..."
+-#endif
+-    return 0;
+-}
+-
+-
+ static int
+ remoteDispatchAuthPolkit (struct qemud_server *server ATTRIBUTE_UNUSED,
+                           struct qemud_client *client,
+@@ -2594,6 +2573,15 @@ remoteDispatchAuthPolkit (struct qemud_s
+ {
+     pid_t callerPid;
+     uid_t callerUid;
++    PolKitCaller *pkcaller = NULL;
++    PolKitAction *pkaction = NULL;
++    PolKitContext *pkcontext = NULL;
++    PolKitError *pkerr = NULL;
++    PolKitResult pkresult;
++    DBusError err;
++    const char *action = client->readonly ?
++        "org.libvirt.unix.monitor" :
++        "org.libvirt.unix.manage";
+ 
+     REMOTE_DEBUG("Start PolicyKit auth %d", client->fd);
+     if (client->auth != REMOTE_AUTH_POLKIT) {
+@@ -2609,98 +2597,78 @@ remoteDispatchAuthPolkit (struct qemud_s
+         return -2;
+     }
+ 
+-    /* Only do policy checks for non-root - allow root user
+-       through with no checks, as a fail-safe - root can easily
+-       change policykit policy anyway, so its pointless trying
+-       to restrict root */
+-    if (callerUid == 0) {
+-        qemudLog(QEMUD_INFO, _("Allowing PID %d running as root"), callerPid);
+-        ret->complete = 1;
+-        client->auth = REMOTE_AUTH_NONE;
+-    } else {
+-        PolKitCaller *pkcaller = NULL;
+-        PolKitAction *pkaction = NULL;
+-        PolKitContext *pkcontext = NULL;
+-        PolKitError *pkerr = NULL;
+-        PolKitResult pkresult;
+-        DBusError err;
+-        const char *action = client->readonly ?
+-            "org.libvirt.unix.monitor" :
+-            "org.libvirt.unix.manage";
+-
+-        qemudLog(QEMUD_INFO, _("Checking PID %d running as %d"),
+-                 callerPid, callerUid);
+-        dbus_error_init(&err);
+-        if (!(pkcaller = polkit_caller_new_from_pid(server->sysbus,
+-                                                    callerPid, &err))) {
+-            qemudLog(QEMUD_ERR, _("Failed to lookup policy kit caller: %s"),
+-                     err.message);
+-            dbus_error_free(&err);
+-            remoteDispatchFailAuth(client, req);
+-            return -2;
+-        }
+-
+-        if (!(pkaction = polkit_action_new())) {
+-            qemudLog(QEMUD_ERR, _("Failed to create polkit action %s\n"),
+-                                  strerror(errno));
+-            polkit_caller_unref(pkcaller);
+-            remoteDispatchFailAuth(client, req);
+-            return -2;
+-        }
+-        polkit_action_set_action_id(pkaction, action);
+-
+-        if (!(pkcontext = polkit_context_new()) ||
+-            !polkit_context_init(pkcontext, &pkerr)) {
+-            qemudLog(QEMUD_ERR, _("Failed to create polkit context %s\n"),
+-                     (pkerr ? polkit_error_get_error_message(pkerr)
+-                      : strerror(errno)));
+-            if (pkerr)
+-                polkit_error_free(pkerr);
+-            polkit_caller_unref(pkcaller);
+-            polkit_action_unref(pkaction);
+-            dbus_error_free(&err);
+-            remoteDispatchFailAuth(client, req);
+-            return -2;
+-        }
++    qemudLog(QEMUD_INFO, _("Checking PID %d running as %d"),
++             callerPid, callerUid);
++    dbus_error_init(&err);
++    if (!(pkcaller = polkit_caller_new_from_pid(server->sysbus,
++                                                callerPid, &err))) {
++        qemudLog(QEMUD_ERR, _("Failed to lookup policy kit caller: %s"),
++                 err.message);
++        dbus_error_free(&err);
++        remoteDispatchFailAuth(client, req);
++        return -2;
++    }
++
++    if (!(pkaction = polkit_action_new())) {
++        qemudLog(QEMUD_ERR, _("Failed to create polkit action %s\n"),
++                 strerror(errno));
++        polkit_caller_unref(pkcaller);
++        remoteDispatchFailAuth(client, req);
++        return -2;
++    }
++    polkit_action_set_action_id(pkaction, action);
++
++    if (!(pkcontext = polkit_context_new()) ||
++        !polkit_context_init(pkcontext, &pkerr)) {
++        qemudLog(QEMUD_ERR, _("Failed to create polkit context %s\n"),
++                 (pkerr ? polkit_error_get_error_message(pkerr)
++                  : strerror(errno)));
++        if (pkerr)
++            polkit_error_free(pkerr);
++        polkit_caller_unref(pkcaller);
++        polkit_action_unref(pkaction);
++        dbus_error_free(&err);
++        remoteDispatchFailAuth(client, req);
++        return -2;
++    }
+ 
+ #if HAVE_POLKIT_CONTEXT_IS_CALLER_AUTHORIZED
+-        pkresult = polkit_context_is_caller_authorized(pkcontext,
+-                                                       pkaction,
+-                                                       pkcaller,
+-                                                       0,
+-                                                       &pkerr);
+-        if (pkerr && polkit_error_is_set(pkerr)) {
+-            qemudLog(QEMUD_ERR,
+-                     _("Policy kit failed to check authorization %d %s"),
+-                     polkit_error_get_error_code(pkerr),
+-                     polkit_error_get_error_message(pkerr));
+-            remoteDispatchFailAuth(client, req);
+-            return -2;
+-        }
++    pkresult = polkit_context_is_caller_authorized(pkcontext,
++                                                   pkaction,
++                                                   pkcaller,
