pool/libvirt
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- fix leak after listing all volumes - CVE-2013-1962

Browse Source 
ca697e90-CVE-2013-1962.patch
  bnc#820397
- Fix iohelper usage with streams opened for read
  a2214c52-iohelper.patch
- Cope with missing swap cgroup controls
  f493d83f-cgroup-swap-control.patch
  bnc#819976
- Fix cgroup handling when setting VCPU BW
  0471637d-cgroups-vcpu-bw.patch
  rhb#963592
- Escape a leading '.' with '_' in the cgroup names
  0ced83dc-cgroup-escape-dot.patch
- Add missing documentation on new cgroup layout
  486a86eb-cgroups-docs.patch
- Another fix related to systems with no cgroups
  c2cf5f1c-no-cgroups-fix.patch
  bnc#819963

OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=264
This commit is contained in:
James Fehlig 2013-05-18 15:17:46 +00:00 committed by Git OBS Bridge
parent d820fe0d40
commit 8806eb20b1
10 changed files with 581 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
0471637d-cgroups-vcpu-bw.patch Normal file
View File

@ -0,0 +1,63 @@
commit 0471637d5628106d058f0eb5516ffa7d5285cc6f
Author: Martin Kletzander <mkletzan@redhat.com>
Date: Thu May 16 14:37:54 2013 +0200
qemu: Fix cgroup handling when setting VCPU BW
Commit 632f78c introduced a regression which causes schedinfo being
unable to set some parameters. When migrating to priv->cgroup there
was missing variable left out and due to passed NULL to underlying
function, the setting failed.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=963592
Index: libvirt-1.0.5/src/qemu/qemu_driver.c
===================================================================
--- libvirt-1.0.5.orig/src/qemu/qemu_driver.c
+++ libvirt-1.0.5/src/qemu/qemu_driver.c
@@ -7721,7 +7721,6 @@ qemuDomainSetSchedulerParametersFlags(vi
{
virQEMUDriverPtr driver = dom->conn->privateData;
int i;
- virCgroupPtr group = NULL;
virDomainObjPtr vm = NULL;
virDomainDefPtr vmdef = NULL;
unsigned long long value_ul;
@@ -7799,7 +7798,7 @@ qemuDomainSetSchedulerParametersFlags(vi
QEMU_SCHED_MIN_PERIOD, QEMU_SCHED_MAX_PERIOD);
if (flags & VIR_DOMAIN_AFFECT_LIVE && value_ul) {
- if ((rc = qemuSetVcpusBWLive(vm, group, value_ul, 0)))
+ if ((rc = qemuSetVcpusBWLive(vm, priv->cgroup, value_ul, 0)))
goto cleanup;
vm->def->cputune.period = value_ul;
@@ -7813,7 +7812,7 @@ qemuDomainSetSchedulerParametersFlags(vi
QEMU_SCHED_MIN_QUOTA, QEMU_SCHED_MAX_QUOTA);
if (flags & VIR_DOMAIN_AFFECT_LIVE && value_l) {
- if ((rc = qemuSetVcpusBWLive(vm, group, 0, value_l)))
+ if ((rc = qemuSetVcpusBWLive(vm, priv->cgroup, 0, value_l)))
goto cleanup;
vm->def->cputune.quota = value_l;
@@ -7827,7 +7826,8 @@ qemuDomainSetSchedulerParametersFlags(vi
QEMU_SCHED_MIN_PERIOD, QEMU_SCHED_MAX_PERIOD);
if (flags & VIR_DOMAIN_AFFECT_LIVE && value_ul) {
- if ((rc = qemuSetEmulatorBandwidthLive(vm, group, value_ul, 0)))
+ if ((rc = qemuSetEmulatorBandwidthLive(vm, priv->cgroup,
+ value_ul, 0)))
goto cleanup;
vm->def->cputune.emulator_period = value_ul;
@@ -7841,7 +7841,8 @@ qemuDomainSetSchedulerParametersFlags(vi
QEMU_SCHED_MIN_QUOTA, QEMU_SCHED_MAX_QUOTA);
if (flags & VIR_DOMAIN_AFFECT_LIVE && value_l) {
- if ((rc = qemuSetEmulatorBandwidthLive(vm, group, 0, value_l)))
+ if ((rc = qemuSetEmulatorBandwidthLive(vm, priv->cgroup,
+ 0, value_l)))
goto cleanup;
vm->def->cputune.emulator_quota = value_l;

