Fix qemu:///session connect race failures (bz #1271183 )

driver: log missing modules as INFO, not WARN (bz #1274849)
Fix XML validation with qemu commandline passthrough (bz #1292131 )
2016-03-17 17:31:07 -04:00 · 2016-01-20 20:04:34 -05:00 · 2015-12-23 19:09:14 -05:00 · 2015-09-22 09:11:23 -04:00 · 2015-09-21 21:24:48 -04:00 · 2015-06-06 11:17:32 -04:00
26 changed files with 3123 additions and 5019 deletions
@@ -0,0 +1,38 @@
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Thu, 17 Dec 2015 13:43:58 +0100
+Subject: [PATCH] schema: interleave domain name and uuid with other elements
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Allow <name> and <uuid> anywhere under <domain>, not just at the top:
+
+error:XML document failed to validate against schema: Unable to validate
+doc against /usr/share/libvirt/schemas/domain.rng
+Expecting an element name, got nothing
+Invalid sequence in interleave
+Element domain failed to validate content
+
+Introduced with the first RelaxNG schema in commit c642103.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1292131
+(cherry picked from commit b4e0549febe416ffefc16f389423740d6d65fa74)
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+---
+ docs/schemas/domaincommon.rng | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
+index b252a17..48610ce 100644
+--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
+@@ -30,8 +30,8 @@
+   <define name="domain">
+     <element name="domain">
+       <ref name="hvs"/>
+-      <ref name="ids"/>
+       <interleave>
+        <ref name="ids"/>
+         <optional>
+           <ref name="title"/>
+         </optional>
@@ -0,0 +1,32 @@
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Thu, 14 Jan 2016 14:31:17 +0100
+Subject: [PATCH] leaseshelper: fix crash when no mac is specified
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If dnsmasq specified DNSMASQ_IAID (so we're dealing with an IPv6
+lease) but no DNSMASQ_MAC, we skip creation of the new lease object.
+
+Also skip adding it to the leases array.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1202350
+(cherry picked from commit df9fe124d650bc438c531673492569da87523d20)
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+---
+ src/network/leaseshelper.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/network/leaseshelper.c b/src/network/leaseshelper.c
+index 2d528f7..6930310 100644
+--- a/src/network/leaseshelper.c
+++ b/src/network/leaseshelper.c
+@@ -439,7 +439,7 @@ main(int argc, char **argv)
+ 
+     case VIR_LEASE_ACTION_OLD:
+     case VIR_LEASE_ACTION_ADD:
+-        if (virJSONValueArrayAppend(leases_array_new, lease_new) < 0) {
+        if (lease_new && virJSONValueArrayAppend(leases_array_new, lease_new) < 0) {
+             virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                            _("failed to create json"));
+             goto cleanup;
@@ -0,0 +1,63 @@
+From: Cole Robinson <crobinso@redhat.com>
+Date: Tue, 19 Jan 2016 22:19:56 -0500
+Subject: [PATCH] build: predictably generate systemtap tapsets (bz 1173641)
+
+The generated output is dependent on perl hashtable ordering, which
+gives different results for i686 and x86_64. Fix this by sorting
+the hash keys before iterating over them
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1173641
+(cherry picked from commit a1edb05c6028470aa24b74aa0f8d5fb5a181128a)
+---
+ src/rpc/gensystemtap.pl | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/rpc/gensystemtap.pl b/src/rpc/gensystemtap.pl
+index 2467300..7b80fbf 100755
+--- a/src/rpc/gensystemtap.pl
+++ b/src/rpc/gensystemtap.pl
+@@ -72,7 +72,7 @@ function libvirt_rpc_auth_name(type, verbose)
+ {
+ EOF
+ my $first = 1;
+-foreach my $type (keys %auth) {
+foreach my $type (sort(keys %auth)) {
+     my $cond = $first ? "if" : "} else if";
+     $first = 0;
+     print "  $cond (type == ", $type, ") {\n";
+@@ -95,7 +95,7 @@ function libvirt_rpc_type_name(type, verbose)
+ {
+ EOF
+ $first = 1;
+-foreach my $type (keys %type) {
+foreach my $type (sort(keys %type)) {
+     my $cond = $first ? "if" : "} else if";
+     $first = 0;
+     print "  $cond (type == ", $type, ") {\n";
+@@ -118,7 +118,7 @@ function libvirt_rpc_status_name(status, verbose)
+ {
+ EOF
+ $first = 1;
+-foreach my $status (keys %status) {
+foreach my $status (sort(keys %status)) {
+     my $cond = $first ? "if" : "} else if";
+     $first = 0;
+     print "  $cond (status == ", $status, ") {\n";
+@@ -141,7 +141,7 @@ function libvirt_rpc_program_name(program, verbose)
+ {
+ EOF
+ $first = 1;
+-foreach my $prog (keys %funcs) {
+foreach my $prog (sort(keys %funcs)) {
+     my $cond = $first ? "if" : "} else if";
+     $first = 0;
+     print "  $cond (program == ", $funcs{$prog}->{id}, ") {\n";
+@@ -165,7 +165,7 @@ function libvirt_rpc_procedure_name(program, version, proc, verbose)
+ {
+ EOF
+ $first = 1;
+-foreach my $prog (keys %funcs) {
+foreach my $prog (sort(keys %funcs)) {
+     my $cond = $first ? "if" : "} else if";
+     $first = 0;
+     print "  $cond (program == ", $funcs{$prog}->{id}, " && version == ", $funcs{$prog}->{version}, ") {\n";
@@ -0,0 +1,30 @@
+From: "Daniel P. Berrange" <berrange@redhat.com>
+Date: Fri, 3 Jul 2015 16:51:56 +0100
+Subject: [PATCH] rpc: ensure daemon is spawn even if dead socket exists
+
+The auto-spawn code would originally attempt to spawn the
+daemon for both ENOENT and ECONNREFUSED errors from connect().
+The various refactorings eventually lost this so we only
+spawn the daemon on ENOENT. The result is if the daemon exits
+uncleanly, so that the socket is left in the filesystem, we
+will never be able to auto-spawn the daemon again.
+
+(cherry picked from commit 406ee8c226d2197ba1aaecb9cf3ad2b6df31ae44)
+---
+ src/rpc/virnetsocket.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
+index 51f94d4..6153e0e 100644
+--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
+@@ -610,7 +610,8 @@ int virNetSocketNewConnectUNIX(const char *path,
+ 
+     while (retries &&
+            connect(fd, &remoteAddr.data.sa, remoteAddr.len) < 0) {
+-        if (!(spawnDaemon && errno == ENOENT)) {
+        if (!(spawnDaemon && (errno == ENOENT ||
+                              errno == ECONNREFUSED))) {
+             virReportSystemError(errno, _("Failed to connect socket to '%s'"),
+                                  path);
+             goto cleanup;
@@ -0,0 +1,48 @@
+From: Cole Robinson <crobinso@redhat.com>
+Date: Mon, 11 Jan 2016 20:01:24 -0500
+Subject: [PATCH] rpc: socket: Minor cleanups
+
+- Add some debugging
+- Make the loop dependent only on retries
+- Make it explicit that connect(2) success exits the loop
+- Invert the error checking logic
+
+(cherry picked from commit f102c7146ed7f6e04af0ad3bce302476239f2502)
+---
+ src/rpc/virnetsocket.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
+index 6153e0e..dcff69e 100644
+--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
+@@ -548,6 +548,9 @@ int virNetSocketNewConnectUNIX(const char *path,
+     char *rundir = NULL;
+     int ret = -1;
+ 
+    VIR_DEBUG("path=%s spawnDaemon=%d binary=%s", path, spawnDaemon,
+        NULLSTR(binary));
+
+     memset(&localAddr, 0, sizeof(localAddr));
+     memset(&remoteAddr, 0, sizeof(remoteAddr));
+ 
+@@ -608,10 +611,15 @@ int virNetSocketNewConnectUNIX(const char *path,
+     if (remoteAddr.data.un.sun_path[0] == '@')
+         remoteAddr.data.un.sun_path[0] = '\0';
+ 
+-    while (retries &&
+-           connect(fd, &remoteAddr.data.sa, remoteAddr.len) < 0) {
+-        if (!(spawnDaemon && (errno == ENOENT ||
+-                              errno == ECONNREFUSED))) {
+    while (retries) {
+        if (connect(fd, &remoteAddr.data.sa, remoteAddr.len) == 0) {
+            VIR_DEBUG("connect() succeeded");
+            break;
+        }
+        VIR_DEBUG("connect() failed: retries=%d errno=%d", retries, errno);
+
+        if (!spawnDaemon ||
+            (errno != ENOENT && errno != ECONNREFUSED)) {
+             virReportSystemError(errno, _("Failed to connect socket to '%s'"),
+                                  path);
+             goto cleanup;
@@ -0,0 +1,40 @@
+From: Cole Robinson <crobinso@redhat.com>
+Date: Mon, 11 Jan 2016 20:08:45 -0500
+Subject: [PATCH] rpc: socket: Explicitly error if we exceed retry count
+
+When we autolaunch libvirtd for session URIs, we spin in a retry
+loop waiting for the daemon to start and the connect(2) to succeed.
+
+However if we exceed the retry count, we don't explicitly raise an
+error, which can yield a slew of different error messages elsewhere
+in the code.
+
+Explicitly raise the last connect(2) failure if we run out of retries.
+
+(cherry picked from commit 8da02d528068942303923fc4f935e77cccac9c7c)
+---
+ src/rpc/virnetsocket.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
+index dcff69e..90951be 100644
+--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
+@@ -618,7 +618,9 @@ int virNetSocketNewConnectUNIX(const char *path,
+         }
+         VIR_DEBUG("connect() failed: retries=%d errno=%d", retries, errno);
+ 
+        retries--;
+         if (!spawnDaemon ||
+            retries == 0 ||
+             (errno != ENOENT && errno != ECONNREFUSED)) {
+             virReportSystemError(errno, _("Failed to connect socket to '%s'"),
+                                  path);
+@@ -628,7 +630,6 @@ int virNetSocketNewConnectUNIX(const char *path,
+         if (virNetSocketForkDaemon(binary) < 0)
+             goto cleanup;
+ 
+-        retries--;
+         usleep(5000);
+     }
+ 
@@ -0,0 +1,43 @@
+From: Cole Robinson <crobinso@redhat.com>
+Date: Mon, 11 Jan 2016 20:13:38 -0500
+Subject: [PATCH] rpc: socket: Don't repeatedly attempt to launch daemon
+
+On every socket connect(2) attempt we were re-launching session
+libvirtd, up to 100 times in 5 seconds.
+
+This understandably caused some weird load races and intermittent
+qemu:///session startup failures
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1271183
+(cherry picked from commit 2eb7a975756d05a5b54ab4acf60083beb6161ac6)
+---
+ src/rpc/virnetsocket.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
+index 90951be..2ee4b6e 100644
+--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
+@@ -547,6 +547,7 @@ int virNetSocketNewConnectUNIX(const char *path,
+     virSocketAddr remoteAddr;
+     char *rundir = NULL;
+     int ret = -1;
+    bool daemonLaunched = false;
+ 
+     VIR_DEBUG("path=%s spawnDaemon=%d binary=%s", path, spawnDaemon,
+         NULLSTR(binary));
+@@ -627,8 +628,12 @@ int virNetSocketNewConnectUNIX(const char *path,
+             goto cleanup;
+         }
+ 
+-        if (virNetSocketForkDaemon(binary) < 0)
+-            goto cleanup;
+        if (!daemonLaunched) {
+            if (virNetSocketForkDaemon(binary) < 0)
+                goto cleanup;
+
+            daemonLaunched = true;
+        }
+ 
+         usleep(5000);
+     }
@@ -0,0 +1,57 @@
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Fri, 15 Jan 2016 10:55:58 +0100
+Subject: [PATCH] security: Do not restore kernel and initrd labels
+
+Kernel/initrd files are essentially read-only shareable images and thus
+should be handled in the same way. We already use the appropriate label
+for kernel/initrd files when starting a domain, but when a domain gets
+destroyed we would remove the labels which would make other running
+domains using the same files very unhappy.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=921135
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+(cherry picked from commit 68acc701bd449481e3206723c25b18fcd3d261b7)
+---
+ src/security/security_dac.c     | 8 --------
+ src/security/security_selinux.c | 8 --------
+ 2 files changed, 16 deletions(-)
+
+diff --git a/src/security/security_dac.c b/src/security/security_dac.c
+index deb6980..d01215f 100644
+--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
+@@ -971,14 +971,6 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
+         virSecurityDACRestoreSecurityFileLabel(def->os.loader->nvram) < 0)
+         rc = -1;
+ 
+-    if (def->os.kernel &&
+-        virSecurityDACRestoreSecurityFileLabel(def->os.kernel) < 0)
+-        rc = -1;
+-
+-    if (def->os.initrd &&
+-        virSecurityDACRestoreSecurityFileLabel(def->os.initrd) < 0)
+-        rc = -1;
+-
+     if (def->os.dtb &&
+         virSecurityDACRestoreSecurityFileLabel(def->os.dtb) < 0)
+         rc = -1;
+diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
+index 6e67a86..2475a80 100644
+--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
+@@ -1953,14 +1953,6 @@ virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
+         virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.loader->nvram) < 0)
+         rc = -1;
+ 
+-    if (def->os.kernel &&
+-        virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.kernel) < 0)
+-        rc = -1;
+-
+-    if (def->os.initrd &&
+-        virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.initrd) < 0)
+-        rc = -1;
+-
+     if (def->os.dtb &&
+         virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.dtb) < 0)
+         rc = -1;
@@ -0,0 +1,37 @@
+From: Cole Robinson <crobinso@redhat.com>
+Date: Tue, 15 Mar 2016 17:04:32 -0400
+Subject: [PATCH] rpc: wait longer for session daemon to start up
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1271183
+
+We only wait 0.5 seconds for the session daemon to start up and present
+its socket, which isn't sufficient for many users. Bump up the sleep
+interval and retry amount so we wait for a total of 5.0 seconds.
+
+(cherry picked from commit ca0c06f4008154de55e0b3109885facd0bf02d32)
+---
+ src/rpc/virnetsocket.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
+index 2ee4b6e..275f1f5 100644
+--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
+@@ -542,7 +542,7 @@ int virNetSocketNewConnectUNIX(const char *path,
+     char *lockpath = NULL;
+     int lockfd = -1;
+     int fd = -1;
+-    int retries = 100;
+    int retries = 500;
+     virSocketAddr localAddr;
+     virSocketAddr remoteAddr;
+     char *rundir = NULL;
+@@ -635,7 +635,7 @@ int virNetSocketNewConnectUNIX(const char *path,
+             daemonLaunched = true;
+         }
+ 
+-        usleep(5000);
+        usleep(10000);
+     }
+ 
+     localAddr.len = sizeof(localAddr.data);
@@ -0,0 +1,27 @@
+From: Jovanka Gulicoska <jovanka.gulicoska@gmail.com>
+Date: Thu, 17 Mar 2016 20:02:20 +0100
+Subject: [PATCH] driver: log missing modules as INFO, not WARN
+
+Missing modules is a common expected scenario for most libvirt usage on
+RPM distributions like Fedora, so it doesn't really warrant logging at
+WARN level. Use INFO instead
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1274849
+(cherry picked from commit 9a0c7f5f834185db9017c34aabc03ad99cf37bed)
+---
+ src/driver.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/driver.c b/src/driver.c
+index db03438..f926fe4 100644
+--- a/src/driver.c
+++ b/src/driver.c
+@@ -62,7 +62,7 @@ virDriverLoadModule(const char *name)
+         return NULL;
+ 
+     if (access(modfile, R_OK) < 0) {
+-        VIR_WARN("Module %s not accessible", modfile);
+        VIR_INFO("Module %s not accessible", modfile);
+         goto cleanup;
+     }
+ 
@@ -0,0 +1,126 @@
+From: Cole Robinson <crobinso@redhat.com>
+Date: Tue, 28 Apr 2015 17:38:00 -0400
+Subject: [PATCH] polkit: Allow password-less access for 'libvirt' group
+
+Many users, who admin their own machines, want to be able to access
+system libvirtd via tools like virt-manager without having to enter
+a root password. Just google 'virt-manager without password' and
+you'll find many hits. I've read at least 5 blog posts over the years
+describing slightly different ways of achieving this goal.
+
+Let's finally add official support for this.
+
+Install a polkit-1 rules file granting password-less auth for any user
+in the new 'libvirt' group. Create the group on RPM install
+
+https://bugzilla.redhat.com/show_bug.cgi?id=957300
+(cherry picked from commit e94979e901517af9fdde358d7b7c92cc055dd50c)
+---
+ daemon/Makefile.am   | 13 +++++++++++++
+ daemon/libvirt.rules |  9 +++++++++
+ libvirt.spec.in      | 15 +++++++++++++--
+ 3 files changed, 35 insertions(+), 2 deletions(-)
+ create mode 100644 daemon/libvirt.rules
+
+diff --git a/daemon/Makefile.am b/daemon/Makefile.am
+index b95a79d..9c5ea37 100644
+--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
+@@ -53,6 +53,7 @@ EXTRA_DIST =						\
+ 	libvirtd.init.in				\
+ 	libvirtd.upstart				\
+ 	libvirtd.policy.in				\
+	libvirt.rules					\
+ 	libvirtd.sasl					\
+ 	libvirtd.service.in				\
+ 	libvirtd.socket.in				\
+@@ -233,6 +234,8 @@ policyauth = auth_admin_keep_session
+ else ! WITH_POLKIT0
+ policydir = $(datadir)/polkit-1/actions
+ policyauth = auth_admin_keep
+rulesdir = $(datadir)/polkit-1/rules.d
+rulesfile = libvirt.rules
+ endif ! WITH_POLKIT0
+ endif WITH_POLKIT
+ 
+@@ -263,9 +266,19 @@ if WITH_POLKIT
+ install-data-polkit::
+ 	$(MKDIR_P) $(DESTDIR)$(policydir)
+ 	$(INSTALL_DATA) libvirtd.policy $(DESTDIR)$(policydir)/org.libvirt.unix.policy
+if ! WITH_POLKIT0
+	$(MKDIR_P) $(DESTDIR)$(rulesdir)
+	$(INSTALL_DATA) $(srcdir)/$(rulesfile) $(DESTDIR)$(rulesdir)/50-libvirt.rules
+endif ! WITH_POLKIT0
+
+ uninstall-data-polkit::
+ 	rm -f $(DESTDIR)$(policydir)/org.libvirt.unix.policy
+ 	rmdir $(DESTDIR)$(policydir) || :
+if ! WITH_POLKIT0
+	rm -f $(DESTDIR)$(rulesdir)/50-libvirt.rules
+	rmdir $(DESTDIR)$(rulesdir) || :
+endif ! WITH_POLKIT0
+
+ else ! WITH_POLKIT
+ install-data-polkit::
+ uninstall-data-polkit::
+diff --git a/daemon/libvirt.rules b/daemon/libvirt.rules
+new file mode 100644
+index 0000000..01a15fa
+--- /dev/null
+++ b/daemon/libvirt.rules
+@@ -0,0 +1,9 @@
+// Allow any user in the 'libvirt' group to connect to system libvirtd
+// without entering a password.