++                                                   0,
++                                                   &pkerr);
++    if (pkerr && polkit_error_is_set(pkerr)) {
++        qemudLog(QEMUD_ERR,
++                 _("Policy kit failed to check authorization %d %s"),
++                 polkit_error_get_error_code(pkerr),
++                 polkit_error_get_error_message(pkerr));
++        remoteDispatchFailAuth(client, req);
++        return -2;
++    }
+ #else
+-        pkresult = polkit_context_can_caller_do_action(pkcontext,
+-                                                       pkaction,
+-                                                       pkcaller);
++    pkresult = polkit_context_can_caller_do_action(pkcontext,
++                                                   pkaction,
++                                                   pkcaller);
+ #endif
+-        polkit_context_unref(pkcontext);
+-        polkit_caller_unref(pkcaller);
+-        polkit_action_unref(pkaction);
+-        if (pkresult != POLKIT_RESULT_YES) {
+-            qemudLog(QEMUD_ERR,
+-                     _("Policy kit denied action %s from pid %d, uid %d,"
+-                       " result: %s\n"),
+-                     action, callerPid, callerUid,
+-                     polkit_result_to_string_representation(pkresult));
+-            remoteDispatchFailAuth(client, req);
+-            return -2;
+-        }
+-        qemudLog(QEMUD_INFO,
+-                 _("Policy allowed action %s from pid %d, uid %d, result %s"),
++    polkit_context_unref(pkcontext);
++    polkit_caller_unref(pkcaller);
++    polkit_action_unref(pkaction);
++    if (pkresult != POLKIT_RESULT_YES) {
++        qemudLog(QEMUD_ERR,
++                 _("Policy kit denied action %s from pid %d, uid %d,"
++                   " result: %s\n"),
+                  action, callerPid, callerUid,
+                  polkit_result_to_string_representation(pkresult));
+-        ret->complete = 1;
+-        client->auth = REMOTE_AUTH_NONE;
++        remoteDispatchFailAuth(client, req);
++        return -2;
+     }
++    qemudLog(QEMUD_INFO,
++             _("Policy allowed action %s from pid %d, uid %d, result %s"),
++             action, callerPid, callerUid,
++             polkit_result_to_string_representation(pkresult));
++    ret->complete = 1;
++    client->auth = REMOTE_AUTH_NONE;
+ 
+     return 0;
+ }
+diff -rup libvirt-0.4.1.orig/src/libvirt.c libvirt-0.4.1.new/src/libvirt.c
+--- libvirt-0.4.1.orig/src/libvirt.c	2008-02-26 10:37:43.000000000 -0500
++++ libvirt-0.4.1.new/src/libvirt.c	2008-04-03 15:38:47.000000000 -0400
+@@ -19,6 +19,9 @@
+ #include <sys/stat.h>
+ #include <unistd.h>
+ #include <assert.h>
++#ifdef HAVE_SYS_WAIT_H
++#include <sys/wait.h>
++#endif
+ 
+ #include <libxml/parser.h>
+ #include <libxml/xpath.h>
+@@ -66,6 +69,39 @@ static int initialized = 0;
+ int debugFlag = 0;
+ #endif
+ 
++#if defined(POLKIT_AUTH)
++static int virConnectAuthGainPolkit(const char *privilege) {
++    const char *const args[] = {
++        POLKIT_AUTH, "--obtain", privilege, NULL
++    };
++    int childpid, status, ret;
++
++    /* Root has all rights */
++    if (getuid() == 0)
++        return 0;
++
++    if ((childpid = fork()) < 0)
++        return -1;
++
++    if (!childpid) {
++        execvp(args[0], (char **)args);
++        _exit(-1);
++    }
++
++    while ((ret = waitpid(childpid, &status, 0) == -1) && errno == EINTR);
++    if (ret == -1) {
++        return -1;
++    }
++
++    if (!WIFEXITED(status) ||
++        (WEXITSTATUS(status) != 0 && WEXITSTATUS(status) != 1)) {
++        return -1;
++    }
++
++    return 0;
++}
++#endif
++
+ static int virConnectAuthCallbackDefault(virConnectCredentialPtr cred,
+                                          unsigned int ncred,
+                                          void *cbdata ATTRIBUTE_UNUSED) {
+@@ -77,28 +113,25 @@ static int virConnectAuthCallbackDefault
+         size_t len;
+ 
+         switch (cred[i].type) {
+-#if defined(POLKIT_GRANT) || defined(POLKIT_AUTH)
+         case VIR_CRED_EXTERNAL: {
+             int ret;
+-            const char *const args[] = {
+-#if defined(POLKIT_GRANT)
+-                POLKIT_GRANT, "--gain", cred[i].prompt, NULL
+-#else
+-                POLKIT_AUTH, "--obtain", cred[i].prompt, NULL
+-#endif
+-            };
+-
+             if (STRNEQ(cred[i].challenge, "PolicyKit"))
+                 return -1;
+-            if (virRun(NULL, (char **) args, &ret) < 0)
+-                return -1;
+ 
+-            if (!WIFEXITED(ret) ||
+-                (WEXITSTATUS(ret) != 0 && WEXITSTATUS(ret) != 1))
++#if defined(POLKIT_AUTH)
++            if (virConnectAuthGainPolkit(cred[i].prompt) < 0)
+                 return -1;
++#else
++            /*
++             * Ignore & carry on. Although we can't auth
++             * directly, the user may have authenticated
++             * themselves already outside context of libvirt
++             */
++#endif
++
+             break;
+         }
+-#endif
++
+         case VIR_CRED_USERNAME:
+         case VIR_CRED_AUTHNAME:
+         case VIR_CRED_ECHOPROMPT:
+@@ -158,9 +191,7 @@ static int virConnectCredTypeDefault[] =
+     VIR_CRED_REALM,
+     VIR_CRED_PASSPHRASE,
+     VIR_CRED_NOECHOPROMPT,
+-#if defined(POLKIT_AUTH) || defined(POLKIT_GRANT)
+     VIR_CRED_EXTERNAL,
+-#endif
+ };
+ 
+ static virConnectAuth virConnectAuthDefault = {