24
0ced83dc-cgroup-escape-dot.patch Normal file
View File

@ -0,0 +1,24 @@
commit 0ced83dcfbb19af1201202e1af0a7073c338aabd
Author: Daniel P. Berrange <berrange@redhat.com>
Date: Fri May 3 20:56:50 2013 +0100
Escaping leading '.' in cgroup names
Escaping a leading '.' with '_' in the cgroup names
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Index: libvirt-1.0.5/src/util/vircgroup.c
===================================================================
--- libvirt-1.0.5.orig/src/util/vircgroup.c
+++ libvirt-1.0.5/src/util/vircgroup.c
@@ -1106,7 +1106,8 @@ static int virCgroupPartitionNeedsEscapi
if (STRPREFIX(path, "cgroup."))
return 1;
- if (path[0] == '_')
+ if (path[0] == '_' ||
+ path[0] == '.')
return 1;
if (!(fp = fopen("/proc/cgroups", "r")))

317
486a86eb-cgroups-docs.patch Normal file
View File

@ -0,0 +1,317 @@
commit 486a86eb184c008c5957fb68c63f163289f3344b
Author: Daniel P. Berrange <berrange@redhat.com>
Date: Fri May 3 16:58:26 2013 +0100
Add docs about cgroups layout and usage
Describe the new cgroups layout, how to customize placement
of guests and what virsh commands are used to access the
parameters.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Index: libvirt-1.0.5/docs/cgroups.html.in
===================================================================
--- /dev/null
+++ libvirt-1.0.5/docs/cgroups.html.in
@@ -0,0 +1,285 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <body>
+ <h1>Control Groups Resource Management</h1>
+
+ <ul id="toc"></ul>
+
+ <p>
+ The QEMU and LXC drivers make use of the Linux "Control Groups" facility
+ for applying resource management to their virtual machines and containers.
+ </p>
+
+ <h2><a name="requiredControllers">Required controllers</a></h2>
+
+ <p>
+ The control groups filesystem supports multiple "controllers". By default
+ the init system (such as systemd) should mount all controllers compiled
+ into the kernel at <code>/sys/fs/cgroup/$CONTROLLER-NAME</code>. Libvirt
+ will never attempt to mount any controllers itself, merely detect where
+ they are mounted.
+ </p>
+
+ <p>
+ The QEMU driver is capable of using the <code>cpuset</code>,
+ <code>cpu</code>, <code>memory</code>, <code>blkio</code> and
+ <code>devices</code> controllers. None of them are compulsory.
+ If any controller is not mounted, the resource management APIs
+ which use it will cease to operate. It is possible to explicitly
+ turn off use of a controller, even when mounted, via the
+ <code>/etc/libvirt/qemu.conf</code> configuration file.
+ </p>
+
+ <p>
+ The LXC driver is capable of using the <code>cpuset</code>,
+ <code>cpu</code>, <code>cpuset</code>, <code>freezer</code>,
+ <code>memory</code>, <code>blkio</code> and <code>devices</code>
+ controllers. The <code>cpuset</code>, <code>devices</code>
+ and <code>memory</code> controllers are compulsory. Without
+ them mounted, no containers can be started. If any of the
+ other controllers are not mounted, the resource management APIs
+ which use them will cease to operate.
+ </p>
+
+ <h2><a name="currentLayout">Current cgroups layout</a></h2>
+
+ <p>
+ As of libvirt 1.0.5 or later, the cgroups layout created by libvirt has been
+ simplified, in order to facilitate the setup of resource control policies by
+ administrators / management applications. The layout is based on the concepts of
