Re: [libvirt] [PATCH 0/12] Improve security driver handling & QEMU DAC management

This patch series does some work on te security drivers, and the QEMU code for managing DAC permissions on files. The core goal is to turn the QEMU driver DAC file management code into a security driver. Instead of QEMU calling into the SELinux/AppArmour drivers directly, a stacked driver module is introduced. This delegates all operations to first the QEMU DAC driver, and then the main SELinux/AppArmour driver. The end result is that all the permissions management code is removed from the QEMU driver, and we're left with just simple security driver calls. In the process of this a number of flaws in the current hotplug code were found, and code was generally tidied up with a view to making it easier to manage. Finally, we add the ability to turn off the QEMU DAC file managment code, and also deal gracefully with failures to change ownership (eg on NFS with root squash, or readonly FS).