libvirt-0.4.1-qemu-media-change.patch

@@ -0,0 +1,128 @@
+commit 570fd656d1b67e5d02f52e107946930257e811a7
+Author: Daniel Veillard <veillard@redhat.com>
+Date:   Thu Mar 13 09:17:45 2008 +0000
+
+    * src/qemu_conf.c src/qemu_driver.c: patch from Cole Robinson
+      fixing CD Rom change on live QEmu/KVM domains.
+    Daniel
+
+diff --git a/src/qemu_conf.c b/src/qemu_conf.c
+index e54da5b..ebbd251 100644
+--- a/src/qemu_conf.c
++++ b/src/qemu_conf.c
+@@ -594,9 +594,16 @@ static int qemudParseDiskXML(virConnectPtr conn,
+     }
+ 
+     if (source == NULL) {
+-        qemudReportError(conn, NULL, NULL, VIR_ERR_NO_SOURCE, target ? "%s" : NULL, target);
+-        goto error;
++        /* There is a case without the source
++         * to the CD-ROM device
++         */
++        if (!device || STRNEQ((const char *) device, "cdrom")) {
++            qemudReportError(conn, NULL, NULL, VIR_ERR_NO_SOURCE,
++                             target ? "%s" : NULL, target);
++            goto error;
++        }
+     }
++
+     if (target == NULL) {
+         qemudReportError(conn, NULL, NULL, VIR_ERR_NO_TARGET, source ? "%s" : NULL, source);
+         goto error;
+@@ -630,7 +637,7 @@ static int qemudParseDiskXML(virConnectPtr conn,
+         goto error;
+     }
+ 
+-    strncpy(disk->src, (const char *)source, NAME_MAX-1);
++    strncpy(disk->src, (source ? (const char *) source : "\0"), NAME_MAX-1);
+     disk->src[NAME_MAX-1] = '\0';
+ 
+     strncpy(disk->dst, (const char *)target, NAME_MAX-1);
+@@ -1747,9 +1754,15 @@ int qemudBuildCommandLine(virConnectPtr conn,
+         char dev[NAME_MAX];
+         char file[PATH_MAX];
+         if (!strcmp(disk->dst, "hdc") &&
+-            disk->device == QEMUD_DISK_CDROM)
+-            snprintf(dev, NAME_MAX, "-%s", "cdrom");
+-        else
++            disk->device == QEMUD_DISK_CDROM) {
++            if (disk->src[0])
++                snprintf(dev, NAME_MAX, "-%s", "cdrom");
++            else {
++                /* Don't put anything on the cmdline for an empty cdrom*/
++                disk = disk->next;
++                continue;
++            }
++        } else
+             snprintf(dev, NAME_MAX, "-%s", disk->dst);
+         snprintf(file, PATH_MAX, "%s", disk->src);
+ 
+@@ -2906,8 +2919,10 @@ char *qemudGenerateXML(virConnectPtr conn,
+                               types[disk->type], devices[disk->device]) < 0)
+             goto no_memory;
+ 
+-        if (virBufferVSprintf(buf, "      <source %s='%s'/>\n", typeAttrs[disk->type], disk->src) < 0)
+-            goto no_memory;
++        if (disk->src[0])
++            if (virBufferVSprintf(buf, "      <source %s='%s'/>\n",
++                                  typeAttrs[disk->type], disk->src) < 0)
++                goto no_memory;
+ 
+         if (virBufferVSprintf(buf, "      <target dev='%s'/>\n", disk->dst) < 0)
+             goto no_memory;
+diff --git a/src/qemu_driver.c b/src/qemu_driver.c
+index 21f0fed..2b4c2a6 100644
+--- a/src/qemu_driver.c
++++ b/src/qemu_driver.c
+@@ -2223,23 +2223,29 @@ static int qemudDomainChangeCDROM(virDomainPtr dom,
+     struct qemud_driver *driver = (struct qemud_driver *)dom->conn->privateData;
+     char *cmd, *reply, *safe_path;
+ 
+-    /* Migrate to file */
+-    safe_path = qemudEscapeMonitorArg(newdisk->src);
+-    if (!safe_path) {
+-        qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
+-                         "out of memory");
+-        return -1;
+-    }
+-    if (asprintf (&cmd, "change %s \"%s\"",
+-                  /* XXX qemu may support multiple CDROM in future */
+-                  /* olddisk->dst */ "cdrom",
+-                  safe_path) == -1) {
++    if (newdisk->src[0]) {
++        safe_path = qemudEscapeMonitorArg(newdisk->src);
++        if (!safe_path) {
++            qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
++                             "out of memory");
++            return -1;
++        }
++        if (asprintf (&cmd, "change %s \"%s\"",
++                      /* XXX qemu may support multiple CDROM in future */
++                      /* olddisk->dst */ "cdrom",
++                      safe_path) == -1) {
++            qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
++                             "out of memory");
++            free(safe_path);
++            return -1;
++        }
++        free(safe_path);
++
++    } else if (asprintf(&cmd, "eject cdrom") == -1) {
+         qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
+                          "out of memory");
+-        free(safe_path);
+         return -1;
+     }
+-    free(safe_path);
+ 
+     if (qemudMonitorCommand(driver, vm, cmd, &reply) < 0) {
+         qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED, "cannot change cdrom media");
+@@ -2248,7 +2254,7 @@ static int qemudDomainChangeCDROM(virDomainPtr dom,
+     }
+     free(reply);
+     free(cmd);
+-    strcpy(olddisk->dst, newdisk->dst);
++    strcpy(olddisk->src, newdisk->src);
+     olddisk->type = newdisk->type;
+     return 0;
+ }