+ "partitions" and "consumers". Each virtual machine or container is a consumer,
+ and has a corresponding cgroup named <code>$VMNAME.libvirt-{qemu,lxc}</code>.
+ Each consumer is associated with exactly one partition, which also have a
+ corresponding cgroup usually named <code>$PARTNAME.partition</code>. The
+ exceptions to this naming rule are the three top level default partitions,
+ named <code>/system</code> (for system services), <code>/user</code> (for
+ user login sessions) and <code>/machine</code> (for virtual machines and
+ containers). By default every consumer will of course be associated with
+ the <code>/machine</code> partition. This leads to a hierarchy that looks
+ like
+ </p>
+
+ <pre>
+$ROOT
+ |
+ +- system
+ | |
+ | +- libvirtd.service
+ |
+ +- machine
+ |
+ +- vm1.libvirt-qemu
+ | |
+ | +- emulator
+ | +- vcpu0
+ | +- vcpu1
+ |
+ +- vm2.libvirt-qemu
+ | |
+ | +- emulator
+ | +- vcpu0
+ | +- vcpu1
+ |
+ +- vm3.libvirt-qemu
+ | |
+ | +- emulator
+ | +- vcpu0
+ | +- vcpu1
+ |
+ +- container1.libvirt-lxc
+ |
+ +- container2.libvirt-lxc
+ |
+ +- container3.libvirt-lxc
+ </pre>
+
+ <p>
+ The default cgroups layout ensures that, when there is contention for
+ CPU time, it is shared equally between system services, user sessions
+ and virtual machines / containers. This prevents virtual machines from
+ locking the administrator out of the host, or impacting execution of
+ system services. Conversely, when there is no contention from
+ system services / user sessions, it is possible for virtual machines
+ to fully utilize the host CPUs.
+ </p>
+
+ <h2><a name="customPartiton">Using custom partitions</a></h2>
+
+ <p>
+ If there is a need to apply resource constraints to groups of
+ virtual machines or containers, then the single default
+ partition <code>/machine</code> may not be sufficiently
+ flexible. The administrator may wish to sub-divide the
+ default partition, for example into "testing" and "production"
+ partitions, and then assign each guest to a specific
+ sub-partition. This is achieved via a small element addition
+ to the guest domain XML config, just below the main <code>domain</code>
+ element
+ </p>
+
+ <pre>
+ ...
+ &lt;resource&gt;
+ &lt;partition&gt;/machine/production&lt;/partition&gt;
+ &lt;/resource&gt;
+ ...
+ </pre>
+
+ <p>
+ Libvirt will not auto-create the cgroups directory to back
+ this partition. In the future, libvirt / virsh will provide
+ APIs / commands to create custom partitions, but currently
+ this is left as an exercise for the administrator. For
+ example, given the XML config above, the admin would need
+ to create a cgroup named '/machine/production.partition'
+ </p>
+
+ <pre>
+# cd /sys/fs/cgroup
+# for i in blkio cpu,cpuacct cpuset devices freezer memory net_cls perf_event
+ do
+ mkdir $i/machine/production.partition
+ done
+# for i in cpuset.cpus cpuset.mems
+ do
+ cat cpuset/machine/$i > cpuset/machine/production.partition/$i
+ done
+</pre>
+
+ <p>
+ <strong>Note:</strong> the cgroups directory created as a ".partition"
+ suffix, but the XML config does not require this suffix.
+ </p>
+
+ <p>
+ <strong>Note:</strong> the ability to place guests in custom
+ partitions is only available with libvirt &gt;= 1.0.5, using
+ the new cgroup layout. The legacy cgroups layout described
+ later did not support customization per guest.
+ </p>
+