+
+polkit.addRule(function(action, subject) {
+    if (action.id == "org.libvirt.unix.manage" &&
+        subject.isInGroup("libvirt")) {
+        return polkit.Result.YES;
+    }
+});
+diff --git a/libvirt.spec.in b/libvirt.spec.in
+index dc327a2..a23629d 100644
+--- a/libvirt.spec.in
+++ b/libvirt.spec.in
+@@ -1631,9 +1631,9 @@ then
+ fi
+ 
+ %if %{with_libvirtd}
+%pre daemon
+     %if ! %{with_driver_modules}
+         %if %{with_qemu}
+-%pre daemon
+             %if 0%{?fedora} || 0%{?rhel} >= 6
+ # We want soft static allocation of well-known ids, as disk images
+ # are commonly shared across NFS mounts by id rather than name; see
+@@ -1647,11 +1647,21 @@ if ! getent passwd qemu >/dev/null; then
+     useradd -r -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu
+   fi
+ fi
+-exit 0
+             %endif
+         %endif
+     %endif
+ 
+    %if %{with_polkit}
+        %if 0%{?fedora} || 0%{?rhel} >= 6
+# 'libvirt' group is just to allow password-less polkit access to
+# libvirtd. The uid number is irrelevant, so we use dynamic allocation
+# described at the above link.
+getent group libvirt >/dev/null || groupadd -r libvirt
+        %endif
+    %endif
+
+exit 0
+
+ %post daemon
+ 
+     %if %{with_systemd}
+@@ -1925,6 +1935,7 @@ exit 0
+         %if 0%{?fedora} || 0%{?rhel} >= 6
+ %{_datadir}/polkit-1/actions/org.libvirt.unix.policy
+ %{_datadir}/polkit-1/actions/org.libvirt.api.policy
+%{_datadir}/polkit-1/rules.d/50-libvirt.rules
+         %else
+ %{_datadir}/PolicyKit/policy/org.libvirt.unix.policy
+         %endif
@@ -1 +0,0 @@
-F-12
@@ -1,356 +0,0 @@
-From 953440bd12608a20007ee5da5ab69fbbe910bd28 Mon Sep 17 00:00:00 2001
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Mon, 14 Jun 2010 15:53:59 +0100
-Subject: [PATCH 01/11] Extract the backing store format as well as name, if available
-
-When QEMU opens a backing store for a QCow2 file, it will
-normally auto-probe for the format of the backing store,
-rather than assuming it has the same format as the referencing
-file. There is a QCow2 extension that allows an explicit format
-for the backing store to be embedded in the referencing file.
-This closes the auto-probing security hole in QEMU.
-
-This backing store format can be useful for libvirt users
-of virStorageFileGetMetadata, so extract this data and report
-it.
-
-QEMU does not require disk image backing store files to be in
-the same format the file linkee. It will auto-probe the disk
-format for the backing store when opening it. If the backing
-store was intended to be a raw file this could be a security
-hole, because a guest may have written data into its disk that
-then makes the backing store look like a qcow2 file. If it can
-trick QEMU into thinking the raw file is a qcow2 file, it can
-access arbitrary files on the host by adding further backing
-store links.
-
-To address this, callers of virStorageFileGetMeta need to be
-told of the backing store format. If no format is declared,
-they can make a decision whether to allow format probing or
-not.
---
- src/util/storage_file.c |  206 +++++++++++++++++++++++++++++++++++++++++------
- src/util/storage_file.h |    2 +
- 2 files changed, 183 insertions(+), 25 deletions(-)
-
-diff --git a/src/util/storage_file.c b/src/util/storage_file.c
-index 0adea40..80f743e 100644
--- a/src/util/storage_file.c
-+++ b/src/util/storage_file.c
-@@ -78,12 +78,33 @@ struct FileTypeInfo {
-     int qcowCryptOffset;  /* Byte offset from start of file
-                            * where to find encryption mode,
-                            * -1 if encryption is not used */
-    int (*getBackingStore)(char **res, const unsigned char *buf, size_t buf_size);
-+    int (*getBackingStore)(char **res, int *format,
-+                           const unsigned char *buf, size_t buf_size);
- };
- 
-static int cowGetBackingStore(char **, const unsigned char *, size_t);
-static int qcowXGetBackingStore(char **, const unsigned char *, size_t);
-static int vmdk4GetBackingStore(char **, const unsigned char *, size_t);
-+static int cowGetBackingStore(char **, int *,
-+                              const unsigned char *, size_t);
-+static int qcow1GetBackingStore(char **, int *,
-+                                const unsigned char *, size_t);
-+static int qcow2GetBackingStore(char **, int *,
-+                                const unsigned char *, size_t);
-+static int vmdk4GetBackingStore(char **, int *,
-+                                const unsigned char *, size_t);
-+
-+#define QCOWX_HDR_VERSION (4)
-+#define QCOWX_HDR_BACKING_FILE_OFFSET (QCOWX_HDR_VERSION+4)
-+#define QCOWX_HDR_BACKING_FILE_SIZE (QCOWX_HDR_BACKING_FILE_OFFSET+8)
-+#define QCOWX_HDR_IMAGE_SIZE (QCOWX_HDR_BACKING_FILE_SIZE+4+4)
-+
-+#define QCOW1_HDR_CRYPT (QCOWX_HDR_IMAGE_SIZE+8+1+1)
-+#define QCOW2_HDR_CRYPT (QCOWX_HDR_IMAGE_SIZE+8)
-+
-+#define QCOW1_HDR_TOTAL_SIZE (QCOW1_HDR_CRYPT+4+8)
-+#define QCOW2_HDR_TOTAL_SIZE (QCOW2_HDR_CRYPT+4+4+8+8+4+4+8)
-+
-+#define QCOW2_HDR_EXTENSION_END 0
-+#define QCOW2_HDR_EXTENSION_BACKING_FORMAT 0xE2792ACA
-+
- 
- 
- static struct FileTypeInfo const fileTypeInfo[] = {
-@@ -119,11 +140,11 @@ static struct FileTypeInfo const fileTypeInfo[] = {
-     /* QCow */
-     { VIR_STORAGE_FILE_QCOW, "QFI", NULL,
-       LV_BIG_ENDIAN, 4, 1,
-      4+4+8+4+4, 8, 1, 4+4+8+4+4+8+1+1+2, qcowXGetBackingStore },
-+      QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW1_HDR_CRYPT, qcow1GetBackingStore },
-     /* QCow 2 */
-     { VIR_STORAGE_FILE_QCOW2, "QFI", NULL,
-       LV_BIG_ENDIAN, 4, 2,
-      4+4+8+4+4, 8, 1, 4+4+8+4+4+8, qcowXGetBackingStore },
-+      QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW2_HDR_CRYPT, qcow2GetBackingStore },
-     /* VMDK 3 */
-     /* XXX Untested
-     { VIR_STORAGE_FILE_VMDK, "COWD", NULL,
-@@ -142,11 +163,14 @@ static struct FileTypeInfo const fileTypeInfo[] = {
- 
- static int
- cowGetBackingStore(char **res,
-+                   int *format,
-                    const unsigned char *buf,
-                    size_t buf_size)
- {
- #define COW_FILENAME_MAXLEN 1024
-     *res = NULL;
-+    *format = VIR_STORAGE_FILE_AUTO;
-+
-     if (buf_size < 4+4+ COW_FILENAME_MAXLEN)
-         return BACKING_STORE_INVALID;
-     if (buf[4+4] == '\0') /* cow_header_v2.backing_file[0] */
-@@ -160,31 +184,98 @@ cowGetBackingStore(char **res,
-     return BACKING_STORE_OK;
- }
- 
-+
-+static int
-+qcow2GetBackingStoreFormat(int *format,
-+                           const unsigned char *buf,
-+                           size_t buf_size,
-+                           size_t extension_start,
-+                           size_t extension_end)
-+{
-+    size_t offset = extension_start;
-+
-+    /*
-+     * The extensions take format of
-+     *
-+     * int32: magic
-+     * int32: length
-+     * byte[length]: payload
-+     *
-+     * Unknown extensions can be ignored by skipping
-+     * over "length" bytes in the data stream.
-+     */
-+    while (offset < (buf_size-8) &&
-+           offset < (extension_end-8)) {
-+        unsigned int magic =
-+            (buf[offset] << 24) +
-+            (buf[offset+1] << 16) +
-+            (buf[offset+2] << 8) +
-+            (buf[offset+3]);
-+        unsigned int len =
-+            (buf[offset+4] << 24) +
-+            (buf[offset+5] << 16) +
-+            (buf[offset+6] << 8) +
-+            (buf[offset+7]);
-+
-+        offset += 8;
-+
-+        if ((offset + len) < offset)
-+            break;
-+
-+        if ((offset + len) > buf_size)
-+            break;
-+
-+        switch (magic) {
-+        case QCOW2_HDR_EXTENSION_END:
-+            goto done;
-+
-+        case QCOW2_HDR_EXTENSION_BACKING_FORMAT:
-+            if (buf[offset+len] != '\0')
-+                break;
-+            *format = virStorageFileFormatTypeFromString(
-+                ((const char *)buf)+offset);
-+            break;
-+        }
-+
-+        offset += len;
-+    }
-+
-+done:
-+
-+    return 0;
-+}
-+
-+
- static int
- qcowXGetBackingStore(char **res,
-+                     int *format,
-                      const unsigned char *buf,
-                     size_t buf_size)
-+                     size_t buf_size,
-+                     bool isQCow2)
- {
-     unsigned long long offset;
-     unsigned long size;
- 
-     *res = NULL;
-    if (buf_size < 4+4+8+4)
-+    if (format)
-+        *format = VIR_STORAGE_FILE_AUTO;
-+
-+    if (buf_size < QCOWX_HDR_BACKING_FILE_OFFSET+8+4)
-         return BACKING_STORE_INVALID;
-    offset = (((unsigned long long)buf[4+4] << 56)
-              | ((unsigned long long)buf[4+4+1] << 48)
-              | ((unsigned long long)buf[4+4+2] << 40)
-              | ((unsigned long long)buf[4+4+3] << 32)
-              | ((unsigned long long)buf[4+4+4] << 24)
-              | ((unsigned long long)buf[4+4+5] << 16)
-              | ((unsigned long long)buf[4+4+6] << 8)
-              | buf[4+4+7]); /* QCowHeader.backing_file_offset */
-+    offset = (((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET] << 56)
-+              | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+1] << 48)
-+              | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+2] << 40)
-+              | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+3] << 32)
-+              | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+4] << 24)
-+              | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+5] << 16)
-+              | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+6] << 8)
-+              | buf[QCOWX_HDR_BACKING_FILE_OFFSET+7]); /* QCowHeader.backing_file_offset */
-     if (offset > buf_size)
-         return BACKING_STORE_INVALID;
-    size = ((buf[4+4+8] << 24)
-            | (buf[4+4+8+1] << 16)
-            | (buf[4+4+8+2] << 8)
-            | buf[4+4+8+3]); /* QCowHeader.backing_file_size */
-+    size = ((buf[QCOWX_HDR_BACKING_FILE_SIZE] << 24)
-+            | (buf[QCOWX_HDR_BACKING_FILE_SIZE+1] << 16)
-+            | (buf[QCOWX_HDR_BACKING_FILE_SIZE+2] << 8)
-+            | buf[QCOWX_HDR_BACKING_FILE_SIZE+3]); /* QCowHeader.backing_file_size */
-     if (size == 0)
-         return BACKING_STORE_OK;
-     if (offset + size > buf_size || offset + size < offset)
-@@ -197,12 +288,63 @@ qcowXGetBackingStore(char **res,
-     }
-     memcpy(*res, buf + offset, size);
-     (*res)[size] = '\0';
-+
-+    /*
-+     * Traditionally QCow2 files had a layout of
-+     *
-+     * [header]
-+     * [backingStoreName]
-+     *
-+     * Although the backingStoreName typically followed
-+     * the header immediately, this was not required by
-+     * the format. By specifying a higher byte offset for
-+     * the backing file offset in the header, it was
-+     * possible to leave space between the header and
-+     * start of backingStore.
-+     *
-+     * This hack is now used to store extensions to the
-+     * qcow2 format:
-+     *
-+     * [header]
-+     * [extensions]
-+     * [backingStoreName]
-+     *
-+     * Thus the file region to search for extensions is
-+     * between the end of the header (QCOW2_HDR_TOTAL_SIZE)
-+     * and the start of the backingStoreName (offset)
-+     */
-+    if (isQCow2)
-+        qcow2GetBackingStoreFormat(format, buf, buf_size, QCOW2_HDR_TOTAL_SIZE, offset);
-+
-     return BACKING_STORE_OK;
- }
- 
- 
- static int
-+qcow1GetBackingStore(char **res,
-+                     int *format,
-+                     const unsigned char *buf,
-+                     size_t buf_size)
-+{
-+    /* QCow1 doesn't have the extensions capability
-+     * used to store backing format */
-+    *format = VIR_STORAGE_FILE_AUTO;
-+    return qcowXGetBackingStore(res, NULL, buf, buf_size, false);
-+}
-+
-+static int
-+qcow2GetBackingStore(char **res,
-+                     int *format,
-+                     const unsigned char *buf,
-+                     size_t buf_size)
-+{
-+    return qcowXGetBackingStore(res, format, buf, buf_size, true);
-+}
-+
-+
-+static int
- vmdk4GetBackingStore(char **res,
-+                     int *format,
-                      const unsigned char *buf,
-                      size_t buf_size)
- {
-@@ -212,6 +354,14 @@ vmdk4GetBackingStore(char **res,
-     size_t len;
- 
-     *res = NULL;
-+    /*
-+     * Technically this should have been VMDK, since
-+     * VMDK spec / VMWare impl only support VMDK backed
-+     * by VMDK. QEMU isn't following this though and
-+     * does probing on VMDK backing files, hence we set
-+     * AUTO
-+     */
-+    *format = VIR_STORAGE_FILE_AUTO;
- 
-     if (buf_size <= 0x200)
-         return BACKING_STORE_INVALID;
-@@ -358,9 +508,12 @@ virStorageFileGetMetadataFromFD(const char *path,
-         /* Validation passed, we know the file format now */
-         meta->format = fileTypeInfo[i].type;
-         if (fileTypeInfo[i].getBackingStore != NULL) {
-            char *base;
-+            char *backing;
-+            int backingFormat;
- 
-            switch (fileTypeInfo[i].getBackingStore(&base, head, len)) {
-+            switch (fileTypeInfo[i].getBackingStore(&backing,
-+                                                    &backingFormat,
-+                                                    head, len)) {
-             case BACKING_STORE_OK:
-                 break;
- 
-@@ -370,13 +523,16 @@ virStorageFileGetMetadataFromFD(const char *path,
-             case BACKING_STORE_ERROR:
-                 return -1;
-             }
-            if (base != NULL) {
-                meta->backingStore = absolutePathFromBaseFile(path, base);
-                VIR_FREE(base);
-+            if (backing != NULL) {
-+                meta->backingStore = absolutePathFromBaseFile(path, backing);
-+                VIR_FREE(backing);
-                 if (meta->backingStore == NULL) {
-                     virReportOOMError();
-                     return -1;
-                 }
-+                meta->backingStoreFormat = backingFormat;
-+            } else {
-+                meta->backingStoreFormat = VIR_STORAGE_FILE_AUTO;
-             }
-         }
-         return 0;
-diff --git a/src/util/storage_file.h b/src/util/storage_file.h
-index 58533ee..6328ba7 100644
--- a/src/util/storage_file.h
-+++ b/src/util/storage_file.h
-@@ -28,6 +28,7 @@
- # include <stdbool.h>
- 
- enum virStorageFileFormat {
-+    VIR_STORAGE_FILE_AUTO = -1,
-     VIR_STORAGE_FILE_RAW = 0,
-     VIR_STORAGE_FILE_DIR,
-     VIR_STORAGE_FILE_BOCHS,
-@@ -47,6 +48,7 @@ VIR_ENUM_DECL(virStorageFileFormat);
- typedef struct _virStorageFileMetadata {
-     int format;
-     char *backingStore;
-+    int backingStoreFormat;
-     unsigned long long capacity;
-     bool encrypted;
- } virStorageFileMetadata;
-- 
-1.7.1.1
-
@@ -1,159 +0,0 @@
-From cab428b1d4d432965cee6f5afb67265557706715 Mon Sep 17 00:00:00 2001
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Mon, 14 Jun 2010 16:39:32 +0100
-Subject: [PATCH 02/11] Remove 'type' field from FileTypeInfo struct
-
-Instead of including a field in FileTypeInfo struct for the
-disk format, rely on the array index matching the format.
-Use verify() to assert the correct number of elements in the
-array.