libvirt-0.4.1-qemud1.patch

@@ -0,0 +1,38 @@
+
+	Avoid segfault upon early libvirtd failure.
+	* qemud/qemud.c (main): Don't call qemudCleanup on an
+	uninitialized pointer.
+
+By the way, even though this evoked a warning from gcc,
+"make distcheck" passes.  Obviously, that means the distcheck
+rule is inadequate.  I'll fix it so that it turns on -Werror
+for the final build.
+
+Signed-off-by: Jim Meyering <meyering@redhat.com>
+---
+ qemud/qemud.c |    5 +++--
+ 1 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/qemud/qemud.c b/qemud/qemud.c
+index 96fdf32..b6b82ed 100644
+--- a/qemud/qemud.c
++++ b/qemud/qemud.c
+@@ -2025,7 +2025,7 @@ libvirt management daemon:\n\
+
+ #define MAX_LISTEN 5
+ int main(int argc, char **argv) {
+-    struct qemud_server *server;
++    struct qemud_server *server = NULL;
+     struct sigaction sig_action;
+     int sigpipe[2];
+     const char *pid_file = NULL;
+@@ -2180,7 +2180,8 @@ int main(int argc, char **argv) {
+         unlink (pid_file);
+
+  error1:
+-    qemudCleanup(server);
++    if (server)
++        qemudCleanup(server);
+     return ret;
+ }
+

libvirt-0.4.1-qemud2.patch

@@ -0,0 +1,23 @@
+
+	Don't use first byte of string as a pointer.
+	* src/qemu_conf.c (qemudReportError): Use the pointer, errorMessage,
+	not its first byte, errorMessage[0].
+
+Signed-off-by: Jim Meyering <meyering@redhat.com>
+---
+ src/qemu_conf.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/src/qemu_conf.c b/src/qemu_conf.c
+index eead0bc..e54da5b 100644
+--- a/src/qemu_conf.c
++++ b/src/qemu_conf.c
+@@ -68,7 +68,7 @@ void qemudReportError(virConnectPtr conn,
+         errorMessage[0] = '\0';
+     }
+
+-    virerr = __virErrorMsg(code, (errorMessage[0] ? errorMessage[0] : NULL));
++    virerr = __virErrorMsg(code, (errorMessage[0] ? errorMessage : NULL));
+     __virRaiseError(conn, dom, net, VIR_FROM_QEMU, code, VIR_ERR_ERROR,
+                     virerr, errorMessage, NULL, -1, -1, virerr, errorMessage);
+ }