+ <h2><a name="resourceAPIs">Resource management APIs/commands</a></h2>
+
+ <p>
+ Since libvirt aims to provide an API which is portable across
+ hypervisors, the concept of cgroups is not exposed directly
+ in the API or XML configuration. It is considered to be an
+ internal implementation detail. Instead libvirt provides a
+ set of APIs for applying resource controls, which are then
+ mapped to corresponding cgroup tunables
+ </p>
+
+ <h3>Scheduler tuning</h3>
+
+ <p>
+ Parameters from the "cpu" controller are exposed via the
+ <code>schedinfo</code> command in virsh.
+ </p>
+
+ <pre>
+# virsh schedinfo demo
+Scheduler : posix
+cpu_shares : 1024
+vcpu_period : 100000
+vcpu_quota : -1
+emulator_period: 100000
+emulator_quota : -1</pre>
+
+
+ <h3>Block I/O tuning</h3>
+
+ <p>
+ Parameters from the "blkio" controller are exposed via the
+ <code>bkliotune</code> command in virsh.
+ </p>
+
+
+ <pre>
+# virsh blkiotune demo
+weight : 500
+device_weight : </pre>
+
+ <h3>Memory tuning</h3>
+
+ <p>
+ Parameters from the "memory" controller are exposed via the
+ <code>memtune</code> command in virsh.
+ </p>
+
+ <pre>
+# virsh memtune demo
+hard_limit : 580192
+soft_limit : unlimited
+swap_hard_limit: unlimited
+ </pre>
+
+ <h3>Network tuning</h3>
+
+ <p>
+ The <code>net_cls</code> is not currently used. Instead traffic
+ filter policies are set directly against individual virtual
+ network interfaces.
+ </p>
+
+ <h2><a name="legacyLayout">Legacy cgroups layout</a></h2>
+
+ <p>
+ Prior to libvirt 1.0.5, the cgroups layout created by libvirt was different
+ from that described above, and did not allow for administrator customization.
+ Libvirt used a fixed, 3-level hierarchy <code>libvirt/{qemu,lxc}/$VMNAME</code>
+ which was rooted at the point in the hierarchy where libvirtd itself was
+ located. So if libvirtd was placed at <code>/system/libvirtd.service</code>
+ by systemd, the groups for each virtual machine / container would be located
+ at <code>/system/libvirtd.service/libvirt/{qemu,lxc}/$VMNAME</code>. In addition
+ to this, the QEMU drivers further child groups for each vCPU thread and the
+ emulator thread(s). This leads to a hierarchy that looked like
+ </p>
+
+
+ <pre>
+$ROOT
+ |
+ +- system
+ |
+ +- libvirtd.service
+ |
+ +- libvirt
+ |
+ +- qemu
+ | |
+ | +- vm1
+ | | |
+ | | +- emulator
+ | | +- vcpu0
+ | | +- vcpu1
+ | |
+ | +- vm2
+ | | |
+ | | +- emulator
+ | | +- vcpu0
+ | | +- vcpu1
+ | |
+ | +- vm3
+ | |
+ | +- emulator
+ | +- vcpu0
+ | +- vcpu1
+ |
+ +- lxc
+ |
+ +- container1
+ |
+ +- container2
+ |
+ +- container3
+ </pre>
+
+ <p>
+ Although current releases are much improved, historically the use of deep
+ hierarchies has had a significant negative impact on the kernel scalability.
+ The legacy libvirt cgroups layout highlighted these problems, to the detriment
+ of the performance of virtual machines and containers.
+ </p>
+ </body>
+</html>
Index: libvirt-1.0.5/docs/sitemap.html.in
===================================================================
--- libvirt-1.0.5.orig/docs/sitemap.html.in
+++ libvirt-1.0.5/docs/sitemap.html.in
@@ -87,6 +87,10 @@
<span>Ensuring exclusive guest access to disks</span>
</li>
<li>
+ <a href="cgroups.html">CGroups</a>
+ <span>Control groups integration</span>
+ </li>
+ <li>
<a href="hooks.html">Hooks</a>
<span>Hooks for system specific management</span>
</li>