-
-* src/util/storage_file.c: remove type field from FileTypeInfo
---
- src/util/storage_file.c |  108 +++++++++++++++++++++++-----------------------
- 1 files changed, 54 insertions(+), 54 deletions(-)
-
-diff --git a/src/util/storage_file.c b/src/util/storage_file.c
-index 80f743e..df0e3a1 100644
--- a/src/util/storage_file.c
-+++ b/src/util/storage_file.c
-@@ -58,7 +58,6 @@ enum {
- 
- /* Either 'magic' or 'extension' *must* be provided */
- struct FileTypeInfo {
-    int type;           /* One of the constants above */
-     const char *magic;  /* Optional string of file magic
-                          * to check at head of file */
-     const char *extension; /* Optional file extension to check */
-@@ -108,58 +107,59 @@ static int vmdk4GetBackingStore(char **, int *,
- 
- 
- static struct FileTypeInfo const fileTypeInfo[] = {
-    /* Bochs */
-    /* XXX Untested
-    { VIR_STORAGE_FILE_BOCHS, "Bochs Virtual HD Image", NULL,
-      LV_LITTLE_ENDIAN, 64, 0x20000,
-      32+16+16+4+4+4+4+4, 8, 1, -1, NULL },*/
-    /* CLoop */
-    /* XXX Untested
-    { VIR_STORAGE_VOL_CLOOP, "#!/bin/sh\n#V2.0 Format\nmodprobe cloop file=$0 && mount -r -t iso9660 /dev/cloop $1\n", NULL,
-      LV_LITTLE_ENDIAN, -1, 0,
-      -1, 0, 0, -1, NULL }, */
-    /* Cow */
-    { VIR_STORAGE_FILE_COW, "OOOM", NULL,
-      LV_BIG_ENDIAN, 4, 2,
-      4+4+1024+4, 8, 1, -1, cowGetBackingStore },
-    /* DMG */
-    /* XXX QEMU says there's no magic for dmg, but we should check... */
-    { VIR_STORAGE_FILE_DMG, NULL, ".dmg",
-      0, -1, 0,
-      -1, 0, 0, -1, NULL },
-    /* XXX there's probably some magic for iso we can validate too... */
-    { VIR_STORAGE_FILE_ISO, NULL, ".iso",
-      0, -1, 0,
-      -1, 0, 0, -1, NULL },
-    /* Parallels */
-    /* XXX Untested
-    { VIR_STORAGE_FILE_PARALLELS, "WithoutFreeSpace", NULL,
-      LV_LITTLE_ENDIAN, 16, 2,
-      16+4+4+4+4, 4, 512, -1, NULL },
-    */
-    /* QCow */
-    { VIR_STORAGE_FILE_QCOW, "QFI", NULL,
-      LV_BIG_ENDIAN, 4, 1,
-      QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW1_HDR_CRYPT, qcow1GetBackingStore },
-    /* QCow 2 */
-    { VIR_STORAGE_FILE_QCOW2, "QFI", NULL,
-      LV_BIG_ENDIAN, 4, 2,
-      QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW2_HDR_CRYPT, qcow2GetBackingStore },
-    /* VMDK 3 */
-    /* XXX Untested
-    { VIR_STORAGE_FILE_VMDK, "COWD", NULL,
-      LV_LITTLE_ENDIAN, 4, 1,
-      4+4+4, 4, 512, -1, NULL },
-    */
-    /* VMDK 4 */
-    { VIR_STORAGE_FILE_VMDK, "KDMV", NULL,
-      LV_LITTLE_ENDIAN, 4, 1,
-      4+4+4, 8, 512, -1, vmdk4GetBackingStore },
-    /* Connectix / VirtualPC */
-    { VIR_STORAGE_FILE_VPC, "conectix", NULL,
-      LV_BIG_ENDIAN, 12, 0x10000,
-      8 + 4 + 4 + 8 + 4 + 4 + 2 + 2 + 4, 8, 1, -1, NULL},
-+    [VIR_STORAGE_FILE_RAW] = { NULL, NULL, LV_LITTLE_ENDIAN, -1, 0, 0, 0, 0, 0, NULL },
-+    [VIR_STORAGE_FILE_DIR] = { NULL, NULL, LV_LITTLE_ENDIAN, -1, 0, 0, 0, 0, 0, NULL },
-+    [VIR_STORAGE_FILE_BOCHS] = {
-+        /*"Bochs Virtual HD Image", */ /* Untested */ NULL,
-+        NULL,
-+        LV_LITTLE_ENDIAN, 64, 0x20000,
-+        32+16+16+4+4+4+4+4, 8, 1, -1, NULL
-+    },
-+    [VIR_STORAGE_FILE_CLOOP] = {
-+        /*"#!/bin/sh\n#V2.0 Format\nmodprobe cloop file=$0 && mount -r -t iso9660 /dev/cloop $1\n", */ /* Untested */ NULL,
-+        NULL,
-+        LV_LITTLE_ENDIAN, -1, 0,
-+        -1, 0, 0, -1, NULL
-+    },
-+    [VIR_STORAGE_FILE_COW] = {
-+        "OOOM", NULL,
-+        LV_BIG_ENDIAN, 4, 2,
-+        4+4+1024+4, 8, 1, -1, cowGetBackingStore
-+    },
-+    [VIR_STORAGE_FILE_DMG] = {
-+        NULL, /* XXX QEMU says there's no magic for dmg, but we should check... */
-+        ".dmg",
-+        0, -1, 0,
-+        -1, 0, 0, -1, NULL
-+    },
-+    [VIR_STORAGE_FILE_ISO] = {
-+        NULL, /* XXX there's probably some magic for iso we can validate too... */
-+        ".iso",
-+        0, -1, 0,
-+        -1, 0, 0, -1, NULL
-+    },
-+    [VIR_STORAGE_FILE_QCOW] = {
-+        "QFI", NULL,
-+        LV_BIG_ENDIAN, 4, 1,
-+        QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW1_HDR_CRYPT, qcow1GetBackingStore,
-+    },
-+    [VIR_STORAGE_FILE_QCOW2] = {
-+        "QFI", NULL,
-+        LV_BIG_ENDIAN, 4, 2,
-+        QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW2_HDR_CRYPT, qcow2GetBackingStore,
-+    },
-+    [VIR_STORAGE_FILE_VMDK] = {
-+        "KDMV", NULL,
-+        LV_LITTLE_ENDIAN, 4, 1,
-+        4+4+4, 8, 512, -1, vmdk4GetBackingStore
-+    },
-+    [VIR_STORAGE_FILE_VPC] = {
-+        "conectix", NULL,
-+        LV_BIG_ENDIAN, 12, 0x10000,
-+        8 + 4 + 4 + 8 + 4 + 4 + 2 + 2 + 4, 8, 1, -1, NULL
-+    },
- };
-+verify(ARRAY_CARDINALITY(fileTypeInfo) == VIR_STORAGE_FILE_LAST);
- 
- static int
- cowGetBackingStore(char **res,
-@@ -506,7 +506,7 @@ virStorageFileGetMetadataFromFD(const char *path,
-         }
- 
-         /* Validation passed, we know the file format now */
-        meta->format = fileTypeInfo[i].type;
-+        meta->format = i;
-         if (fileTypeInfo[i].getBackingStore != NULL) {
-             char *backing;
-             int backingFormat;
-@@ -546,7 +546,7 @@ virStorageFileGetMetadataFromFD(const char *path,
-         if (!virFileHasSuffix(path, fileTypeInfo[i].extension))
-             continue;
- 
-        meta->format = fileTypeInfo[i].type;
-+        meta->format = i;
-         return 0;
-     }
- 
-- 
-1.7.1.1
-
@@ -1,585 +0,0 @@
-From 57482ca0be29e9e92e242c9acb577e0b770c01d1 Mon Sep 17 00:00:00 2001
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Tue, 15 Jun 2010 14:58:10 +0100
-Subject: [PATCH 03/11] Refactor virStorageFileGetMetadataFromFD to separate functionality
-
-The virStorageFileGetMetadataFromFD did two jobs in one. First
-it probed for storage type, then it extracted metadata for the
-type. It is desirable to be able to separate these jobs, allowing
-probing without querying metadata, and querying metadata without
-probing.
-
-To prepare for this, split out probing code into a new pair of
-methods
-
-  virStorageFileProbeFormatFromFD
-  virStorageFileProbeFormat
-
-* src/util/storage_file.c, src/util/storage_file.h,
-  src/libvirt_private.syms: Introduce virStorageFileProbeFormat
-  and virStorageFileProbeFormatFromFD
---
- src/libvirt_private.syms |    2 +
- src/util/storage_file.c  |  460 +++++++++++++++++++++++++++++++++-------------
- src/util/storage_file.h  |    4 +
- 3 files changed, 335 insertions(+), 131 deletions(-)
-
-diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
-index 778ceb1..4607f49 100644
--- a/src/libvirt_private.syms
-+++ b/src/libvirt_private.syms
-@@ -628,6 +628,8 @@ virStorageGenerateQcowPassphrase;
- # storage_file.h
- virStorageFileFormatTypeToString;
- virStorageFileFormatTypeFromString;
-+virStorageFileProbeFormat;
-+virStorageFileProbeFormatFromFD;
- virStorageFileGetMetadata;
- virStorageFileGetMetadataFromFD;
- virStorageFileIsSharedFS;
-diff --git a/src/util/storage_file.c b/src/util/storage_file.c
-index df0e3a1..221268b 100644
--- a/src/util/storage_file.c
-+++ b/src/util/storage_file.c
-@@ -104,6 +104,9 @@ static int vmdk4GetBackingStore(char **, int *,
- #define QCOW2_HDR_EXTENSION_END 0
- #define QCOW2_HDR_EXTENSION_BACKING_FORMAT 0xE2792ACA
- 
-+/* VMDK needs at least this to find backing store,
-+ * other formats are less */
-+#define STORAGE_MAX_HEAD (20*512)
- 
- 
- static struct FileTypeInfo const fileTypeInfo[] = {
-@@ -349,9 +352,14 @@ vmdk4GetBackingStore(char **res,
-                      size_t buf_size)
- {
-     static const char prefix[] = "parentFileNameHint=\"";
-
-    char desc[20*512 + 1], *start, *end;
-+    char *desc, *start, *end;
-     size_t len;
-+    int ret = BACKING_STORE_ERROR;
-+
-+    if (VIR_ALLOC_N(desc, STORAGE_MAX_HEAD + 1) < 0) {
-+        virReportOOMError();
-+        goto cleanup;
-+    }
- 
-     *res = NULL;
-     /*
-@@ -363,29 +371,42 @@ vmdk4GetBackingStore(char **res,
-      */
-     *format = VIR_STORAGE_FILE_AUTO;
- 
-    if (buf_size <= 0x200)
-        return BACKING_STORE_INVALID;
-+    if (buf_size <= 0x200) {
-+        ret = BACKING_STORE_INVALID;
-+        goto cleanup;
-+    }
-     len = buf_size - 0x200;
-    if (len > sizeof(desc) - 1)
-        len = sizeof(desc) - 1;
-+    if (len > STORAGE_MAX_HEAD)
-+        len = STORAGE_MAX_HEAD;
-     memcpy(desc, buf + 0x200, len);
-     desc[len] = '\0';
-     start = strstr(desc, prefix);
-    if (start == NULL)
-        return BACKING_STORE_OK;
-+    if (start == NULL) {
-+        ret = BACKING_STORE_OK;
-+        goto cleanup;
-+    }
-     start += strlen(prefix);
-     end = strchr(start, '"');
-    if (end == NULL)
-        return BACKING_STORE_INVALID;
-    if (end == start)
-        return BACKING_STORE_OK;
-+    if (end == NULL) {
-+        ret = BACKING_STORE_INVALID;
-+        goto cleanup;
-+    }
-+    if (end == start) {
-+        ret = BACKING_STORE_OK;
-+        goto cleanup;
-+    }
-     *end = '\0';
-     *res = strdup(start);
-     if (*res == NULL) {
-         virReportOOMError();
-        return BACKING_STORE_ERROR;
-+        goto cleanup;
-     }
-    return BACKING_STORE_OK;
-+
-+    ret = BACKING_STORE_OK;
-+
-+cleanup:
-+    VIR_FREE(desc);
-+    return ret;
- }
- 
- /**
-@@ -411,148 +432,325 @@ absolutePathFromBaseFile(const char *base_file, const char *path)
-     return res;
- }
- 
-/**
- * Probe the header of a file to determine what type of disk image
- * it is, and info about its capacity if available.
- */
-int
-virStorageFileGetMetadataFromFD(const char *path,
-                                int fd,
-                                virStorageFileMetadata *meta)
-+
-+static bool
-+virStorageFileMatchesMagic(int format,
-+                           unsigned char *buf,
-+                           size_t buflen)
- {
-    unsigned char head[20*512]; /* vmdk4GetBackingStore needs this much. */
-    int len, i;
-+    int mlen;
- 
-    memset(meta, 0, sizeof (*meta));
-+    if (fileTypeInfo[format].magic == NULL)
-+        return false;
- 
-    /* If all else fails, call it a raw file */
-    meta->format = VIR_STORAGE_FILE_RAW;
-+    /* Validate magic data */
-+    mlen = strlen(fileTypeInfo[format].magic);
-+    if (mlen > buflen)
-+        return false;
- 
-    if ((len = read(fd, head, sizeof(head))) < 0) {
-        virReportSystemError(errno, _("cannot read header '%s'"), path);
-        return -1;
-+    if (memcmp(buf, fileTypeInfo[format].magic, mlen) != 0)
-+        return false;
-+
-+    return true;
-+}
-+
-+
-+static bool
-+virStorageFileMatchesExtension(int format,
-+                               const char *path)
-+{
-+    if (fileTypeInfo[format].extension == NULL)
-+        return false;
-+
-+    if (virFileHasSuffix(path, fileTypeInfo[format].extension))
-+        return true;
-+
-+    return false;
-+}
-+
-+
-+static bool
-+virStorageFileMatchesVersion(int format,
-+                             unsigned char *buf,
-+                             size_t buflen)
-+{
-+    int version;
-+
-+    /* Validate version number info */
-+    if (fileTypeInfo[format].versionOffset == -1)
-+        return false;
-+
-+    if ((fileTypeInfo[format].versionOffset + 4) > buflen)
-+        return false;
-+
-+    if (fileTypeInfo[format].endian == LV_LITTLE_ENDIAN) {
-+        version =
-+            (buf[fileTypeInfo[format].versionOffset+3] << 24) |
-+            (buf[fileTypeInfo[format].versionOffset+2] << 16) |
-+            (buf[fileTypeInfo[format].versionOffset+1] << 8) |
-+            (buf[fileTypeInfo[format].versionOffset]);
-+    } else {
-+        version =
-+            (buf[fileTypeInfo[format].versionOffset] << 24) |
-+            (buf[fileTypeInfo[format].versionOffset+1] << 16) |
-+            (buf[fileTypeInfo[format].versionOffset+2] << 8) |
-+            (buf[fileTypeInfo[format].versionOffset+3]);
-     }
-+    if (version != fileTypeInfo[format].versionNumber)
-+        return false;
- 
-    /* First check file magic */
-    for (i = 0 ; i < ARRAY_CARDINALITY(fileTypeInfo) ; i++) {
-        int mlen;
-
-        if (fileTypeInfo[i].magic == NULL)
-            continue;
-
-        /* Validate magic data */
-        mlen = strlen(fileTypeInfo[i].magic);
-        if (mlen > len)
-            continue;
-        if (memcmp(head, fileTypeInfo[i].magic, mlen) != 0)
-            continue;
-
-        /* Validate version number info */
-        if (fileTypeInfo[i].versionNumber != -1) {
-            int version;
-
-            if (fileTypeInfo[i].endian == LV_LITTLE_ENDIAN) {
-                version = (head[fileTypeInfo[i].versionOffset+3] << 24) |
-                    (head[fileTypeInfo[i].versionOffset+2] << 16) |
-                    (head[fileTypeInfo[i].versionOffset+1] << 8) |
-                    head[fileTypeInfo[i].versionOffset];
-            } else {
-                version = (head[fileTypeInfo[i].versionOffset] << 24) |
-                    (head[fileTypeInfo[i].versionOffset+1] << 16) |
-                    (head[fileTypeInfo[i].versionOffset+2] << 8) |
-                    head[fileTypeInfo[i].versionOffset+3];
-            }
-            if (version != fileTypeInfo[i].versionNumber)
-                continue;
-        }
-+    return true;
-+}
- 
-        /* Optionally extract capacity from file */
-        if (fileTypeInfo[i].sizeOffset != -1) {
-            if (fileTypeInfo[i].endian == LV_LITTLE_ENDIAN) {
-                meta->capacity =
-                    ((unsigned long long)head[fileTypeInfo[i].sizeOffset+7] << 56) |
-                    ((unsigned long long)head[fileTypeInfo[i].sizeOffset+6] << 48) |
-                    ((unsigned long long)head[fileTypeInfo[i].sizeOffset+5] << 40) |
-                    ((unsigned long long)head[fileTypeInfo[i].sizeOffset+4] << 32) |
-                    ((unsigned long long)head[fileTypeInfo[i].sizeOffset+3] << 24) |
-                    ((unsigned long long)head[fileTypeInfo[i].sizeOffset+2] << 16) |
-                    ((unsigned long long)head[fileTypeInfo[i].sizeOffset+1] << 8) |
-                    ((unsigned long long)head[fileTypeInfo[i].sizeOffset]);
-            } else {
-                meta->capacity =
-                    ((unsigned long long)head[fileTypeInfo[i].sizeOffset] << 56) |
-                    ((unsigned long long)head[fileTypeInfo[i].sizeOffset+1] << 48) |
-                    ((unsigned long long)head[fileTypeInfo[i].sizeOffset+2] << 40) |
-                    ((unsigned long long)head[fileTypeInfo[i].sizeOffset+3] << 32) |
-                    ((unsigned long long)head[fileTypeInfo[i].sizeOffset+4] << 24) |
-                    ((unsigned long long)head[fileTypeInfo[i].sizeOffset+5] << 16) |
-                    ((unsigned long long)head[fileTypeInfo[i].sizeOffset+6] << 8) |
-                    ((unsigned long long)head[fileTypeInfo[i].sizeOffset+7]);
-            }
-            /* Avoid unlikely, but theoretically possible overflow */
-            if (meta->capacity > (ULLONG_MAX / fileTypeInfo[i].sizeMultiplier))
-                continue;
-            meta->capacity *= fileTypeInfo[i].sizeMultiplier;
-        }
- 
-        if (fileTypeInfo[i].qcowCryptOffset != -1) {
-            int crypt_format;
-+static int
-+virStorageFileGetMetadataFromBuf(int format,
-+                                 const char *path,
-+                                 unsigned char *buf,
-+                                 size_t buflen,
-+                                 virStorageFileMetadata *meta)
-+{
-+    /* XXX we should consider moving virStorageBackendUpdateVolInfo
-+     * code into this method, for non-magic files
-+     */
-+    if (!fileTypeInfo[format].magic) {
-+        return 0;
-+    }
- 
-            crypt_format = (head[fileTypeInfo[i].qcowCryptOffset] << 24) |
-                (head[fileTypeInfo[i].qcowCryptOffset+1] << 16) |
-                (head[fileTypeInfo[i].qcowCryptOffset+2] << 8) |
-                head[fileTypeInfo[i].qcowCryptOffset+3];
-            meta->encrypted = crypt_format != 0;
-+    /* Optionally extract capacity from file */
-+    if (fileTypeInfo[format].sizeOffset != -1) {
-+        if ((fileTypeInfo[format].sizeOffset + 8) > buflen)
-+            return 1;
-+
-+        if (fileTypeInfo[format].endian == LV_LITTLE_ENDIAN) {
-+            meta->capacity =
-+                ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+7] << 56) |
-+                ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+6] << 48) |
-+                ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+5] << 40) |
-+                ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+4] << 32) |
-+                ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+3] << 24) |
-+                ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+2] << 16) |
-+                ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+1] << 8) |
-+                ((unsigned long long)buf[fileTypeInfo[format].sizeOffset]);
-+        } else {
-+            meta->capacity =
-+                ((unsigned long long)buf[fileTypeInfo[format].sizeOffset] << 56) |
-+                ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+1] << 48) |
-+                ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+2] << 40) |
-+                ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+3] << 32) |
-+                ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+4] << 24) |
-+                ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+5] << 16) |
-+                ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+6] << 8) |
-+                ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+7]);
-         }
-+        /* Avoid unlikely, but theoretically possible overflow */
-+        if (meta->capacity > (ULLONG_MAX / fileTypeInfo[format].sizeMultiplier))
-+            return 1;
-+        meta->capacity *= fileTypeInfo[format].sizeMultiplier;
-+    }
- 
-        /* Validation passed, we know the file format now */
-        meta->format = i;
-        if (fileTypeInfo[i].getBackingStore != NULL) {
-            char *backing;
-            int backingFormat;
-+    if (fileTypeInfo[format].qcowCryptOffset != -1) {
-+        int crypt_format;
- 
-            switch (fileTypeInfo[i].getBackingStore(&backing,
-                                                    &backingFormat,
-                                                    head, len)) {
-            case BACKING_STORE_OK:
-                break;
-+        crypt_format =
-+            (buf[fileTypeInfo[format].qcowCryptOffset] << 24) |
-+            (buf[fileTypeInfo[format].qcowCryptOffset+1] << 16) |
-+            (buf[fileTypeInfo[format].qcowCryptOffset+2] << 8) |
-+            (buf[fileTypeInfo[format].qcowCryptOffset+3]);
-+        meta->encrypted = crypt_format != 0;
-+    }
- 
-            case BACKING_STORE_INVALID:
-                continue;
-+    if (fileTypeInfo[format].getBackingStore != NULL) {
-+        char *backing;
-+        int backingFormat;
-+        int ret = fileTypeInfo[format].getBackingStore(&backing,
-+                                                       &backingFormat,
-+                                                       buf, buflen);
-+        if (ret == BACKING_STORE_INVALID)
-+            return 1;
-+
-+        if (ret == BACKING_STORE_ERROR)
-+            return -1;
- 
-            case BACKING_STORE_ERROR:
-+        if (backing != NULL) {
-+            meta->backingStore = absolutePathFromBaseFile(path, backing);
-+            VIR_FREE(backing);
-+            if (meta->backingStore == NULL) {
-+                virReportOOMError();
-                 return -1;
-             }
-            if (backing != NULL) {
-                meta->backingStore = absolutePathFromBaseFile(path, backing);
-                VIR_FREE(backing);
-                if (meta->backingStore == NULL) {
-                    virReportOOMError();
-                    return -1;
-                }
-                meta->backingStoreFormat = backingFormat;
-            } else {
-                meta->backingStoreFormat = VIR_STORAGE_FILE_AUTO;
-            }
-+            meta->backingStoreFormat = backingFormat;
-+        } else {
-+            meta->backingStore = NULL;
-+            meta->backingStoreFormat = VIR_STORAGE_FILE_AUTO;
-+        }
-+    }
-+
-+    return 0;
-+}
-+
-+
-+static int
-+virStorageFileProbeFormatFromBuf(const char *path,
-+                                 unsigned char *buf,
-+                                 size_t buflen)
-+{
-+    int format = VIR_STORAGE_FILE_RAW;
-+    int i;
-+
-+    /* First check file magic */
-+    for (i = 0 ; i < VIR_STORAGE_FILE_LAST ; i++) {
-+        if (virStorageFileMatchesMagic(i, buf, buflen) &&
-+            virStorageFileMatchesVersion(i, buf, buflen)) {
-+            format = i;
-+            goto cleanup;
-         }
-        return 0;
-     }
- 
-     /* No magic, so check file extension */
-    for (i = 0 ; i < ARRAY_CARDINALITY(fileTypeInfo) ; i++) {
-        if (fileTypeInfo[i].extension == NULL)
-            continue;
-+    for (i = 0 ; i < VIR_STORAGE_FILE_LAST ; i++) {
-+        if (virStorageFileMatchesExtension(i, path)) {
-+            format = i;
-+            goto cleanup;
-+        }
-+    }
- 
-        if (!virFileHasSuffix(path, fileTypeInfo[i].extension))
-            continue;
-+cleanup:
-+    return format;
-+}
- 
-        meta->format = i;
-        return 0;
-+
-+/**
-+ * virStorageFileProbeFormatFromFD:
-+ *
-+ * Probe for the format of 'fd' (which is an open file descriptor
-+ * pointing to 'path'), returning the detected disk format.