libvirt-0.4.1-tap-ifname.patch

@@ -0,0 +1,63 @@
+diff -rupN libvirt-0.4.1.orig/src/bridge.c libvirt-0.4.1.new/src/bridge.c
+--- libvirt-0.4.1.orig/src/bridge.c	2008-02-28 06:16:21.000000000 -0500
++++ libvirt-0.4.1.new/src/bridge.c	2008-03-13 11:25:12.000000000 -0400
+@@ -313,7 +313,6 @@ brDeleteInterface(brControl *ctl ATTRIBU
+ int
+ brAddTap(brControl *ctl,
+          const char *bridge,
+-         unsigned char *macaddr,
+          char *ifname,
+          int maxlen,
+          int *tapfd)
+@@ -357,18 +356,6 @@ brAddTap(brControl *ctl,
+         }
+ 
+         if (ioctl(fd, TUNSETIFF, &try) == 0) {
+-            struct ifreq addr;
+-            memset(&addr, 0, sizeof(addr));
+-            memcpy(addr.ifr_hwaddr.sa_data, macaddr, 6);
+-            addr.ifr_hwaddr.sa_family = ARPHRD_ETHER;
+-
+-            /* Device actually starts in 'UP' state, but it
+-             * needs to be down to set the MAC addr
+-             */
+-            if ((errno = brSetInterfaceUp(ctl, try.ifr_name, 0)))
+-                goto error;
+-            if (ioctl(fd, SIOCSIFHWADDR, &addr) != 0)
+-                goto error;
+             if ((errno = brAddInterface(ctl, bridge, try.ifr_name)))
+                 goto error;
+             if ((errno = brSetInterfaceUp(ctl, try.ifr_name, 1)))
+diff -rupN libvirt-0.4.1.orig/src/bridge.h libvirt-0.4.1.new/src/bridge.h
+--- libvirt-0.4.1.orig/src/bridge.h	2008-02-28 06:16:21.000000000 -0500
++++ libvirt-0.4.1.new/src/bridge.h	2008-03-13 11:25:12.000000000 -0400
+@@ -62,7 +62,6 @@ int     brDeleteInterface       (brContr
+ 
+ int     brAddTap                (brControl *ctl,
+                                  const char *bridge,
+-                                 unsigned char *mac,
+                                  char *ifname,
+                                  int maxlen,
+                                  int *tapfd);
+diff -rupN libvirt-0.4.1.orig/src/qemu_conf.c libvirt-0.4.1.new/src/qemu_conf.c
+--- libvirt-0.4.1.orig/src/qemu_conf.c	2008-03-13 11:24:39.000000000 -0400
++++ libvirt-0.4.1.new/src/qemu_conf.c	2008-03-13 11:25:12.000000000 -0400
+@@ -1540,7 +1540,6 @@ qemudNetworkIfaceConnect(virConnectPtr c
+     }
+ 
+     if ((err = brAddTap(driver->brctl, brname,
+-                        net->mac,
+                         ifname, BR_IFNAME_MAXLEN, &tapfd))) {
+         qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+                          "Failed to add tap interface '%s' to bridge '%s' : %s",
+@@ -1548,7 +1547,9 @@ qemudNetworkIfaceConnect(virConnectPtr c
+         goto error;
+     }
+ 
+-    snprintf(tapfdstr, sizeof(tapfdstr), "tap,fd=%d,script=,vlan=%d", tapfd, vlan);
++    snprintf(tapfdstr, sizeof(tapfdstr),
++             "tap,fd=%d,script=,vlan=%d,ifname=%s",
++             tapfd, vlan, ifname);
+ 
+     if (!(retval = strdup(tapfdstr)))
+         goto no_memory;

libvirt-0.4.1-xen-boot-device.patch

@@ -0,0 +1,21 @@
+commit 2bcf35336cd649e58c08d7cf3452a8d4353bcf85
+Author: Daniel Veillard <veillard@redhat.com>
+Date:   Fri Mar 7 09:23:30 2008 +0000
+
+    * src/xend_internal.c: applied patch from Cole Robinson to not
+      loose the boot tag when defining a fully virtualized xen domain
+    Daniel
+
+diff --git a/src/xend_internal.c b/src/xend_internal.c
+index 8bbc28f..fef54f8 100644
+--- a/src/xend_internal.c
++++ b/src/xend_internal.c
+@@ -1323,7 +1323,7 @@ xend_parse_sexp_desc_os(virConnectPtr xend, struct sexpr *node, virBufferPtr buf
+     if (hvm)
+         virBufferVSprintf(buf, "    <loader>%s</loader>\n", loader);
+ 
+-    if (kernel) {
++    if ((kernel) && ((!loader) || (STRNEQ(kernel, loader)))) {
+         virBufferVSprintf(buf, "    <kernel>%s</kernel>\n", kernel);
+         if (initrd && initrd[0])
+             virBufferVSprintf(buf, "    <initrd>%s</initrd>\n", initrd);

libvirt-iscsi-sysfs4.patch

@@ -0,0 +1,146 @@
+--- a/src/storage_backend_iscsi.c	4 Mar 2008 20:02:34 -0000	1.3
++++ b/src/storage_backend_iscsi.c	26 Mar 2008 22:07:05 -0000
+@@ -170,20 +170,91 @@
+ virStorageBackendISCSIMakeLUN(virConnectPtr conn,
+                               virStoragePoolObjPtr pool,
+                               char **const groups,
+-                              void *data ATTRIBUTE_UNUSED)
++                              void *data)
+ {
+     virStorageVolDefPtr vol;
+     int fd = -1;
++    unsigned int target, channel, id, lun;
+     char lunid[100];
+-    char *dev = groups[4];
+     int opentries = 0;
+     char *devpath = NULL;
++    char *session = data;
++    char sysfs_path[PATH_MAX];
++    char *dev = NULL;
++    DIR *sysdir;
++    struct dirent *block_dirent;
++    struct stat sbuf;
++    int len;
++
++    if ((virStrToLong_ui(groups[0], NULL, 10, &target) < 0) ||
++        (virStrToLong_ui(groups[1], NULL, 10, &channel) < 0) ||
++        (virStrToLong_ui(groups[2], NULL, 10, &id) < 0) ||
++        (virStrToLong_ui(groups[3], NULL, 10, &lun) < 0)) {
++        virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s",
++                              _("Failed parsing iscsiadm commands"));
++        return -1;
++    }
++
++    if (lun == 0) {
++        /* the 0'th LUN isn't a real LUN, it's just a control LUN; skip it */
++        return 0;
++    }
++
++    snprintf(sysfs_path, PATH_MAX,
++             "/sys/class/iscsi_session/session%s/device/"
++             "target%d:%d:%d/%d:%d:%d:%d/block",
++             session, target, channel, id, target, channel, id, lun);
++
++    if (stat(sysfs_path, &sbuf) < 0) {
++        /* block path in subdir didn't exist; this is unexpected, so fail */
++        virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR,
++                              _("Failed to find the sysfs path for %d:%d:%d:%d: %s"),
++                              target, channel, id, lun, strerror(errno));
++        return -1;
++    }
++
++    sysdir = opendir(sysfs_path);
++    if (sysdir == NULL) {
++        /* we failed for some reason; return an error */
++        virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR,
++                              _("Failed to opendir sysfs path %s: %s"),
++                              sysfs_path, strerror(errno));
++        return -1;
++    }
++
++    while ((block_dirent = readdir(sysdir)) != NULL) {
++        len = strlen(block_dirent->d_name);
++        if ((len == 1 && block_dirent->d_name[0] == '.') ||
++            (len == 2 && block_dirent->d_name[0] == '.' && block_dirent->d_name[1] == '.')) {
++            /* the . and .. directories; just skip them */
++            continue;
++        }
++
++        /* OK, not . or ..; let's see if it is a SCSI device */
++        if (len > 2 &&
++            block_dirent->d_name[0] == 's' &&
++            block_dirent->d_name[1] == 'd') {
++            /* looks like a scsi device, smells like scsi device; it must be
++               a scsi device */
++            dev = strdup(block_dirent->d_name);
++            break;
++        }
++    }
++    closedir(sysdir);
++
++    if (dev == NULL) {
++        /* we didn't find the sd? device we were looking for; fail */
++        virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR,
++                              _("Failed to find SCSI device for %d:%d:%d:%d: %s"),
++                              target, channel, id, lun, strerror(errno));
++        return -1;
++    }
+ 
+     snprintf(lunid, sizeof(lunid)-1, "lun-%s", groups[3]);
+ 
+     if ((vol = calloc(1, sizeof(virStorageVolDef))) == NULL) {
+         virStorageReportError(conn, VIR_ERR_NO_MEMORY, "%s", _("volume"));
+-        return -1;
++        goto cleanup;
+     }
+ 
+     if ((vol->name = strdup(lunid)) == NULL) {
+@@ -197,6 +268,8 @@
+     }
+     strcpy(devpath, "/dev/");
+     strcat(devpath, dev);
++    free(dev);
++    dev = NULL;
+     /* It can take a little while between logging into the ISCSI
+      * server and udev creating the /dev nodes, so if we get ENOENT
+      * we must retry a few times - they should eventually appear.
+@@ -258,6 +331,7 @@
+     if (fd != -1) close(fd);
+     free(devpath);
+     virStorageVolDefFree(vol);
++    free(dev);
+     return -1;
+ }
+ 
+@@ -281,14 +355,13 @@
+      *           scsi1 Channel 00 Id 0 Lun: 5
+      *                   Attached scsi disk sdg          State: running
+      *
+-     * Need 2 regex to match alternating lines
++     * Need a regex to match the Channel:Id:Lun lines
+      */
+     const char *regexes[] = {
+-        "^\\s*scsi(\\S+)\\s+Channel\\s+(\\S+)\\s+Id\\s+(\\S+)\\s+Lun:\\s+(\\S+)\\s*$",
+-        "^\\s*Attached\\s+scsi\\s+disk\\s+(\\S+)\\s+State:\\s+running\\s*$"
++        "^\\s*scsi(\\S+)\\s+Channel\\s+(\\S+)\\s+Id\\s+(\\S+)\\s+Lun:\\s+(\\S+)\\s*$"
+     };
+     int vars[] = {
+-        4, 1
++        4
+     };
+     const char *prog[] = {
+         ISCSIADM, "--mode", "session", "-r", session, "-P", "3", NULL,
+@@ -296,11 +369,11 @@
+ 
+     return virStorageBackendRunProgRegex(conn, pool,
+                                          prog,
+-                                         2,
++                                         1,
+                                          regexes,
+                                          vars,
+                                          virStorageBackendISCSIMakeLUN,
+-                                         NULL);
++                                         (void *)session);
+ }
+ 
+ 

libvirt-source-dir-fix.patch

@@ -0,0 +1,17 @@
+Index: src/storage_conf.c
+===================================================================
+RCS file: /data/cvs/libvirt/src/storage_conf.c,v
+retrieving revision 1.3
+retrieving revision 1.4
+diff -u -r1.3 -r1.4
+--- a/src/storage_conf.c	27 Feb 2008 10:37:19 -0000	1.3
++++ b/src/storage_conf.c	28 Mar 2008 17:56:44 -0000	1.4
+@@ -479,7 +479,7 @@
+     }
+     if ((options->flags & VIR_STORAGE_BACKEND_POOL_SOURCE_DIR) &&
+         def->source.dir &&
+-        virBufferVSprintf(buf,"    <directory path='%s'/>\n", def->source.dir) < 0)
++        virBufferVSprintf(buf,"    <dir path='%s'/>\n", def->source.dir) < 0)
+         goto no_memory;
+     if ((options->flags & VIR_STORAGE_BACKEND_POOL_SOURCE_ADAPTER) &&
+         def->source.adapter &&

libvirt-storage-api-iscsi-sendtarget.patch

@@ -0,0 +1,17 @@
+--- /home/boston/clalance/devel/libvirt--devel/src/storage_backend_iscsi.c	2008-02-13 13:48:32.497466000 -0500
++++ libvirt-0.4.0/src/storage_backend_iscsi.c	2008-02-11 17:19:35.000000000 -0500
+@@ -143,6 +143,14 @@ static int virStorageBackendISCSIConnect
+         "--targetname", pool->def->source.devices[0].path, action, NULL
+     };
+ 
++    const char *cmdsendtarget[] = {
++        ISCSIADM, "--mode", "discovery", "--type", "sendtargets",
++        "--portal", portal, NULL
++    };
++
++    if (virRun(conn, (char **)cmdsendtarget, NULL) < 0)
++        return -1;
++
+     if (virRun(conn, (char **)cmdargv, NULL) < 0)
+         return -1;
+ 