-+ *
-+ * Callers are advised never to trust the returned 'format'
-+ * unless it is listed as VIR_STORAGE_FILE_RAW, since a
-+ * malicious guest can turn a file into any other non-raw
-+ * format at will.
-+ *
-+ * Best option: Don't use this function
-+ */
-+int
-+virStorageFileProbeFormatFromFD(const char *path, int fd)
-+{
-+    unsigned char *head;
-+    ssize_t len = STORAGE_MAX_HEAD;
-+    int ret = -1;
-+
-+    if (VIR_ALLOC_N(head, len) < 0) {
-+        virReportOOMError();
-+        return -1;
-     }
- 
-    return 0;
-+    if (lseek(fd, 0, SEEK_SET) == (off_t)-1) {
-+        virReportSystemError(errno, _("cannot set to start of '%s'"), path);
-+        goto cleanup;
-+    }
-+
-+    if ((len = read(fd, head, len)) < 0) {
-+        virReportSystemError(errno, _("cannot read header '%s'"), path);
-+        goto cleanup;
-+    }
-+
-+    ret = virStorageFileProbeFormatFromBuf(path, head, len);
-+
-+cleanup:
-+    VIR_FREE(head);
-+    return ret;
-+}
-+
-+
-+/**
-+ * virStorageFileProbeFormat:
-+ *
-+ * Probe for the format of 'path', returning the detected
-+ * disk format.
-+ *
-+ * Callers are advised never to trust the returned 'format'
-+ * unless it is listed as VIR_STORAGE_FILE_RAW, since a
-+ * malicious guest can turn a raw file into any other non-raw
-+ * format at will.
-+ *
-+ * Best option: Don't use this function
-+ */
-+int
-+virStorageFileProbeFormat(const char *path)
-+{
-+    int fd, ret;
-+
-+    if ((fd = open(path, O_RDONLY)) < 0) {
-+        virReportSystemError(errno, _("cannot open file '%s'"), path);
-+        return -1;
-+    }
-+
-+    ret = virStorageFileProbeFormatFromFD(path, fd);
-+
-+    close(fd);
-+
-+    return ret;
- }
- 
-+/**
-+ * virStorageFileGetMetadataFromFD:
-+ *
-+ * Probe for the format of 'fd' (which is an open file descriptor
-+ * for the file 'path'), filling 'meta' with the detected
-+ * format and other associated metadata.
-+ *
-+ * Callers are advised never to trust the returned 'meta->format'
-+ * unless it is listed as VIR_STORAGE_FILE_RAW, since a
-+ * malicious guest can turn a raw file into any other non-raw
-+ * format at will.
-+ */
-+int
-+virStorageFileGetMetadataFromFD(const char *path,
-+                                int fd,
-+                                virStorageFileMetadata *meta)
-+{
-+    unsigned char *head;
-+    ssize_t len = STORAGE_MAX_HEAD;
-+    int ret = -1;
-+
-+    if (VIR_ALLOC_N(head, len) < 0) {
-+        virReportOOMError();
-+        return -1;
-+    }
-+
-+    memset(meta, 0, sizeof (*meta));
-+
-+    if (lseek(fd, 0, SEEK_SET) == (off_t)-1) {
-+        virReportSystemError(errno, _("cannot set to start of '%s'"), path);
-+        goto cleanup;
-+    }
-+
-+    if ((len = read(fd, head, len)) < 0) {
-+        virReportSystemError(errno, _("cannot read header '%s'"), path);
-+        goto cleanup;
-+    }
-+
-+    meta->format = virStorageFileProbeFormatFromBuf(path, head, len);
-+
-+    ret = virStorageFileGetMetadataFromBuf(meta->format, path, head, len, meta);
-+
-+cleanup:
-+    VIR_FREE(head);
-+    return ret;
-+}
-+
-+/**
-+ * virStorageFileGetMetadata:
-+ *
-+ * Probe for the format of 'path', filling 'meta' with the detected
-+ * format and other associated metadata.
-+ *
-+ * Callers are advised never to trust the returned 'meta->format'
-+ * unless it is listed as VIR_STORAGE_FILE_RAW, since a
-+ * malicious guest can turn a raw file into any other non-raw
-+ * format at will.
-+ */
- int
- virStorageFileGetMetadata(const char *path,
-                           virStorageFileMetadata *meta)
-diff --git a/src/util/storage_file.h b/src/util/storage_file.h
-index 6328ba7..3420d44 100644
--- a/src/util/storage_file.h
-+++ b/src/util/storage_file.h
-@@ -57,6 +57,10 @@ typedef struct _virStorageFileMetadata {
- #  define DEV_BSIZE 512
- # endif
- 
-+int virStorageFileProbeFormat(const char *path);
-+int virStorageFileProbeFormatFromFD(const char *path,
-+                                    int fd);
-+
- int virStorageFileGetMetadata(const char *path,
-                               virStorageFileMetadata *meta);
- int virStorageFileGetMetadataFromFD(const char *path,
-- 
-1.7.1.1
-
@@ -1,285 +0,0 @@
-From 726a63a437efd96510ce316bf30d16f213d4db27 Mon Sep 17 00:00:00 2001
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Tue, 15 Jun 2010 16:15:51 +0100
-Subject: [PATCH 04/11] Require format to be passed into virStorageFileGetMetadata
-
-Require the disk image to be passed into virStorageFileGetMetadata.
-If this is set to VIR_STORAGE_FILE_AUTO, then the format will be
-resolved using probing. This makes it easier to control when
-probing will be used
-
-* src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c,
-  src/security/security_selinux.c, src/security/virt-aa-helper.c:
-  Set VIR_STORAGE_FILE_AUTO when calling virStorageFileGetMetadata.
-* src/storage/storage_backend_fs.c: Probe for disk format before
-  calling virStorageFileGetMetadata.
-* src/util/storage_file.h, src/util/storage_file.c: Remove format
-  from virStorageFileMeta struct & require it to be passed into
-  method.
---
- src/qemu/qemu_driver.c           |   27 +++++++++++++++++---
- src/qemu/qemu_security_dac.c     |    4 ++-
- src/security/security_selinux.c  |    4 ++-
- src/security/virt-aa-helper.c    |    4 ++-
- src/storage/storage_backend_fs.c |   11 ++++++--
- src/util/storage_file.c          |   50 +++++++++++++++++++++++++------------
- src/util/storage_file.h          |    3 +-
- 7 files changed, 76 insertions(+), 27 deletions(-)
-
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index 487bfa3..97f2990 100644
--- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -3069,7 +3069,9 @@ static int qemuSetupDiskCgroup(virCgroupPtr cgroup,
-             }
-         }
- 
-        rc = virStorageFileGetMetadata(path, &meta);
-+        rc = virStorageFileGetMetadata(path,
-+                                       VIR_STORAGE_FILE_AUTO,
-+                                       &meta);
-         if (rc < 0)
-             VIR_WARN("Unable to lookup parent image for %s", path);
- 
-@@ -3119,7 +3121,9 @@ static int qemuTeardownDiskCgroup(virCgroupPtr cgroup,
-             }
-         }
- 
-        rc = virStorageFileGetMetadata(path, &meta);
-+        rc = virStorageFileGetMetadata(path,
-+                                       VIR_STORAGE_FILE_AUTO,
-+                                       &meta);
-         if (rc < 0)
-             VIR_WARN("Unable to lookup parent image for %s", path);
- 
-@@ -9614,6 +9618,7 @@ static int qemuDomainGetBlockInfo(virDomainPtr dom,
-     virDomainDiskDefPtr disk = NULL;
-     struct stat sb;
-     int i;
-+    int format;
- 
-     virCheckFlags(0, -1);
- 
-@@ -9658,7 +9663,21 @@ static int qemuDomainGetBlockInfo(virDomainPtr dom,
-     }
- 
-     /* Probe for magic formats */
-    if (virStorageFileGetMetadataFromFD(path, fd, &meta) < 0)
-+    if (disk->driverType) {
-+        if ((format = virStorageFileFormatTypeFromString(disk->driverType)) < 0) {
-+            qemuReportError(VIR_ERR_INTERNAL_ERROR,
-+                            _("unknown disk format %s for %s"),
-+                            disk->driverType, disk->src);
-+            goto cleanup;
-+        }
-+    } else {
-+        if ((format = virStorageFileProbeFormat(disk->src)) < 0)
-+            goto cleanup;
-+    }
-+
-+    if (virStorageFileGetMetadataFromFD(path, fd,
-+                                        format,
-+                                        &meta) < 0)
-         goto cleanup;
- 
-     /* Get info for normal formats */
-@@ -9706,7 +9725,7 @@ static int qemuDomainGetBlockInfo(virDomainPtr dom,
-        highest allocated extent from QEMU */
-     if (virDomainObjIsActive(vm) &&
-         disk->type == VIR_DOMAIN_DISK_TYPE_BLOCK &&
-        meta.format != VIR_STORAGE_FILE_RAW &&
-+        format != VIR_STORAGE_FILE_RAW &&
-         S_ISBLK(sb.st_mode)) {
-         qemuDomainObjPrivatePtr priv = vm->privateData;
-         if (qemuDomainObjBeginJob(vm) < 0)
-diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
-index 95015b0..acfe48e 100644
--- a/src/qemu/qemu_security_dac.c
-+++ b/src/qemu/qemu_security_dac.c
-@@ -115,7 +115,9 @@ qemuSecurityDACSetSecurityImageLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
-         virStorageFileMetadata meta;
-         int ret;
- 
-        ret = virStorageFileGetMetadata(path, &meta);
-+        ret = virStorageFileGetMetadata(path,
-+                                        VIR_STORAGE_FILE_AUTO,
-+                                        &meta);
- 
-         if (path != disk->src)
-             VIR_FREE(path);
-diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
-index e5eef19..5c0f002 100644
--- a/src/security/security_selinux.c
-+++ b/src/security/security_selinux.c
-@@ -457,7 +457,9 @@ SELinuxSetSecurityImageLabel(virDomainObjPtr vm,
-         virStorageFileMetadata meta;
-         int ret;
- 
-        ret = virStorageFileGetMetadata(path, &meta);
-+        ret = virStorageFileGetMetadata(path,
-+                                        VIR_STORAGE_FILE_AUTO,
-+                                        &meta);
- 
-         if (path != disk->src)
-             VIR_FREE(path);
-diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
-index c66f107..2c045e6 100644
--- a/src/security/virt-aa-helper.c
-+++ b/src/security/virt-aa-helper.c
-@@ -830,7 +830,9 @@ get_files(vahControl * ctl)
-             do {
-                 virStorageFileMetadata meta;
- 
-                ret = virStorageFileGetMetadata(path, &meta);
-+                ret = virStorageFileGetMetadata(path,
-+                                                VIR_STORAGE_FILE_AUTO,
-+                                                &meta);
- 
-                 if (path != ctl->def->disks[i]->src)
-                     VIR_FREE(path);
-diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c
-index f0cd770..d3ac0fe 100644
--- a/src/storage/storage_backend_fs.c
-+++ b/src/storage/storage_backend_fs.c
-@@ -75,14 +75,19 @@ virStorageBackendProbeTarget(virStorageVolTargetPtr target,
- 
-     memset(&meta, 0, sizeof(meta));
- 
-    if (virStorageFileGetMetadataFromFD(target->path, fd, &meta) < 0) {
-+    if ((target->format = virStorageFileProbeFormatFromFD(target->path, fd)) < 0) {
-         close(fd);
-         return -1;
-     }
- 
-    close(fd);
-+    if (virStorageFileGetMetadataFromFD(target->path, fd,
-+                                        target->format,
-+                                        &meta) < 0) {
-+        close(fd);
-+        return -1;
-+    }
- 
-    target->format = meta.format;
-+    close(fd);
- 
-     if (backingStore) {
-         *backingStore = meta.backingStore;
-diff --git a/src/util/storage_file.c b/src/util/storage_file.c
-index 221268b..9712d92 100644
--- a/src/util/storage_file.c
-+++ b/src/util/storage_file.c
-@@ -696,18 +696,23 @@ virStorageFileProbeFormat(const char *path)
- /**
-  * virStorageFileGetMetadataFromFD:
-  *
- * Probe for the format of 'fd' (which is an open file descriptor
- * for the file 'path'), filling 'meta' with the detected
- * format and other associated metadata.
-+ * Extract metadata about the storage volume with the specified
-+ * image format. If image format is VIR_STORAGE_FILE_AUTO, it
-+ * will probe to automatically identify the format. 
-  *
- * Callers are advised never to trust the returned 'meta->format'
- * unless it is listed as VIR_STORAGE_FILE_RAW, since a
- * malicious guest can turn a raw file into any other non-raw
- * format at will.
-+ * Callers are advised never to use VIR_STORAGE_FILE_AUTO as a
-+ * format, since a malicious guest can turn a raw file into any
-+ * other non-raw format at will.
-+ *
-+ * If the returned meta.backingStoreFormat is VIR_STORAGE_FILE_AUTO
-+ * it indicates the image didn't specify an explicit format for its
-+ * backing store. Callers are advised against probing for the
-+ * backing store format in this case.
-  */
- int
- virStorageFileGetMetadataFromFD(const char *path,
-                                 int fd,
-+                                int format,
-                                 virStorageFileMetadata *meta)
- {
-     unsigned char *head;
-@@ -731,9 +736,16 @@ virStorageFileGetMetadataFromFD(const char *path,
-         goto cleanup;
-     }
- 
-    meta->format = virStorageFileProbeFormatFromBuf(path, head, len);
-+    if (format == VIR_STORAGE_FILE_AUTO)
-+        format = virStorageFileProbeFormatFromBuf(path, head, len);
-+
-+    if (format < 0 ||
-+        format >= VIR_STORAGE_FILE_LAST) {
-+        virReportSystemError(EINVAL, _("unknown storage file format %d"), format);
-+        return -1;
-+    }
- 
-    ret = virStorageFileGetMetadataFromBuf(meta->format, path, head, len, meta);
-+    ret = virStorageFileGetMetadataFromBuf(format, path, head, len, meta);
- 
- cleanup:
-     VIR_FREE(head);
-@@ -743,16 +755,22 @@ cleanup:
- /**
-  * virStorageFileGetMetadata:
-  *
- * Probe for the format of 'path', filling 'meta' with the detected
- * format and other associated metadata.
-+ * Extract metadata about the storage volume with the specified
-+ * image format. If image format is VIR_STORAGE_FILE_AUTO, it
-+ * will probe to automatically identify the format. 
-  *
- * Callers are advised never to trust the returned 'meta->format'
- * unless it is listed as VIR_STORAGE_FILE_RAW, since a
- * malicious guest can turn a raw file into any other non-raw
- * format at will.