libvirt.spec

@@ -1,16 +1,40 @@
 # -*- rpm-spec -*-
 
+%if "%{fedora}" >= "8"
+%define with_polkit 1
+%define with_proxy no
+%else
+%define with_polkit 0
+%define with_proxy yes
+%endif
+
+%if "%{fedora}"
+%ifarch ppc64
+%define with_qemu 0
+%else
+%define with_qemu 1
+%endif
+%else
+%define with_qemu 0
+%endif
+
 Summary: Library providing a simple API virtualization
 Name: libvirt
-Version: 0.3.3
+Version: 0.4.1
-Release: 2%{?dist}%{?extra_release}
+Release: 3%{?dist}%{?extra_release}
 License: LGPL
 Group: Development/Libraries
 Source: libvirt-%{version}.tar.gz
-Patch1: %{name}-%{version}-qemu-config.patch
+Patch0: libvirt-0.4.1-qemud1.patch
-# NB, when removing this patch on next release, also remove the manual 
+Patch1: libvirt-0.4.1-qemud2.patch
-# config file copy in the install section of this spec file
+Patch2: %{name}-%{version}-daemon-startup.patch
-Patch2: %{name}-%{version}-example-config.patch
+Patch3: %{name}-%{version}-qemu-media-change.patch
+Patch4: %{name}-%{version}-xen-boot-device.patch
+Patch5: %{name}-%{version}-tap-ifname.patch
+Patch6: libvirt-storage-api-iscsi-sendtarget.patch 
+Patch7: libvirt-iscsi-sysfs4.patch 
+Patch8: libvirt-source-dir-fix.patch
+Patch9: %{name}-%{version}-polkit.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 URL: http://libvirt.org/
 BuildRequires: python python-devel
@@ -20,7 +44,34 @@ Requires: ncurses
 Requires: dnsmasq
 Requires: bridge-utils
 Requires: iptables
-
+# So remote clients can access libvirt over SSH tunnel
+# (client invokes 'nc' against the UNIX socket on the server)
+Requires: nc
+Requires: cyrus-sasl
+# Not technically required, but makes 'out-of-box' config
+# work correctly & doesn't have onerous dependencies
+Requires: cyrus-sasl-md5
+%if %{with_polkit}
+Requires: PolicyKit >= 0.6
+%endif
+# For mount/umount in FS driver
+BuildRequires: util-linux
+# PPC64 has no Xen nor QEmu, try to build anyway
+%ifnarch ppc64
+%if %{with_qemu}
+# From QEMU RPMs
+Requires: /usr/bin/qemu-img
+%else
+# From Xen RPMs
+Requires: /usr/sbin/qcow-create
+%endif
+%endif
+# For LVM drivers
+Requires: lvm2
+# For ISCSI driver
+Requires: iscsi-initiator-utils
+# For disk driver
+Requires: parted
 %ifarch i386 x86_64 ia64
 BuildRequires: xen-devel
 %endif
@@ -30,15 +81,41 @@ BuildRequires: ncurses-devel
 BuildRequires: gettext
 BuildRequires: gnutls-devel
 BuildRequires: avahi-devel
+BuildRequires: libselinux-devel
 BuildRequires: dnsmasq
 BuildRequires: bridge-utils
+%if %{with_qemu}
+BuildRequires: qemu
+%endif
+BuildRequires: cyrus-sasl-devel
+%if %{with_polkit}
+BuildRequires: PolicyKit-devel >= 0.6
+%endif
+# For mount/umount in FS driver
+BuildRequires: util-linux
+# PPC64 has no Xen nor QEmu, try to build anyway
+%ifnarch ppc64
+%if %{with_qemu}
+# From QEMU RPMs
+BuildRequires: /usr/bin/qemu-img
+%else
+# From Xen RPMs
+BuildRequires: /usr/sbin/qcow-create
+%endif
+%endif
+# For LVM drivers
+BuildRequires: lvm2
+# For ISCSI driver
+BuildRequires: iscsi-initiator-utils
+# For disk driver
+BuildRequires: parted-devel
 Obsoletes: libvir
 
 # Fedora build root suckage
 BuildRequires: gawk
 
 %description
-Libvirt is a C toolkit to interract with the virtualization capabilities
+Libvirt is a C toolkit to interact with the virtualization capabilities
 of recent versions of Linux (and other OSes).
 
 %package devel
@@ -49,7 +126,6 @@ Requires: pkgconfig
 %ifarch i386 x86_64 ia64
 Requires: xen-devel
 %endif
-Requires: gnutls-devel
 Obsoletes: libvir-devel
 
 %description devel
@@ -65,20 +141,42 @@ Obsoletes: libvir-python
 %description python
 The libvirt-python package contains a module that permits applications
 written in the Python programming language to use the interface
-supplied by the libvirt library to use the the virtualization capabilities 
+supplied by the libvirt library to use the virtualization capabilities
 of recent versions of Linux (and other OSes).
 