-+ * Callers are advised never to use VIR_STORAGE_FILE_AUTO as a
-+ * format, since a malicious guest can turn a raw file into any
-+ * other non-raw format at will.
-+ *
-+ * If the returned meta.backingStoreFormat is VIR_STORAGE_FILE_AUTO
-+ * it indicates the image didn't specify an explicit format for its
-+ * backing store. Callers are advised against probing for the
-+ * backing store format in this case.
-  */
- int
- virStorageFileGetMetadata(const char *path,
-+                          int format,
-                           virStorageFileMetadata *meta)
- {
-     int fd, ret;
-@@ -762,7 +780,7 @@ virStorageFileGetMetadata(const char *path,
-         return -1;
-     }
- 
-    ret = virStorageFileGetMetadataFromFD(path, fd, meta);
-+    ret = virStorageFileGetMetadataFromFD(path, fd, format, meta);
- 
-     close(fd);
- 
-diff --git a/src/util/storage_file.h b/src/util/storage_file.h
-index 3420d44..6853182 100644
--- a/src/util/storage_file.h
-+++ b/src/util/storage_file.h
-@@ -46,7 +46,6 @@ enum virStorageFileFormat {
- VIR_ENUM_DECL(virStorageFileFormat);
- 
- typedef struct _virStorageFileMetadata {
-    int format;
-     char *backingStore;
-     int backingStoreFormat;
-     unsigned long long capacity;
-@@ -62,9 +61,11 @@ int virStorageFileProbeFormatFromFD(const char *path,
-                                     int fd);
- 
- int virStorageFileGetMetadata(const char *path,
-+                              int format,
-                               virStorageFileMetadata *meta);
- int virStorageFileGetMetadataFromFD(const char *path,
-                                     int fd,
-+                                    int format,
-                                     virStorageFileMetadata *meta);
- 
- int virStorageFileIsSharedFS(const char *path);
-- 
-1.7.1.1
-
@@ -1,170 +0,0 @@
-From ac5067f1e2e98181ee0e9230f756697f50d853eb Mon Sep 17 00:00:00 2001
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Mon, 14 Jun 2010 18:09:15 +0100
-Subject: [PATCH 05/11] Add an API for iterating over disk paths
-
-There is duplicated code which iterates over disk backing stores
-performing some action. Provide a convenient helper for doing
-this to eliminate duplication & risk of mistakes with disk format
-probing
-
-* src/conf/domain_conf.c, src/conf/domain_conf.h,
-  src/libvirt_private.syms: Add virDomainDiskDefForeachPath()
---
- src/conf/domain_conf.c   |   99 ++++++++++++++++++++++++++++++++++++++++++++++
- src/conf/domain_conf.h   |   11 +++++
- src/libvirt_private.syms |    1 +
- 3 files changed, 111 insertions(+), 0 deletions(-)
-
-diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
-index 378c06e..b20ca97 100644
--- a/src/conf/domain_conf.c
-+++ b/src/conf/domain_conf.c
-@@ -45,6 +45,7 @@
- #include "macvtap.h"
- #include "nwfilter_conf.h"
- #include "ignore-value.h"
-+#include "storage_file.h"
- 
- #define VIR_FROM_THIS VIR_FROM_DOMAIN
- 
-@@ -7273,4 +7274,102 @@ done:
- }
- 
- 
-+int virDomainDiskDefForeachPath(virDomainDiskDefPtr disk,
-+                                bool allowProbing,
-+                                bool ignoreOpenFailure,
-+                                virDomainDiskDefPathIterator iter,
-+                                void *opaque)
-+{
-+    virHashTablePtr paths;
-+    int format;
-+    int ret = -1;
-+    size_t depth = 0;
-+    char *nextpath = NULL;
-+
-+    if (!disk->src)
-+        return 0;
-+
-+    if (disk->driverType) {
-+        const char *formatStr = disk->driverType;
-+        if (STREQ(formatStr, "aio"))
-+            formatStr = "raw"; /* Xen compat */
-+
-+        if ((format = virStorageFileFormatTypeFromString(formatStr)) < 0) {
-+            virDomainReportError(VIR_ERR_INTERNAL_ERROR,
-+                                 _("unknown disk format '%s' for %s"),
-+                                 disk->driverType, disk->src);
-+            return -1;
-+        }
-+    } else {
-+        if (allowProbing) {
-+            format = VIR_STORAGE_FILE_AUTO;
-+        } else {
-+            virDomainReportError(VIR_ERR_INTERNAL_ERROR,
-+                                 _("no disk format for %s and probing is disabled"),
-+                                 disk->src);
-+            return -1;
-+        }
-+    }
-+
-+    paths = virHashCreate(5);
-+
-+    do {
-+        virStorageFileMetadata meta;
-+        const char *path = nextpath ? nextpath : disk->src;
-+        int fd;
-+
-+        if (iter(disk, path, depth, opaque) < 0)
-+            goto cleanup;
-+
-+        if (virHashLookup(paths, path)) {
-+            virDomainReportError(VIR_ERR_INTERNAL_ERROR,
-+                                 _("backing store for %s is self-referential"),
-+                                 disk->src);
-+            goto cleanup;
-+        }
-+
-+        if ((fd = open(path, O_RDONLY)) < 0) {
-+            if (ignoreOpenFailure) {
-+                char ebuf[1024];
-+                VIR_WARN("Ignoring open failure on %s: %s", path,
-+                         virStrerror(errno, ebuf, sizeof(ebuf)));
-+                break;
-+            } else {
-+                virReportSystemError(errno,
-+                                     _("unable to open disk path %s"),
-+                                     path);
-+                goto cleanup;
-+            }
-+        }
-+
-+        if (virStorageFileGetMetadataFromFD(path, fd, format, &meta) < 0) {
-+            close(fd);
-+            goto cleanup;
-+        }
-+        close(fd);
-+
-+        if (virHashAddEntry(paths, path, (void*)0x1) < 0) {
-+            virReportOOMError();
-+            goto cleanup;
-+        }
-+
-+        depth++;
-+        nextpath = meta.backingStore;
-+
-+        format = meta.backingStoreFormat;
-+
-+        if (format == VIR_STORAGE_FILE_AUTO &&
-+            !allowProbing)
-+            format = VIR_STORAGE_FILE_RAW; /* Stops further recursion */
-+    } while (nextpath);
-+
-+    ret = 0;
-+
-+cleanup:
-+    virHashFree(paths, NULL);
-+    VIR_FREE(nextpath);
-+
-+    return ret;
-+}
-+
- #endif /* ! PROXY */
-diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
-index 01da17e..d46869e 100644
--- a/src/conf/domain_conf.h
-+++ b/src/conf/domain_conf.h
-@@ -1079,6 +1079,17 @@ int virDomainChrDefForeach(virDomainDefPtr def,
-                            void *opaque);
- 
- 
-+typedef int (*virDomainDiskDefPathIterator)(virDomainDiskDefPtr disk,
-+                                            const char *path,
-+                                            size_t depth,
-+                                            void *opaque);
-+
-+int virDomainDiskDefForeachPath(virDomainDiskDefPtr disk,
-+                                bool allowProbing,
-+                                bool ignoreOpenFailure,
-+                                virDomainDiskDefPathIterator iter,
-+                                void *opaque);
-+
- VIR_ENUM_DECL(virDomainVirt)
- VIR_ENUM_DECL(virDomainBoot)
- VIR_ENUM_DECL(virDomainFeature)
-diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
-index 4607f49..b5f3695 100644
--- a/src/libvirt_private.syms
-+++ b/src/libvirt_private.syms
-@@ -225,6 +225,7 @@ virDomainSnapshotDefFormat;
- virDomainSnapshotAssignDef;
- virDomainObjAssignDef;
- virDomainChrDefForeach;
-+virDomainDiskDefForeachPath;
- 
- 
- # domain_event.h
-- 
-1.7.1.1
-
@@ -1,506 +0,0 @@
-From 54c1bb731d2b19a46a594cf9682c022f1e1114d2 Mon Sep 17 00:00:00 2001
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Tue, 15 Jun 2010 16:40:47 +0100
-Subject: [PATCH 06/11] Convert all disk backing store loops to shared helper API
-
-Update the QEMU cgroups code, QEMU DAC security driver, SELinux
-and AppArmour security drivers over to use the shared helper API
-virDomainDiskDefForeachPath().
-
-* src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c,
-  src/security/security_selinux.c, src/security/virt-aa-helper.c:
-  Convert over to use virDomainDiskDefForeachPath()
---
- src/qemu/qemu_driver.c          |  161 ++++++++++++++++----------------------
- src/qemu/qemu_security_dac.c    |   47 ++++--------
- src/security/security_selinux.c |   67 +++++++----------
- src/security/virt-aa-helper.c   |   71 ++++++++----------
- 4 files changed, 142 insertions(+), 204 deletions(-)
-
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index 97f2990..99aeffa 100644
--- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -3040,107 +3040,82 @@ static const char *const defaultDeviceACL[] = {
- #define DEVICE_PTY_MAJOR 136
- #define DEVICE_SND_MAJOR 116
- 
-static int qemuSetupDiskCgroup(virCgroupPtr cgroup,
-                               virDomainObjPtr vm,
-                               virDomainDiskDefPtr disk)
-{
-    char *path = disk->src;
-    int ret = -1;
- 
-    while (path != NULL) {
-        virStorageFileMetadata meta;
-        int rc;
-+static int qemuSetupDiskPathAllow(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
-+                                  const char *path,
-+                                  size_t depth ATTRIBUTE_UNUSED,
-+                                  void *opaque)
-+{
-+    virCgroupPtr cgroup = opaque;
-+    int rc;
- 
-        VIR_DEBUG("Process path '%s' for disk", path);
-        rc = virCgroupAllowDevicePath(cgroup, path);
-        if (rc != 0) {
-            /* Get this for non-block devices */
-            if (rc == -EINVAL) {
-                VIR_DEBUG("Ignoring EINVAL for %s", path);
-            } else if (rc == -EACCES) { /* Get this for root squash NFS */
-                VIR_DEBUG("Ignoring EACCES for %s", path);
-            } else {
-                virReportSystemError(-rc,
-                                     _("Unable to allow device %s for %s"),
-                                     path, vm->def->name);
-                if (path != disk->src)
-                    VIR_FREE(path);
-                goto cleanup;
-            }
-+    VIR_DEBUG("Process path %s for disk", path);
-+    /* XXX RO vs RW */
-+    rc = virCgroupAllowDevicePath(cgroup, path);
-+    if (rc != 0) {
-+        /* Get this for non-block devices */
-+        if (rc == -EINVAL) {
-+            VIR_DEBUG("Ignoring EINVAL for %s", path);
-+        } else if (rc == -EACCES) { /* Get this for root squash NFS */
-+            VIR_DEBUG("Ignoring EACCES for %s", path);
-+        } else {
-+            virReportSystemError(-rc,
-+                                 _("Unable to allow access for disk path %s"),
-+                                 path);
-+            return -1;
-         }
-
-        rc = virStorageFileGetMetadata(path,
-                                       VIR_STORAGE_FILE_AUTO,
-                                       &meta);
-        if (rc < 0)
-            VIR_WARN("Unable to lookup parent image for %s", path);
-
-        if (path != disk->src)
-            VIR_FREE(path);
-        path = NULL;
-
-        if (rc < 0)
-            break; /* Treating as non fatal */
-
-        path = meta.backingStore;
-     }
-+    return 0;
-+}
- 
-    ret = 0;
- 
-cleanup:
-    return ret;
-+static int qemuSetupDiskCgroup(virCgroupPtr cgroup,
-+                               virDomainDiskDefPtr disk)
-+{
-+    return virDomainDiskDefForeachPath(disk,
-+                                       true,
-+                                       true,
-+                                       qemuSetupDiskPathAllow,
-+                                       cgroup);
- }
- 
- 
-static int qemuTeardownDiskCgroup(virCgroupPtr cgroup,
-                                  virDomainObjPtr vm,
-                                  virDomainDiskDefPtr disk)
-+static int qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
-+                                    const char *path,
-+                                    size_t depth ATTRIBUTE_UNUSED,
-+                                    void *opaque)
- {
-    char *path = disk->src;
-    int ret = -1;
-
-    while (path != NULL) {
-        virStorageFileMetadata meta;
-        int rc;
-+    virCgroupPtr cgroup = opaque;
-+    int rc;
- 
-        VIR_DEBUG("Process path '%s' for disk", path);
-        rc = virCgroupDenyDevicePath(cgroup, path);
-        if (rc != 0) {
-            /* Get this for non-block devices */
-            if (rc == -EINVAL) {
-                VIR_DEBUG("Ignoring EINVAL for %s", path);
-            } else if (rc == -EACCES) { /* Get this for root squash NFS */
-                VIR_DEBUG("Ignoring EACCES for %s", path);
-            } else {
-                virReportSystemError(-rc,
-                                     _("Unable to deny device %s for %s"),
-                                     path, vm->def->name);
-                if (path != disk->src)
-                    VIR_FREE(path);
-                goto cleanup;
-            }
-+    VIR_DEBUG("Process path %s for disk", path);
-+    /* XXX RO vs RW */
-+    rc = virCgroupDenyDevicePath(cgroup, path);
-+    if (rc != 0) {
-+        /* Get this for non-block devices */
-+        if (rc == -EINVAL) {
-+            VIR_DEBUG("Ignoring EINVAL for %s", path);
-+        } else if (rc == -EACCES) { /* Get this for root squash NFS */
-+            VIR_DEBUG("Ignoring EACCES for %s", path);
-+        } else {
-+            virReportSystemError(-rc,
-+                                 _("Unable to allow access for disk path %s"),
-+                                 path);
-+            return -1;
-         }
-
-        rc = virStorageFileGetMetadata(path,
-                                       VIR_STORAGE_FILE_AUTO,
-                                       &meta);
-        if (rc < 0)
-            VIR_WARN("Unable to lookup parent image for %s", path);
-
-        if (path != disk->src)
-            VIR_FREE(path);
-        path = NULL;
-
-        if (rc < 0)
-            break; /* Treating as non fatal */
-
-        path = meta.backingStore;
-     }
-+    return 0;
-+}
- 
-    ret = 0;
- 
-cleanup:
-    return ret;
-+static int qemuTeardownDiskCgroup(virCgroupPtr cgroup,
-+                                  virDomainDiskDefPtr disk)
-+{
-+    return virDomainDiskDefForeachPath(disk,
-+                                       true,
-+                                       true,
-+                                       qemuTeardownDiskPathDeny,
-+                                       cgroup);
- }
- 
- 
-@@ -3204,7 +3179,7 @@ static int qemuSetupCgroup(struct qemud_driver *driver,
-         }
- 
-         for (i = 0; i < vm->def->ndisks ; i++) {
-            if (qemuSetupDiskCgroup(cgroup, vm, vm->def->disks[i]) < 0)
-+            if (qemuSetupDiskCgroup(cgroup, vm->def->disks[i]) < 0)
-                 goto cleanup;
-         }
- 
-@@ -8035,7 +8010,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
-                                 vm->def->name);
-                 goto endjob;
-             }
-            if (qemuSetupDiskCgroup(cgroup, vm, dev->data.disk) < 0)
-+            if (qemuSetupDiskCgroup(cgroup, dev->data.disk) < 0)
-                 goto endjob;
-         }
- 
-@@ -8080,7 +8055,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
-             /* Fallthrough */
-         }
-         if (ret != 0 && cgroup) {
-            if (qemuTeardownDiskCgroup(cgroup, vm, dev->data.disk) < 0)
-+            if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
-                 VIR_WARN("Failed to teardown cgroup for disk path %s",
-                          NULLSTR(dev->data.disk->src));
-         }
-@@ -8280,7 +8255,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom,
-                                 vm->def->name);
-                 goto endjob;
-             }
-            if (qemuSetupDiskCgroup(cgroup, vm, dev->data.disk) < 0)
-+            if (qemuSetupDiskCgroup(cgroup, dev->data.disk) < 0)
-                 goto endjob;
-         }
- 
-@@ -8303,7 +8278,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom,
-         }
- 
-         if (ret != 0 && cgroup) {
-            if (qemuTeardownDiskCgroup(cgroup, vm, dev->data.disk) < 0)
-+            if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
-                 VIR_WARN("Failed to teardown cgroup for disk path %s",
-                          NULLSTR(dev->data.disk->src));
-         }
-@@ -8430,7 +8405,7 @@ static int qemudDomainDetachPciDiskDevice(struct qemud_driver *driver,
-         VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
- 
-     if (cgroup != NULL) {
-        if (qemuTeardownDiskCgroup(cgroup, vm, dev->data.disk) < 0)
-+        if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
-             VIR_WARN("Failed to teardown cgroup for disk path %s",
-                      NULLSTR(dev->data.disk->src));
-     }
-@@ -8493,7 +8468,7 @@ static int qemudDomainDetachSCSIDiskDevice(struct qemud_driver *driver,
-         VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
- 
-     if (cgroup != NULL) {
-        if (qemuTeardownDiskCgroup(cgroup, vm, dev->data.disk) < 0)
-+        if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
-             VIR_WARN("Failed to teardown cgroup for disk path %s",
-                      NULLSTR(dev->data.disk->src));
-     }
-diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
-index acfe48e..770010d 100644
--- a/src/qemu/qemu_security_dac.c
-+++ b/src/qemu/qemu_security_dac.c
-@@ -98,45 +98,28 @@ err:
- 
- 
- static int
-+qemuSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
-+                                    const char *path,
-+                                    size_t depth ATTRIBUTE_UNUSED,
-+                                    void *opaque ATTRIBUTE_UNUSED)
-+{
-+    return qemuSecurityDACSetOwnership(path, driver->user, driver->group);
-+}
-+
-+
-+static int
- qemuSecurityDACSetSecurityImageLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
-                                      virDomainDiskDefPtr disk)
- 
- {
-    const char *path;
-
-     if (!driver->privileged || !driver->dynamicOwnership)
-         return 0;
- 
-    if (!disk->src)
-        return 0;
-
-    path = disk->src;
-    do {
-        virStorageFileMetadata meta;
-        int ret;
-
-        ret = virStorageFileGetMetadata(path,
-                                        VIR_STORAGE_FILE_AUTO,
-                                        &meta);
-
-        if (path != disk->src)
-            VIR_FREE(path);
-        path = NULL;
-
-        if (ret < 0)
-            return -1;
-
-        if (meta.backingStore != NULL &&
-            qemuSecurityDACSetOwnership(meta.backingStore,
-                                        driver->user, driver->group) < 0) {
-            VIR_FREE(meta.backingStore);
-            return -1;
-        }
-
-        path = meta.backingStore;
-    } while (path != NULL);
-
-    return qemuSecurityDACSetOwnership(disk->src, driver->user, driver->group);
-+    return virDomainDiskDefForeachPath(disk,
-+                                       true,
-+                                       false,
-+                                       qemuSecurityDACSetSecurityFileLabel,
-+                                       NULL);
- }
- 
- 
-diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
-index 5c0f002..d191118 100644
--- a/src/security/security_selinux.c
-+++ b/src/security/security_selinux.c
-@@ -439,54 +439,43 @@ SELinuxRestoreSecurityImageLabel(virDomainObjPtr vm,
- 
- 
- static int
-+SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
-+                            const char *path,
-+                            size_t depth,
-+                            void *opaque)
-+{
-+    const virSecurityLabelDefPtr secdef = opaque;
-+
-+    if (depth == 0) {
-+        if (disk->shared) {
-+            return SELinuxSetFilecon(path, default_image_context);
-+        } else if (disk->readonly) {
-+            return SELinuxSetFilecon(path, default_content_context);
-+        } else if (secdef->imagelabel) {
-+            return SELinuxSetFilecon(path, secdef->imagelabel);
-+        } else {
-+            return 0;
-+        }
-+    } else {
-+        return SELinuxSetFilecon(path, default_content_context);
-+    }
-+}
-+
-+static int
- SELinuxSetSecurityImageLabel(virDomainObjPtr vm,
-                              virDomainDiskDefPtr disk)
- 
- {
-     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
-    const char *path;
- 
-     if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
-         return 0;
- 
-    if (!disk->src)
-        return 0;
-
-    path = disk->src;
-    do {
-        virStorageFileMetadata meta;
-        int ret;
-
-        ret = virStorageFileGetMetadata(path,
-                                        VIR_STORAGE_FILE_AUTO,
-                                        &meta);
-
-        if (path != disk->src)
-            VIR_FREE(path);
-        path = NULL;
-
-        if (ret < 0)
-           break;
-
-        if (meta.backingStore != NULL &&
-            SELinuxSetFilecon(meta.backingStore,
-                              default_content_context) < 0) {
-            VIR_FREE(meta.backingStore);
-            return -1;
-        }
-
-        path = meta.backingStore;
-    } while (path != NULL);
-
-    if (disk->shared) {
-        return SELinuxSetFilecon(disk->src, default_image_context);
-    } else if (disk->readonly) {
-        return SELinuxSetFilecon(disk->src, default_content_context);
-    } else if (secdef->imagelabel) {
-        return SELinuxSetFilecon(disk->src, secdef->imagelabel);
-    }
-
-    return 0;
-+    return virDomainDiskDefForeachPath(disk,
-+                                       true,
-+                                       false,
-+                                       SELinuxSetSecurityFileLabel,
-+                                       secdef);
- }
- 
- 
-diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
-index 2c045e6..9ed0cd3 100644
--- a/src/security/virt-aa-helper.c
-+++ b/src/security/virt-aa-helper.c
-@@ -36,7 +36,6 @@
- #include "uuid.h"
- #include "hostusb.h"
- #include "pci.h"
-#include "storage_file.h"
- 
- static char *progname;
- 
-@@ -801,6 +800,28 @@ file_iterate_pci_cb(pciDevice *dev ATTRIBUTE_UNUSED,
- }
- 
- static int
-+add_file_path(virDomainDiskDefPtr disk,
-+              const char *path,
-+              size_t depth,
-+              void *opaque)
-+{
-+    virBufferPtr buf = opaque;
-+    int ret;
-+
-+    if (depth == 0) {
-+        if (disk->readonly)
-+            ret = vah_add_file(buf, path, "r");
-+        else
-+            ret = vah_add_file(buf, path, "rw");
-+    } else {
-+        ret = vah_add_file(buf, path, "r");
-+    }
-+
-+    return ret;
-+}
-+
-+
-+static int
- get_files(vahControl * ctl)
- {
-     virBuffer buf = VIR_BUFFER_INITIALIZER;
-@@ -821,45 +842,15 @@ get_files(vahControl * ctl)
-         goto clean;
-     }
- 
-    for (i = 0; i < ctl->def->ndisks; i++)
-        if (ctl->def->disks[i] && ctl->def->disks[i]->src) {
-            int ret;
-            const char *path;
-
-            path = ctl->def->disks[i]->src;
-            do {
-                virStorageFileMetadata meta;
-
-                ret = virStorageFileGetMetadata(path,
-                                                VIR_STORAGE_FILE_AUTO,
-                                                &meta);
-
-                if (path != ctl->def->disks[i]->src)
-                    VIR_FREE(path);
-                path = NULL;
-
-                if (ret < 0) {
-                    vah_warning("could not open path, skipping");
-                    continue;
-                }
-
-                if (meta.backingStore != NULL &&
-                    (ret = vah_add_file(&buf, meta.backingStore, "rw")) != 0) {
-                    VIR_FREE(meta.backingStore);
-                    goto clean;
-                }
-
-                path = meta.backingStore;
-            } while (path != NULL);
-
-            if (ctl->def->disks[i]->readonly)
-                ret = vah_add_file(&buf, ctl->def->disks[i]->src, "r");
-            else
-                ret = vah_add_file(&buf, ctl->def->disks[i]->src, "rw");
-
-            if (ret != 0)
-                goto clean;
-        }
-+    for (i = 0; i < ctl->def->ndisks; i++) {
-+        int ret = virDomainDiskDefForeachPath(ctl->def->disks[i],
-+                                              true,
-+                                              false,
-+                                              add_file_path,
-+                                              &buf);
-+        if (ret != 0)
-+            goto clean;
-+    }
- 
-     for (i = 0; i < ctl->def->nserials; i++)
-         if (ctl->def->serials[i] && ctl->def->serials[i]->data.file.path)
-- 
-1.7.1.1
-
@@ -1,468 +0,0 @@
-From dac2b936e77f6c76c11f162e4b175492e4803acb Mon Sep 17 00:00:00 2001
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Tue, 15 Jun 2010 17:58:58 +0100
-Subject: [PATCH 08/11] Disable all disk probing in QEMU driver & add config option to re-enable
-
-Disk format probing is now disabled by default. A new config
-option in /etc/qemu/qemu.conf will re-enable it for existing
-deployments where this causes trouble
---
- src/qemu/libvirtd_qemu.aug       |    1 +
- src/qemu/qemu.conf               |   12 ++++++++++++
- src/qemu/qemu_conf.c             |    4 ++++
- src/qemu/qemu_conf.h             |    1 +
- src/qemu/qemu_driver.c           |   36 +++++++++++++++++++++++-------------
- src/qemu/qemu_security_dac.c     |    2 +-
- src/qemu/test_libvirtd_qemu.aug  |    4 ++++
- src/security/security_apparmor.c |   12 ++++++++----
- src/security/security_driver.c   |   16 ++++++++++++++--
- src/security/security_driver.h   |   10 ++++++++--
- src/security/security_selinux.c  |    9 ++++++---
- src/security/virt-aa-helper.c    |   10 +++++++++-
- tests/seclabeltest.c             |    2 +-
- 13 files changed, 92 insertions(+), 27 deletions(-)
-
-diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
-index 7c9f271..47d0525 100644
--- a/src/qemu/libvirtd_qemu.aug
-+++ b/src/qemu/libvirtd_qemu.aug
-@@ -40,6 +40,7 @@ module Libvirtd_qemu =
-                  | bool_entry "relaxed_acs_check"
-                  | bool_entry "vnc_allow_host_audio"
-                  | bool_entry "clear_emulator_capabilities"
-+                 | bool_entry "allow_disk_format_probing"
- 
-    (* Each enty in the config is one of the following three ... *)
-    let entry = vnc_entry
-diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
-index 93934f3..dc8eb83 100644
--- a/src/qemu/qemu.conf
-+++ b/src/qemu/qemu.conf
-@@ -187,3 +187,15 @@
- # exploit the privileges and possibly do damage to the host.
- #
- # clear_emulator_capabilities = 1
-+
-+
-+
-+# If allow_disk_format_probing is enabled, libvirt will probe disk
-+# images to attempt to identify their format, when not otherwise
-+# specified in the XML. This is disabled by default.
-+#
-+# WARNING: Enabling probing is a security hole in almost all
-+# deployments. It is strongly recommended that users update their
-+# guest XML <disk> elements to include  <driver type='XXXX'/>
-+# elements instead of enabling this option.
-+# allow_disk_format_probing = 1
-diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
-index 988220b..3ba48bf 100644
--- a/src/qemu/qemu_conf.c
-+++ b/src/qemu/qemu_conf.c
-@@ -365,6 +365,10 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
-     CHECK_TYPE ("clear_emulator_capabilities", VIR_CONF_LONG);
-     if (p) driver->clearEmulatorCapabilities = p->l;
- 
-+    p = virConfGetValue (conf, "allow_disk_format_probing");
-+    CHECK_TYPE ("allow_disk_format_probing", VIR_CONF_LONG);
-+    if (p) driver->allowDiskFormatProbing = p->l;
-+
-     virConfFree (conf);
-     return 0;
- }
-diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
-index ab5f158..30e9f20 100644
--- a/src/qemu/qemu_conf.h
-+++ b/src/qemu/qemu_conf.h
-@@ -141,6 +141,7 @@ struct qemud_driver {
-     unsigned int relaxedACS : 1;
-     unsigned int vncAllowHostAudio : 1;
-     unsigned int clearEmulatorCapabilities : 1;
-+    unsigned int allowDiskFormatProbing : 1;
- 
-     virCapsPtr caps;
- 
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index 616547c..3c479c5 100644
--- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -1322,7 +1322,8 @@ qemudSecurityInit(struct qemud_driver *qemud_drv)
-     qemuSecurityDACSetDriver(qemud_drv);
- 
-     ret = virSecurityDriverStartup(&security_drv,
-                                   qemud_drv->securityDriverName);
-+                                   qemud_drv->securityDriverName,
-+                                   qemud_drv->allowDiskFormatProbing);
-     if (ret == -1) {
-         VIR_ERROR0(_("Failed to start security driver"));
-         return -1;
-@@ -3070,11 +3071,12 @@ static int qemuSetupDiskPathAllow(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
- }
- 
- 
-static int qemuSetupDiskCgroup(virCgroupPtr cgroup,
-+static int qemuSetupDiskCgroup(struct qemud_driver *driver,
-+                               virCgroupPtr cgroup,
-                                virDomainDiskDefPtr disk)
- {
-     return virDomainDiskDefForeachPath(disk,
-                                       true,
-+                                       driver->allowDiskFormatProbing,
-                                        true,
-                                        qemuSetupDiskPathAllow,
-                                        cgroup);
-@@ -3109,11 +3111,12 @@ static int qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
- }
- 
- 
-static int qemuTeardownDiskCgroup(virCgroupPtr cgroup,
-+static int qemuTeardownDiskCgroup(struct qemud_driver *driver,
-+                                  virCgroupPtr cgroup,
-                                   virDomainDiskDefPtr disk)
- {
-     return virDomainDiskDefForeachPath(disk,
-                                       true,
-+                                       driver->allowDiskFormatProbing,
-                                        true,
-                                        qemuTeardownDiskPathDeny,
-                                        cgroup);
-@@ -3180,7 +3183,7 @@ static int qemuSetupCgroup(struct qemud_driver *driver,
-         }
- 
-         for (i = 0; i < vm->def->ndisks ; i++) {
-            if (qemuSetupDiskCgroup(cgroup, vm->def->disks[i]) < 0)
-+            if (qemuSetupDiskCgroup(driver, cgroup, vm->def->disks[i]) < 0)
-                 goto cleanup;
-         }
- 
-@@ -8033,7 +8036,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
-                                 vm->def->name);
-                 goto endjob;
-             }
-            if (qemuSetupDiskCgroup(cgroup, dev->data.disk) < 0)
-+            if (qemuSetupDiskCgroup(driver, cgroup, dev->data.disk) < 0)
-                 goto endjob;
-         }
- 
-@@ -8078,7 +8081,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
-             /* Fallthrough */
-         }
-         if (ret != 0 && cgroup) {
-            if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
-+            if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0)
-                 VIR_WARN("Failed to teardown cgroup for disk path %s",
-                          NULLSTR(dev->data.disk->src));
-         }
-@@ -8278,7 +8281,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom,
-                                 vm->def->name);
-                 goto endjob;
-             }
-            if (qemuSetupDiskCgroup(cgroup, dev->data.disk) < 0)
-+            if (qemuSetupDiskCgroup(driver, cgroup, dev->data.disk) < 0)
-                 goto endjob;
-         }
- 
-@@ -8301,7 +8304,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom,
-         }
- 
-         if (ret != 0 && cgroup) {
-            if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
-+            if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0)
-                 VIR_WARN("Failed to teardown cgroup for disk path %s",
-                          NULLSTR(dev->data.disk->src));
-         }
-@@ -8429,7 +8432,7 @@ static int qemudDomainDetachPciDiskDevice(struct qemud_driver *driver,
-         VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
- 
-     if (cgroup != NULL) {
-        if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
-+        if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0)
-             VIR_WARN("Failed to teardown cgroup for disk path %s",
-                      NULLSTR(dev->data.disk->src));
-     }
-@@ -8493,7 +8496,7 @@ static int qemudDomainDetachSCSIDiskDevice(struct qemud_driver *driver,
-         VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
- 
-     if (cgroup != NULL) {
-        if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
-+        if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0)
-             VIR_WARN("Failed to teardown cgroup for disk path %s",
-                      NULLSTR(dev->data.disk->src));
-     }
-@@ -9672,8 +9675,15 @@ static int qemuDomainGetBlockInfo(virDomainPtr dom,
-             goto cleanup;
-         }
-     } else {
-        if ((format = virStorageFileProbeFormat(disk->src)) < 0)
-+        if (driver->allowDiskFormatProbing) {
-+            if ((format = virStorageFileProbeFormat(disk->src)) < 0)
-+                goto cleanup;
-+        } else {
-+            qemuReportError(VIR_ERR_INTERNAL_ERROR,
-+                            _("no disk format for %s and probing is disabled"),
-+                            disk->src);
-             goto cleanup;
-+        }
-     }
- 
-     if (virStorageFileGetMetadataFromFD(path, fd,
-diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
-index 0bbcf69..55dc0c6 100644
--- a/src/qemu/qemu_security_dac.c
-+++ b/src/qemu/qemu_security_dac.c
-@@ -117,7 +117,7 @@ qemuSecurityDACSetSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
-         return 0;
- 
-     return virDomainDiskDefForeachPath(disk,
-                                       true,
-+                                       driver->allowDiskFormatProbing,
-                                        false,
-                                        qemuSecurityDACSetSecurityFileLabel,
-                                        NULL);
-diff --git a/src/qemu/test_libvirtd_qemu.aug b/src/qemu/test_libvirtd_qemu.aug
-index 3326cc5..f0c4a0d 100644
--- a/src/qemu/test_libvirtd_qemu.aug
-+++ b/src/qemu/test_libvirtd_qemu.aug
-@@ -101,6 +101,8 @@ relaxed_acs_check = 1
- vnc_allow_host_audio = 1
- 
- clear_emulator_capabilities = 0
-+
-+allow_disk_format_probing = 1
- "
- 
-    test Libvirtd_qemu.lns get conf =
-@@ -212,3 +214,5 @@ clear_emulator_capabilities = 0
- { "vnc_allow_host_audio" = "1" }
- { "#empty" }
- { "clear_emulator_capabilities" = "0" }
-+{ "#empty" }
-+{ "allow_disk_format_probing" = "1" }
-diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
-index cb5c739..c5f9829 100644
--- a/src/security/security_apparmor.c
-+++ b/src/security/security_apparmor.c
-@@ -157,6 +157,8 @@ load_profile(virSecurityDriverPtr drv,
-     char *xml = NULL;
-     int pipefd[2];
-     pid_t child;
-+    const char *probe = virSecurityDriverGetAllowDiskFormatProbing(drv)
-+        ? "1" : "0";
- 
-     if (pipe(pipefd) < -1) {
-         virReportSystemError(errno, "%s", _("unable to create pipe"));
-@@ -172,19 +174,19 @@ load_profile(virSecurityDriverPtr drv,
- 
-     if (create) {
-         const char *const argv[] = {
-            VIRT_AA_HELPER, "-c", "-u", profile, NULL
-+            VIRT_AA_HELPER, "-p", probe, "-c", "-u", profile, NULL
-         };
-         ret = virExec(argv, NULL, NULL, &child,
-                       pipefd[0], NULL, NULL, VIR_EXEC_NONE);
-     } else if (fn) {
-         const char *const argv[] = {
-            VIRT_AA_HELPER, "-r", "-u", profile, "-f", fn, NULL
-+            VIRT_AA_HELPER, "-p", probe, "-r", "-u", profile, "-f", fn, NULL
-         };
-         ret = virExec(argv, NULL, NULL, &child,
-                       pipefd[0], NULL, NULL, VIR_EXEC_NONE);
-     } else {
-         const char *const argv[] = {
-            VIRT_AA_HELPER, "-r", "-u", profile, NULL
-+            VIRT_AA_HELPER, "-p", probe, "-r", "-u", profile, NULL
-         };
-         ret = virExec(argv, NULL, NULL, &child,
-                       pipefd[0], NULL, NULL, VIR_EXEC_NONE);
-@@ -347,9 +349,11 @@ AppArmorSecurityDriverProbe(void)
-  * currently not used.