 %prep
 %setup -q
+%patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
 
 %build
-# Xen is availble only on i386 x86_64 ia64
+# Xen is available only on i386 x86_64 ia64
 %ifarch i386 i686 x86_64 ia64
-%configure --with-init-script=redhat --with-qemud-pid-file=%{_localstatedir}/run/libvirt_qemud.pid --with-remote-file=%{_localstatedir}/run/libvirtd.pid
+%configure --with-init-script=redhat \
+           --with-qemud-pid-file=%{_localstatedir}/run/libvirt_qemud.pid \
+           --with-remote-file=%{_localstatedir}/run/libvirtd.pid \
+           --with-xen-proxy=%{with_proxy}
 %else
-%configure --without-xen --with-init-script=redhat --with-qemud-pid-file=%{_localstatedir}/run/libvirt_qemud.pid --with-remote-file=%{_localstatedir}/run/libvirtd.pid
+%ifnarch ppc64
+%configure --without-xen \
+           --with-init-script=redhat \
+           --with-qemud-pid-file=%{_localstatedir}/run/libvirt_qemud.pid \
+           --with-remote-file=%{_localstatedir}/run/libvirtd.pid
+%else
+%configure --without-xen \
+           --without-qemu \
+           --with-init-script=redhat \
+           --with-qemud-pid-file=%{_localstatedir}/run/libvirt_qemud.pid \
+           --with-remote-file=%{_localstatedir}/run/libvirtd.pid
+%endif
 %endif
 
 make
@@ -95,11 +193,6 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/python*/site-packages/*.la
 rm -f $RPM_BUILD_ROOT%{_libdir}/python*/site-packages/*.a
 install -d -m 0755 $RPM_BUILD_ROOT%{_localstatedir}/run/libvirt/
 
-# Copy files from patch2 into location
-install -d $RPM_BUILD_ROOT%{_sysconfdir}/libvirt
-install -m 0755 src/qemu.conf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu.conf
-install -m 0755 qemud/libvirtd.conf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/libvirtd.conf
-
 # We don't want to install /etc/libvirt/qemu/networks in the main %files list
 # because if the admin wants to delete the default network completely, we don't
 # want to end up re-incarnating it on every RPM upgrade.
@@ -157,13 +250,20 @@ fi
 %config(noreplace) %{_sysconfdir}/sysconfig/libvirtd
 %config(noreplace) %{_sysconfdir}/libvirt/libvirtd.conf
 %config(noreplace) %{_sysconfdir}/libvirt/qemu.conf
+%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
 %dir %{_datadir}/libvirt/
 %dir %{_datadir}/libvirt/networks/
 %{_datadir}/libvirt/networks/default.xml
 %dir %{_localstatedir}/run/libvirt/
 %dir %{_localstatedir}/lib/libvirt/
+%if %{with_polkit}
+%{_datadir}/PolicyKit/policy/libvirtd.policy
+%endif
 %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/
+%if %{with_proxy} == "yes"
 %attr(4755, root, root) %{_libexecdir}/libvirt_proxy
+%endif
+%attr(0755, root, root) %{_libexecdir}/libvirt_parthelper
 %attr(0755, root, root) %{_sbindir}/libvirtd
 %doc docs/*.rng
 %doc docs/*.xml
@@ -196,6 +296,46 @@ fi
 %doc docs/examples/python
 
 %changelog
+* Thu Apr  4 2008 Daniel P. Berrange <berrange@redhat.com> - 0.4.1-3.fc8
+- Don't run polkit-auth as root
+- Don't request polkit auth if client is root
+- When dumping XML for a storage pool, make the <source> directory tag
+  match the <dir> tag used for specifying the pool in the first place
+- Do iscsiadm sendtarget before trying to do login
+- Do sysfs scanning for iSCSI LUNs instead of trying to parse them from
+  iscsiadm session output
+- Fix QEMU tap device setup
+- Fix Xen boot device XML processing
+- Fixed QEMU cdrom media change
+
+* Tue Mar 11 2008 Daniel Veillard <veillard@redhat.com> - 0.4.1-2.fc8
+- Fixed daemon startup when run with --daemon flag
+
+* Thu Mar  6 2008 Daniel Veillard <veillard@redhat.com> - 0.4.1-1.fc8
+- Update to 0.4.1
+- Storage APIs
+- xenner support
+- lots of assorted improvements, bugfixes and cleanups
+- documentation and localization improvements
+
+* Thu Jan 17 2008 Daniel P. Berrange <berrange@redhat.com> - 0.4.0-4.fc8
+- Fix SSH tunnelling (rhbz #428743)
+
+* Sun Jan 13 2008 Daniel P. Berrange <berrange@redhat.com> - 0.4.0-3.fc8
+- Fix crash when no auth callback
+
+* Wed Jan  2 2008 Daniel P. Berrange <berrange@redhat.com> - 0.4.0-2.fc8
+- Fix reading large config files (rhbz #426425)
+- Fix crash when connecting to a PolicyKit enabled server with not auth callback (rhbz #427107)
+
+* Tue Dec 18 2007 Daniel Veillard <veillard@redhat.com> - 0.4.0-1.fc8
+- Release of 0.4.0
+- SASL based authentication
+- PolicyKit authentication
+- improved NUMA and statistics support
+- lots of assorted improvements, bugfixes and cleanups
+- documentation and localization improvements
+
 * Mon Oct 15 2007 Daniel P. Berrange <berrange@redhat.com> - 0.3.3-2.fc8
 - Added QEMU driver config file support
 - Added example config files

sources

@@ -1 +1 @@
-583fa13938df63bd404cc1b7cf553874  libvirt-0.3.3.tar.gz
+4dfe45869f082393cfd09f4690454c12  libvirt-0.4.1.tar.gz