-  */
- static int
-AppArmorSecurityDriverOpen(virSecurityDriverPtr drv)
-+AppArmorSecurityDriverOpen(virSecurityDriverPtr drv,
-+                           bool allowDiskFormatProbing)
- {
-     virSecurityDriverSetDOI(drv, SECURITY_APPARMOR_VOID_DOI);
-+    virSecurityDriverSetAllowDiskFormatProbing(drv, allowDiskFormatProbing);
-     return 0;
- }
- 
-diff --git a/src/security/security_driver.c b/src/security/security_driver.c
-index aac9f78..9e32fa4 100644
--- a/src/security/security_driver.c
-+++ b/src/security/security_driver.c
-@@ -56,7 +56,8 @@ virSecurityDriverVerify(virDomainDefPtr def)
- 
- int
- virSecurityDriverStartup(virSecurityDriverPtr *drv,
-                         const char *name)
-+                         const char *name,
-+                         bool allowDiskFormatProbing)
- {
-     unsigned int i;
- 
-@@ -72,7 +73,7 @@ virSecurityDriverStartup(virSecurityDriverPtr *drv,
-         switch (tmp->probe()) {
-         case SECURITY_DRIVER_ENABLE:
-             virSecurityDriverInit(tmp);
-            if (tmp->open(tmp) == -1) {
-+            if (tmp->open(tmp, allowDiskFormatProbing) == -1) {
-                 return -1;
-             } else {
-                 *drv = tmp;
-@@ -125,3 +126,14 @@ virSecurityDriverGetModel(virSecurityDriverPtr drv)
- {
-     return drv->name;
- }
-+
-+void virSecurityDriverSetAllowDiskFormatProbing(virSecurityDriverPtr drv,
-+                                                bool allowDiskFormatProbing)
-+{
-+    drv->_private.allowDiskFormatProbing = allowDiskFormatProbing;
-+}
-+
-+bool virSecurityDriverGetAllowDiskFormatProbing(virSecurityDriverPtr drv)
-+{
-+    return drv->_private.allowDiskFormatProbing;
-+}
-diff --git a/src/security/security_driver.h b/src/security/security_driver.h
-index 61c9eb0..d768f32 100644
--- a/src/security/security_driver.h
-+++ b/src/security/security_driver.h
-@@ -33,7 +33,8 @@ typedef struct _virSecurityDriverState virSecurityDriverState;
- typedef virSecurityDriverState *virSecurityDriverStatePtr;
- 
- typedef virSecurityDriverStatus (*virSecurityDriverProbe) (void);
-typedef int (*virSecurityDriverOpen) (virSecurityDriverPtr drv);
-+typedef int (*virSecurityDriverOpen) (virSecurityDriverPtr drv,
-+                                      bool allowDiskFormatProbing);
- typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityDriverPtr drv,
-                                                    virDomainObjPtr vm,
-                                                    virDomainDiskDefPtr disk);
-@@ -102,12 +103,14 @@ struct _virSecurityDriver {
-      */
-     struct {
-         char doi[VIR_SECURITY_DOI_BUFLEN];
-+        bool allowDiskFormatProbing;
-     } _private;
- };
- 
- /* Global methods */
- int virSecurityDriverStartup(virSecurityDriverPtr *drv,
-                             const char *name);
-+                             const char *name,
-+                             bool allowDiskFormatProbing);
- 
- int
- virSecurityDriverVerify(virDomainDefPtr def);
-@@ -120,7 +123,10 @@ virSecurityDriverVerify(virDomainDefPtr def);
- void virSecurityDriverInit(virSecurityDriverPtr drv);
- int virSecurityDriverSetDOI(virSecurityDriverPtr drv,
-                             const char *doi);
-+void virSecurityDriverSetAllowDiskFormatProbing(virSecurityDriverPtr drv,
-+                                                bool allowDiskFormatProbing);
- const char *virSecurityDriverGetDOI(virSecurityDriverPtr drv);
- const char *virSecurityDriverGetModel(virSecurityDriverPtr drv);
-+bool virSecurityDriverGetAllowDiskFormatProbing(virSecurityDriverPtr drv);
- 
- #endif /* __VIR_SECURITY_H__ */
-diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
-index cc3812b..a9dd836 100644
--- a/src/security/security_selinux.c
-+++ b/src/security/security_selinux.c
-@@ -266,13 +266,15 @@ SELinuxSecurityDriverProbe(void)
- }
- 
- static int
-SELinuxSecurityDriverOpen(virSecurityDriverPtr drv)
-+SELinuxSecurityDriverOpen(virSecurityDriverPtr drv,
-+                          bool allowDiskFormatProbing)
- {
-     /*
-      * Where will the DOI come from?  SELinux configuration, or qemu
-      * configuration? For the moment, we'll just set it to "0".
-      */
-     virSecurityDriverSetDOI(drv, SECURITY_SELINUX_VOID_DOI);
-+    virSecurityDriverSetAllowDiskFormatProbing(drv, allowDiskFormatProbing);
-     return SELinuxInitialize();
- }
- 
-@@ -467,18 +469,19 @@ SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
- }
- 
- static int
-SELinuxSetSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
-+SELinuxSetSecurityImageLabel(virSecurityDriverPtr drv,
-                              virDomainObjPtr vm,
-                              virDomainDiskDefPtr disk)
- 
- {
-     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
-+    bool allowDiskFormatProbing = virSecurityDriverGetAllowDiskFormatProbing(drv);
- 
-     if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
-         return 0;
- 
-     return virDomainDiskDefForeachPath(disk,
-                                       true,
-+                                       allowDiskFormatProbing,
-                                        false,
-                                        SELinuxSetSecurityFileLabel,
-                                        secdef);
-diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
-index 9ed0cd3..521545d 100644
--- a/src/security/virt-aa-helper.c
-+++ b/src/security/virt-aa-helper.c
-@@ -40,6 +40,7 @@
- static char *progname;
- 
- typedef struct {
-+    bool allowDiskFormatProbing;
-     char uuid[PROFILE_NAME_SIZE];       /* UUID of vm */
-     bool dryrun;                /* dry run */
-     char cmd;                   /* 'c'   create
-@@ -844,7 +845,7 @@ get_files(vahControl * ctl)
- 
-     for (i = 0; i < ctl->def->ndisks; i++) {
-         int ret = virDomainDiskDefForeachPath(ctl->def->disks[i],
-                                              true,
-+                                              ctl->allowDiskFormatProbing,
-                                               false,
-                                               add_file_path,
-                                               &buf);
-@@ -943,6 +944,7 @@ vahParseArgv(vahControl * ctl, int argc, char **argv)
- {
-     int arg, idx = 0;
-     struct option opt[] = {
-+        {"probing", 1, 0, 'p' },
-         {"add", 0, 0, 'a'},
-         {"create", 0, 0, 'c'},
-         {"dryrun", 0, 0, 'd'},
-@@ -991,6 +993,12 @@ vahParseArgv(vahControl * ctl, int argc, char **argv)
-                     PROFILE_NAME_SIZE) == NULL)
-                     vah_error(ctl, 1, "error copying UUID");
-                 break;
-+            case 'p':
-+                if (STREQ(optarg, "1"))
-+                    ctl->allowDiskFormatProbing = true;
-+                else
-+                    ctl->allowDiskFormatProbing = false;
-+                break;
-             default:
-                 vah_error(ctl, 1, "unsupported option");
-                 break;
-diff --git a/tests/seclabeltest.c b/tests/seclabeltest.c
-index 26d1f86..ef3f026 100644
--- a/tests/seclabeltest.c
-+++ b/tests/seclabeltest.c
-@@ -15,7 +15,7 @@ main (int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED)
-     const char *doi, *model;
-     virSecurityDriverPtr security_drv;
- 
-    ret = virSecurityDriverStartup (&security_drv, "selinux");
-+    ret = virSecurityDriverStartup (&security_drv, "selinux", false);
-     if (ret == -1)
-     {
-         fprintf (stderr, "Failed to start security driver");
-- 
-1.7.1.1
-
@@ -1,94 +0,0 @@
-From 3534cd47a57ee9cf7041472511444784f14d6939 Mon Sep 17 00:00:00 2001
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Mon, 14 Jun 2010 16:08:55 +0100
-Subject: [PATCH 09/11] Add ability to set a default driver name/type when parsing disks
-
-Record a default driver name/type in capabilities struct. Use this
-when parsing disks if value is not set in XML config.
-
-* src/conf/capabilities.h: Record default driver name/type for disks
-* src/conf/domain_conf.c: Fallback to default driver name/type
-  when parsing disks
-* src/qemu/qemu_driver.c: Set default driver name/type to raw
---
- src/conf/capabilities.h |    2 ++
- src/conf/domain_conf.c  |   16 +++++++++++++++-
- src/qemu/qemu_driver.c  |    8 ++++++++
- 3 files changed, 25 insertions(+), 1 deletions(-)
-
-diff --git a/src/conf/capabilities.h b/src/conf/capabilities.h
-index 9290c82..f676eb8 100644
--- a/src/conf/capabilities.h
-+++ b/src/conf/capabilities.h
-@@ -123,6 +123,8 @@ struct _virCaps {
-     virCapsGuestPtr *guests;
-     unsigned char macPrefix[VIR_MAC_PREFIX_BUFLEN];
-     unsigned int emulatorRequired : 1;
-+    const char *defaultDiskDriverName;
-+    const char *defaultDiskDriverType;
-     void *(*privateDataAllocFunc)(void);
-     void (*privateDataFreeFunc)(void *);
-     int (*privateDataXMLFormat)(virBufferPtr, void *);
-diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
-index b20ca97..f3b8cfa 100644
--- a/src/conf/domain_conf.c
-+++ b/src/conf/domain_conf.c
-@@ -1639,6 +1639,16 @@ virDomainDiskDefParseXML(virCapsPtr caps,
-     def->serial = serial;
-     serial = NULL;
- 
-+    if (!def->driverType &&
-+        caps->defaultDiskDriverType &&
-+        !(def->driverType = strdup(caps->defaultDiskDriverType)))
-+        goto no_memory;
-+
-+    if (!def->driverName &&
-+        caps->defaultDiskDriverName &&
-+        !(def->driverName = strdup(caps->defaultDiskDriverName)))
-+        goto no_memory;
-+
-     if (def->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE
-         && virDomainDiskDefAssignAddress(caps, def) < 0)
-         goto error;
-@@ -1659,6 +1669,9 @@ cleanup:
- 
-     return def;
- 
-+no_memory:
-+    virReportOOMError();
-+
-  error:
-     virDomainDiskDefFree(def);
-     def = NULL;
-@@ -4275,7 +4288,8 @@ static virDomainDefPtr virDomainDefParseXML(virCapsPtr caps,
-     if (n && VIR_ALLOC_N(def->disks, n) < 0)
-         goto no_memory;
-     for (i = 0 ; i < n ; i++) {
-        virDomainDiskDefPtr disk = virDomainDiskDefParseXML(caps, nodes[i],
-+        virDomainDiskDefPtr disk = virDomainDiskDefParseXML(caps,
-+                                                            nodes[i],
-                                                             flags);
-         if (!disk)
-             goto error;
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index 3c479c5..14b790e 100644
--- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -1357,6 +1357,14 @@ qemuCreateCapabilities(virCapsPtr oldcaps,
-         return NULL;
-     }
- 
-+    if (driver->allowDiskFormatProbing) {
-+        caps->defaultDiskDriverName = NULL;
-+        caps->defaultDiskDriverType = NULL;
-+    } else {
-+        caps->defaultDiskDriverName = "qemu";
-+        caps->defaultDiskDriverType = "raw";
-+    }
-+
-     /* Domain XML parser hooks */
-     caps->privateDataAllocFunc = qemuDomainObjPrivateAlloc;
-     caps->privateDataFreeFunc = qemuDomainObjPrivateFree;
-- 
-1.7.1.1
-
@@ -1,291 +0,0 @@
-From 2ba8625d6d148fa489586efabdfaf2ef20903762 Mon Sep 17 00:00:00 2001
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Wed, 16 Jun 2010 14:14:05 +0100
-Subject: [PATCH 10/11] Rewrite qemu-img backing store format handling
-
-When creating qcow2 files with a backing store, it is important
-to set an explicit format to prevent QEMU probing. The storage
-backend was only doing this if it found a 'kvm-img' binary. This
-is wrong because plenty of kvm-img binaries don't support an
-explicit format, and plenty of 'qemu-img' binaries do support
-a format. The result was that most qcow2 files were not getting
-a backing store format.
-
-This patch runs 'qemu-img -h' to check for the two support
-argument formats
-
-  '-o backing_format=raw'
-  '-F raw'
-
-and use whichever option it finds
-
-* src/storage/storage_backend.c: Query binary to determine
-  how to set the backing store format
---
- src/storage/storage_backend.c |  214 +++++++++++++++++++++++++++++------------
- 1 files changed, 152 insertions(+), 62 deletions(-)
-
-diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
-index aba8937..c185693 100644
--- a/src/storage/storage_backend.c
-+++ b/src/storage/storage_backend.c
-@@ -561,6 +561,69 @@ static int virStorageBackendCreateExecCommand(virStoragePoolObjPtr pool,
-     return 0;
- }
- 
-+enum {
-+    QEMU_IMG_BACKING_FORMAT_NONE = 0,
-+    QEMU_IMG_BACKING_FORMAT_FLAG,
-+    QEMU_IMG_BACKING_FORMAT_OPTIONS,
-+};
-+
-+static int virStorageBackendQEMUImgBackingFormat(const char *qemuimg)
-+{
-+    const char *const qemuarg[] = { qemuimg, "-h", NULL };
-+    const char *const qemuenv[] = { "LC_ALL=C", NULL };
-+    pid_t child = 0;
-+    int status;
-+    int newstdout = -1;
-+    char *help = NULL;
-+    enum { MAX_HELP_OUTPUT_SIZE = 1024*8 };
-+    int len;
-+    char *start;
-+    char *end;
-+    char *tmp;
-+    int ret = -1;
-+
-+    if (virExec(qemuarg, qemuenv, NULL,
-+                &child, -1, &newstdout, NULL, VIR_EXEC_CLEAR_CAPS) < 0)
-+        goto cleanup;
-+
-+    if ((len = virFileReadLimFD(newstdout, MAX_HELP_OUTPUT_SIZE, &help)) < 0) {
-+        virReportSystemError(errno,
-+                             _("Unable to read '%s -h' output"),
-+                             qemuimg);
-+        goto cleanup;
-+    }
-+
-+    start = strstr(help, " create ");
-+    end = strstr(start, "\n");
-+    if ((tmp = strstr(start, "-F fmt")) && tmp < end)
-+        ret = QEMU_IMG_BACKING_FORMAT_FLAG;
-+    else if ((tmp = strstr(start, "[-o options]")) && tmp < end)
-+        ret = QEMU_IMG_BACKING_FORMAT_OPTIONS;
-+    else
-+        ret = QEMU_IMG_BACKING_FORMAT_NONE;
-+
-+cleanup:
-+    VIR_FREE(help);
-+    close(newstdout);
-+rewait:
-+    if (child) {
-+        if (waitpid(child, &status, 0) != child) {
-+            if (errno == EINTR)
-+                goto rewait;
-+
-+            VIR_ERROR(_("Unexpected exit status from qemu %d pid %lu"),
-+                      WEXITSTATUS(status), (unsigned long)child);
-+        }
-+        if (WEXITSTATUS(status) != 0) {
-+            VIR_WARN("Unexpected exit status '%d', qemu probably failed",
-+                     WEXITSTATUS(status));
-+        }
-+    }
-+
-+    return ret;
-+}
-+
-+
- static int
- virStorageBackendCreateQemuImg(virConnectPtr conn,
-                                virStoragePoolObjPtr pool,
-@@ -568,10 +631,9 @@ virStorageBackendCreateQemuImg(virConnectPtr conn,
-                                virStorageVolDefPtr inputvol,
-                                unsigned int flags ATTRIBUTE_UNUSED)
- {
-    int ret;
-+    int ret = -1;
-     char size[100];
-     char *create_tool;
-    short use_kvmimg;
- 
-     const char *type = virStorageFileFormatTypeToString(vol->target.format);
-     const char *backingType = vol->backingStore.path ?
-@@ -582,41 +644,10 @@ virStorageBackendCreateQemuImg(virConnectPtr conn,
-     const char *inputPath = inputvol ? inputvol->target.path : NULL;
-     /* Treat input block devices as 'raw' format */
-     const char *inputType = inputPath ?
-                            virStorageFileFormatTypeToString(inputvol->type == VIR_STORAGE_VOL_BLOCK ? VIR_STORAGE_FILE_RAW : inputvol->target.format) :
-                            NULL;
-
-    const char **imgargv;
-    /* The extra NULL field is for indicating encryption (-e). */
-    const char *imgargvnormal[] = {
-        NULL, "create",
-        "-f", type,
-        vol->target.path,
-        size,
-        NULL,
-        NULL
-    };
-    /* Extra NULL fields are for including "backingType" when using
-     * kvm-img (-F backingType), and for indicating encryption (-e).
-     */
-    const char *imgargvbacking[] = {
-        NULL, "create",
-        "-f", type,
-        "-b", vol->backingStore.path,
-        vol->target.path,
-        size,
-        NULL,
-        NULL,
-        NULL,
-        NULL
-    };
-    const char *convargv[] = {
-        NULL, "convert",
-        "-f", inputType,
-        "-O", type,
-        inputPath,
-        vol->target.path,
-        NULL,
-    };
-+        virStorageFileFormatTypeToString(inputvol->type == VIR_STORAGE_VOL_BLOCK ?
-+                                         VIR_STORAGE_FILE_RAW :
-+                                         inputvol->target.format) :
-+        NULL;
- 
-     if (type == NULL) {
-         virStorageReportError(VIR_ERR_INTERNAL_ERROR,
-@@ -690,44 +721,103 @@ virStorageBackendCreateQemuImg(virConnectPtr conn,
-         }
-     }
- 
-    if ((create_tool = virFindFileInPath("kvm-img")) != NULL)
-        use_kvmimg = 1;
-    else if ((create_tool = virFindFileInPath("qemu-img")) != NULL)
-        use_kvmimg = 0;
-    else {
-+    /* Size in KB */
-+    snprintf(size, sizeof(size), "%lluK", vol->capacity/1024);
-+
-+    /* KVM is usually ahead of qemu on features, so try that first */
-+    create_tool = virFindFileInPath("kvm-img");
-+    if (!create_tool)
-+        create_tool = virFindFileInPath("qemu-img");
-+
-+    if (!create_tool) {
-         virStorageReportError(VIR_ERR_INTERNAL_ERROR,
-                               "%s", _("unable to find kvm-img or qemu-img"));
-         return -1;
-     }
- 
-     if (inputvol) {
-        convargv[0] = create_tool;
-        imgargv = convargv;
-+        const char *imgargv[] = {
-+            create_tool,
-+            "convert",
-+            "-f", inputType,
-+            "-O", type,
-+            inputPath,
-+            vol->target.path,
-+            NULL,
-+        };
-+
-+        ret = virStorageBackendCreateExecCommand(pool, vol, imgargv);
-     } else if (vol->backingStore.path) {
-        imgargvbacking[0] = create_tool;
-        if (use_kvmimg) {
-            imgargvbacking[6] = "-F";
-            imgargvbacking[7] = backingType;
-            imgargvbacking[8] = vol->target.path;
-            imgargvbacking[9] = size;
-+        const char *imgargv[] = {
-+            create_tool,
-+            "create",
-+            "-f", type,
-+            "-b", vol->backingStore.path,
-+            NULL,
-+            NULL,
-+            NULL,
-+            NULL,
-+            NULL,
-+            NULL
-+        };
-+        int imgformat = virStorageBackendQEMUImgBackingFormat(create_tool);
-+        char *optflag = NULL;
-+        if (imgformat < 0)
-+            goto cleanup;
-+
-+        switch (imgformat) {
-+        case QEMU_IMG_BACKING_FORMAT_FLAG:
-+            imgargv[6] = "-F";
-+            imgargv[7] = backingType;
-+            imgargv[8] = vol->target.path;
-+            imgargv[9] = size;
-+            if (vol->target.encryption != NULL)
-+                imgargv[10] = "-e";
-+            break;
-+
-+        case QEMU_IMG_BACKING_FORMAT_OPTIONS:
-+            if (virAsprintf(&optflag, "backing_fmt=%s", backingType) < 0) {
-+                virReportOOMError();
-+                goto cleanup;
-+            }
-+            imgargv[6] = "-o";
-+            imgargv[7] = optflag;
-+            imgargv[8] = vol->target.path;
-+            imgargv[9] = size;
-             if (vol->target.encryption != NULL)
-                imgargvbacking[10] = "-e";
-        } else if (vol->target.encryption != NULL)
-            imgargvbacking[8] = "-e";
-        imgargv = imgargvbacking;
-+                imgargv[10] = "-e";
-+            break;
-+
-+        default:
-+            VIR_INFO("Unable to set backing store format for %s with %s",
-+                     vol->target.path, create_tool);
-+            imgargv[6] = vol->target.path;
-+            imgargv[7] = size;
-+            if (vol->target.encryption != NULL)
-+                imgargv[8] = "-e";
-+        }
-+
-+        ret = virStorageBackendCreateExecCommand(pool, vol, imgargv);
-+        VIR_FREE(optflag);
-     } else {
-        imgargvnormal[0] = create_tool;
-        imgargv = imgargvnormal;
-+        /* The extra NULL field is for indicating encryption (-e). */
-+        const char *imgargv[] = {
-+            create_tool,
-+            "create",
-+            "-f", type,
-+            vol->target.path,
-+            size,
-+            NULL,
-+            NULL
-+        };
-         if (vol->target.encryption != NULL)
-             imgargv[6] = "-e";
-    }
- 
-+        ret = virStorageBackendCreateExecCommand(pool, vol, imgargv);
-+    }
- 
-    /* Size in KB */
-    snprintf(size, sizeof(size), "%lluK", vol->capacity/1024);
-
-    ret = virStorageBackendCreateExecCommand(pool, vol, imgargv);
-    VIR_FREE(imgargv[0]);
-+    cleanup:
-+    VIR_FREE(create_tool);
- 
-     return ret;
- }
-- 
-1.7.1.1
-
@@ -1,165 +0,0 @@
-From d33f44c2e74de28c89b64cdc2c0a6564662e075c Mon Sep 17 00:00:00 2001
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Fri, 9 Jul 2010 11:28:40 +0100
-Subject: [PATCH 11/11] Use the extract backing store format in storage volume lookup
-
-The storage volume lookup code was probing for the backing store
-format, instead of using the format extracted from the file
-itself. This meant it could report in accurate information. If
-a format is included in the file, then use that in preference,
-with probing as a fallback.
-
-* src/storage/storage_backend_fs.c: Use extracted backing store
-  format
---
- src/storage/storage_backend_fs.c |   80 +++++++++++++++++---------------------
- 1 files changed, 36 insertions(+), 44 deletions(-)
-
-diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c
-index d3ac0fe..ffb0071 100644
--- a/src/storage/storage_backend_fs.c
-+++ b/src/storage/storage_backend_fs.c
-@@ -51,6 +51,7 @@
- static int
- virStorageBackendProbeTarget(virStorageVolTargetPtr target,
-                              char **backingStore,
-+                             int *backingStoreFormat,
-                              unsigned long long *allocation,
-                              unsigned long long *capacity,
-                              virStorageEncryptionPtr *encryption)
-@@ -58,6 +59,10 @@ virStorageBackendProbeTarget(virStorageVolTargetPtr target,
-     int fd, ret;
-     virStorageFileMetadata meta;
- 
-+    if (backingStore)
-+        *backingStore = NULL;
-+    if (backingStoreFormat)
-+        *backingStoreFormat = VIR_STORAGE_FILE_AUTO;
-     if (encryption)
-         *encryption = NULL;
- 
-@@ -89,22 +94,30 @@ virStorageBackendProbeTarget(virStorageVolTargetPtr target,
- 
-     close(fd);
- 
-    if (backingStore) {
-        *backingStore = meta.backingStore;
-        meta.backingStore = NULL;
-+    if (meta.backingStore) {
-+        if (backingStore) {
-+            *backingStore = meta.backingStore;
-+            meta.backingStore = NULL;
-+            if (meta.backingStoreFormat == VIR_STORAGE_FILE_AUTO) {
-+                if ((*backingStoreFormat = virStorageFileProbeFormat(*backingStore)) < 0) {
-+                    close(fd);
-+                    goto cleanup;
-+                }
-+            } else {
-+                *backingStoreFormat = meta.backingStoreFormat;
-+            }
-+        } else {
-+            VIR_FREE(meta.backingStore);
-+        }
-     }
- 
-    VIR_FREE(meta.backingStore);
-
-     if (capacity && meta.capacity)
-         *capacity = meta.capacity;
- 
-     if (encryption != NULL && meta.encrypted) {
-         if (VIR_ALLOC(*encryption) < 0) {
-             virReportOOMError();
-            if (backingStore)
-                VIR_FREE(*backingStore);
-            return -1;
-+            goto cleanup;
-         }
- 
-         switch (target->format) {
-@@ -124,6 +137,11 @@ virStorageBackendProbeTarget(virStorageVolTargetPtr target,
-     }
- 
-     return 0;
-+
-+cleanup:
-+    if (backingStore)
-+        VIR_FREE(*backingStore);
-+    return -1;
- }
- 
- #if WITH_STORAGE_FS
-@@ -585,6 +603,7 @@ virStorageBackendFileSystemRefresh(virConnectPtr conn ATTRIBUTE_UNUSED,
-     while ((ent = readdir(dir)) != NULL) {
-         int ret;
-         char *backingStore;
-+        int backingStoreFormat;
- 
-         if (VIR_ALLOC(vol) < 0)
-             goto no_memory;
-@@ -604,6 +623,7 @@ virStorageBackendFileSystemRefresh(virConnectPtr conn ATTRIBUTE_UNUSED,
- 
-         if ((ret = virStorageBackendProbeTarget(&vol->target,
-                                                 &backingStore,
-+                                                &backingStoreFormat,
-                                                 &vol->allocation,
-                                                 &vol->capacity,
-                                                 &vol->target.encryption)) < 0) {
-@@ -619,46 +639,18 @@ virStorageBackendFileSystemRefresh(virConnectPtr conn ATTRIBUTE_UNUSED,
-         }
- 
-         if (backingStore != NULL) {
-            if (vol->target.format == VIR_STORAGE_FILE_QCOW2 &&
-                STRPREFIX("fmt:", backingStore)) {
-                char *fmtstr = backingStore + 4;
-                char *path = strchr(fmtstr, ':');
-                if (!path) {
-                    VIR_FREE(backingStore);
-                } else {
-                    *path = '\0';
-                    if ((vol->backingStore.format =
-                         virStorageFileFormatTypeFromString(fmtstr)) < 0) {
-                        VIR_FREE(backingStore);
-                    } else {
-                        memmove(backingStore, path, strlen(path) + 1);
-                        vol->backingStore.path = backingStore;
-
-                        if (virStorageBackendUpdateVolTargetInfo(&vol->backingStore,
-                                                                 NULL,
-                                                                 NULL) < 0)
-                            VIR_FREE(vol->backingStore);
-                    }
-                }
-            } else {
-                vol->backingStore.path = backingStore;
-
-                if ((ret = virStorageBackendProbeTarget(&vol->backingStore,
-                                                        NULL, NULL, NULL,
-                                                        NULL)) < 0) {
-                    if (ret == -1)
-                        goto cleanup;
-                    else {
-                        /* Silently ignore non-regular files,
-                         * eg '.' '..', 'lost+found' */
-                        VIR_FREE(vol->backingStore);
-                    }
-                }
-+            vol->backingStore.path = backingStore;
-+            vol->backingStore.format = backingStoreFormat;
-+
-+            if (virStorageBackendUpdateVolTargetInfo(&vol->backingStore,
-+                                                     NULL,
-+                                                     NULL) < 0) {
-+                VIR_FREE(vol->backingStore.path);
-+                goto cleanup;
-             }
-         }
- 
- 
-
-         if (VIR_REALLOC_N(pool->volumes.objs,
-                           pool->volumes.count+1) < 0)
-             goto no_memory;
-- 
-1.7.1.1
-
@@ -1,265 +0,0 @@
-From 112a309bc7839e95c558b535143f855ce89cca8c Mon Sep 17 00:00:00 2001
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Thu, 10 Jun 2010 12:50:38 -0400
-Subject: [PATCH] CVE-2010-2242 Apply a source port mapping to virtual network masquerading
-
-IPtables will seek to preserve the source port unchanged when
-doing masquerading, if possible. NFS has a pseudo-security
-option where it checks for the source port <= 1023 before
-allowing a mount request. If an admin has used this to make the
-host OS trusted for mounts, the default iptables behaviour will
-potentially allow NAT'd guests access too. This needs to be
-stopped.
-
-With this change, the iptables -t nat -L -n -v rules for the
-default network will be
-
-Chain POSTROUTING (policy ACCEPT 95 packets, 9163 bytes)
- pkts bytes target     prot opt in     out     source               destination
-   14   840 MASQUERADE  tcp  --  *      *       192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535
-   75  5752 MASQUERADE  udp  --  *      *       192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535
-    0     0 MASQUERADE  all  --  *      *       192.168.122.0/24    !192.168.122.0/24
-
-* src/network/bridge_driver.c: Add masquerade rules for TCP
-  and UDP protocols
-* src/util/iptables.c, src/util/iptables.c: Add source port
-  mappings for TCP & UDP protocols when masquerading.
---
- src/network/bridge_driver.c |   73 ++++++++++++++++++++++++++++++++++++++++--
- src/util/iptables.c         |   70 +++++++++++++++++++++++++++++------------
- src/util/iptables.h         |    6 ++-
- 3 files changed, 122 insertions(+), 27 deletions(-)
-
-diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
-index 72255c1..80ed57a 100644
--- a/src/network/bridge_driver.c
-+++ b/src/network/bridge_driver.c
-@@ -638,18 +638,74 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
-         goto masqerr2;
-     }
- 
-    /* enable masquerading */
-+    /*
-+     * Enable masquerading.
-+     *
-+     * We need to end up with 3 rules in the table in this order
-+     *
-+     *  1. protocol=tcp with sport mapping restricton
-+     *  2. protocol=udp with sport mapping restricton
-+     *  3. generic any protocol
-+     *
-+     * The sport mappings are required, because default IPtables
-+     * MASQUERADE is maintain port number unchanged where possible.
-+     *
-+     * NFS can be configured to only "trust" port numbers < 1023.
-+     *
-+     * Guests using NAT thus need to be prevented from having port
-+     * numbers < 1023, otherwise they can bypass the NFS "security"
-+     * check on the source port number.
-+     *
-+     * Since we use '--insert' to add rules to the header of the
-+     * chain, we actually need to add them in the reverse of the
-+     * order just mentioned !
-+     */
-+
-+    /* First the generic masquerade rule for other protocols */
-     if ((err = iptablesAddForwardMasquerade(driver->iptables,
-                                             network->def->network,
-                                            network->def->forwardDev))) {
-+                                            network->def->forwardDev,
-+                                            NULL))) {
-         virReportSystemError(err,
-                              _("failed to add iptables rule to enable masquerading to '%s'"),
-                              network->def->forwardDev ? network->def->forwardDev : NULL);
-         goto masqerr3;
-     }
- 
-+    /* UDP with a source port restriction */
-+    if ((err = iptablesAddForwardMasquerade(driver->iptables,
-+                                            network->def->network,
-+                                            network->def->forwardDev,
-+                                            "udp"))) {
-+        virReportSystemError(err,
-+                             _("failed to add iptables rule to enable UDP masquerading to '%s'"),
-+                             network->def->forwardDev ? network->def->forwardDev : NULL);
-+        goto masqerr4;
-+    }
-+
-+    /* TCP with a source port restriction */
-+    if ((err = iptablesAddForwardMasquerade(driver->iptables,
-+                                            network->def->network,
-+                                            network->def->forwardDev,
-+                                            "tcp"))) {
-+        virReportSystemError(err,
-+                             _("failed to add iptables rule to enable TCP masquerading to '%s'"),
-+                             network->def->forwardDev ? network->def->forwardDev : NULL);
-+        goto masqerr5;
-+    }
-+
-     return 1;
- 
-+ masqerr5:
-+    iptablesRemoveForwardMasquerade(driver->iptables,
-+                                    network->def->network,
-+                                    network->def->forwardDev,
-+                                    "udp");
-+ masqerr4:
-+    iptablesRemoveForwardMasquerade(driver->iptables,
-+                                    network->def->network,
-+                                    network->def->forwardDev,
-+                                    NULL);
-  masqerr3:
-     iptablesRemoveForwardAllowRelatedIn(driver->iptables,
-                                  network->def->network,
-@@ -814,8 +870,17 @@ networkRemoveIptablesRules(struct network_driver *driver,
-     if (network->def->forwardType != VIR_NETWORK_FORWARD_NONE) {
-         if (network->def->forwardType == VIR_NETWORK_FORWARD_NAT) {
-             iptablesRemoveForwardMasquerade(driver->iptables,
-                                                network->def->network,
-                                                network->def->forwardDev);
-+                                            network->def->network,
-+                                            network->def->forwardDev,
-+                                            "tcp");
-+            iptablesRemoveForwardMasquerade(driver->iptables,
-+                                            network->def->network,
-+                                            network->def->forwardDev,
-+                                            "udp");
-+            iptablesRemoveForwardMasquerade(driver->iptables,
-+                                            network->def->network,
-+                                            network->def->forwardDev,
-+                                            NULL);
-             iptablesRemoveForwardAllowRelatedIn(driver->iptables,
-                                                 network->def->network,
-                                                 network->def->bridge,
-diff --git a/src/util/iptables.c b/src/util/iptables.c
-index d06b857..f63e8c6 100644
--- a/src/util/iptables.c
-+++ b/src/util/iptables.c
-@@ -692,25 +692,49 @@ iptablesRemoveForwardRejectIn(iptablesContext *ctx,
-  */
- static int
- iptablesForwardMasquerade(iptablesContext *ctx,
-                       const char *network,
-                       const char *physdev,
-                       int action)
-+                          const char *network,
-+                          const char *physdev,
-+                          const char *protocol,
-+                          int action)
- {
-    if (physdev && physdev[0]) {
-        return iptablesAddRemoveRule(ctx->nat_postrouting,
-                                     action,
-                                     "--source", network,
-                                     "!", "--destination", network,
-                                     "--out-interface", physdev,
-                                     "--jump", "MASQUERADE",
-                                     NULL);
-+    if (protocol && protocol[0]) {
-+        if (physdev && physdev[0]) {
-+            return iptablesAddRemoveRule(ctx->nat_postrouting,
-+                                         action,
-+                                         "--source", network,
-+                                         "-p", protocol,
-+                                         "!", "--destination", network,
-+                                         "--out-interface", physdev,
-+                                         "--jump", "MASQUERADE",
-+                                         "--to-ports", "1024-65535",
-+                                         NULL);
-+        } else {
-+            return iptablesAddRemoveRule(ctx->nat_postrouting,
-+                                         action,
-+                                         "--source", network,
-+                                         "-p", protocol,
-+                                         "!", "--destination", network,
-+                                         "--jump", "MASQUERADE",
-+                                         "--to-ports", "1024-65535",
-+                                         NULL);
-+        }
-     } else {
-        return iptablesAddRemoveRule(ctx->nat_postrouting,
-                                     action,
-                                     "--source", network,
-                                     "!", "--destination", network,
-                                     "--jump", "MASQUERADE",
-                                     NULL);
-+        if (physdev && physdev[0]) {
-+            return iptablesAddRemoveRule(ctx->nat_postrouting,
-+                                         action,
-+                                         "--source", network,
-+                                         "!", "--destination", network,
-+                                         "--out-interface", physdev,
-+                                         "--jump", "MASQUERADE",
-+                                         NULL);
-+        } else {
-+            return iptablesAddRemoveRule(ctx->nat_postrouting,
-+                                         action,
-+                                         "--source", network,
-+                                         "!", "--destination", network,
-+                                         "--jump", "MASQUERADE",
-+                                         NULL);
-+        }
-     }
- }
- 
-@@ -719,6 +743,7 @@ iptablesForwardMasquerade(iptablesContext *ctx,
-  * @ctx: pointer to the IP table context
-  * @network: the source network name
-  * @physdev: the physical input device or NULL
-+ * @protocol: the network protocol or NULL
-  *
-  * Add rules to the IP table context to allow masquerading
-  * network @network on @physdev. This allow the bridge to
-@@ -729,9 +754,10 @@ iptablesForwardMasquerade(iptablesContext *ctx,
- int
- iptablesAddForwardMasquerade(iptablesContext *ctx,
-                              const char *network,
-                             const char *physdev)
-+                             const char *physdev,
-+                             const char *protocol)
- {
-    return iptablesForwardMasquerade(ctx, network, physdev, ADD);
-+    return iptablesForwardMasquerade(ctx, network, physdev, protocol, ADD);
- }
- 
- /**
-@@ -739,6 +765,7 @@ iptablesAddForwardMasquerade(iptablesContext *ctx,
-  * @ctx: pointer to the IP table context
-  * @network: the source network name
-  * @physdev: the physical input device or NULL
-+ * @protocol: the network protocol or NULL
-  *
-  * Remove rules from the IP table context to stop masquerading
-  * network @network on @physdev. This stops the bridge from
-@@ -749,7 +776,8 @@ iptablesAddForwardMasquerade(iptablesContext *ctx,
- int
- iptablesRemoveForwardMasquerade(iptablesContext *ctx,
-                                 const char *network,
-                                const char *physdev)
-+                                const char *physdev,
-+                                const char *protocol)
- {
-    return iptablesForwardMasquerade(ctx, network, physdev, REMOVE);
-+    return iptablesForwardMasquerade(ctx, network, physdev, protocol, REMOVE);
- }
-diff --git a/src/util/iptables.h b/src/util/iptables.h
-index 7d55a6d..b47d854 100644
--- a/src/util/iptables.h
-+++ b/src/util/iptables.h
-@@ -85,9 +85,11 @@ int              iptablesRemoveForwardRejectIn   (iptablesContext *ctx,
- 
- int              iptablesAddForwardMasquerade    (iptablesContext *ctx,
-                                                   const char *network,
-                                                  const char *physdev);
-+                                                  const char *physdev,
-+                                                  const char *protocol);
- int              iptablesRemoveForwardMasquerade (iptablesContext *ctx,
-                                                   const char *network,
-                                                  const char *physdev);
-+                                                  const char *physdev,
-+                                                  const char *protocol);
- 
- #endif /* __QEMUD_IPTABLES_H__ */
-- 
-1.6.6.1
-
@@ -1 +1 @@
-14164638fe0e7f65e425acc85dabc517  libvirt-0.8.2.tar.gz
+05f461cd499c628ef07822dd607c340a  libvirt-1.2.13.2.tar.gz