28
a2214c52-iohelper.patch Normal file
View File

@ -0,0 +1,28 @@
commit a2214c5257d3bd7b086ce04aca1648e8ff05ee96
Author: Daniel P. Berrange <berrange@redhat.com>
Date: Fri May 10 14:45:05 2013 +0100
Fix iohelper usage with streams opened for read
In b2878ed860ceceec3cd6481424fed0b543b687cd we added the O_NOCTTY
flag when opening files in the stream code. Unfortunately a later
piece of code was comparing the flags == O_RDONLY, without masking
out the non-access mode flags. This broke the iohelper when used
with streams for read, since it caused us to attach the stream
output pipe to the stream input FD instead of output FD :-(
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Index: libvirt-1.0.5/src/fdstream.c
===================================================================
--- libvirt-1.0.5.orig/src/fdstream.c
+++ libvirt-1.0.5/src/fdstream.c
@@ -640,7 +640,7 @@ virFDStreamOpenFileInternal(virStreamPtr
virCommandTransferFD(cmd, fd);
virCommandAddArgFormat(cmd, "%d", fd);
- if (oflags == O_RDONLY) {
+ if ((oflags & O_ACCMODE) == O_RDONLY) {
childfd = fds[1];
fd = fds[0];
virCommandSetOutputFD(cmd, &childfd);

6
bbe97ae9-no-cgroups.patch
View File

@ -39,7 +39,7 @@ Index: libvirt-1.0.5/src/util/vircgroup.c
===================================================================
--- libvirt-1.0.5.orig/src/util/vircgroup.c
+++ libvirt-1.0.5/src/util/vircgroup.c
@@ -1167,14 +1167,14 @@ static int virCgroupPartitionEscape(char
@@ -1168,14 +1168,14 @@ static int virCgroupPartitionEscape(char
return 0;
}
@ -57,7 +57,7 @@ Index: libvirt-1.0.5/src/util/vircgroup.c
for (i = 0 ; tokens[i] != NULL ; i++) {
/* Whitelist the 3 top level fixed dirs
@@ -1193,20 +1193,27 @@ static char *virCgroupSetPartitionSuffix
@@ -1194,20 +1194,27 @@ static char *virCgroupSetPartitionSuffix
!strchr(tokens[i], '.')) {
if (VIR_REALLOC_N(tokens[i],
strlen(tokens[i]) + strlen(".partition") + 1) < 0) {
@ -88,7 +88,7 @@ Index: libvirt-1.0.5/src/util/vircgroup.c
cleanup:
virStringFreeList(tokens);
@@ -1241,9 +1248,9 @@ int virCgroupNewPartition(const char *pa
@@ -1242,9 +1249,9 @@ int virCgroupNewPartition(const char *pa
/* XXX convert all cgroups APIs to use error report
* APIs instead of returning errno */

49
c2cf5f1c-no-cgroups-fix.patch Normal file
View File

@ -0,0 +1,49 @@
commit c2cf5f1c2abc81d607abe34bf5dc4c615a9b8b4d
Author: Daniel P. Berrange <berrange@redhat.com>
Date: Thu May 16 18:47:07 2013 +0100
Fix failure to detect missing cgroup partitions
Change bbe97ae968eba60b71e0066d49f9fc909966d9d6 caused the
QEMU driver to ignore ENOENT errors from cgroups, in order
to cope with missing /proc/cgroups. This is not good though
because many other things can cause ENOENT and should not
be ignored. The callers expect to see ENXIO when cgroups
are not present, so adjust the code to report that errno
when /proc/cgroups is missing
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Index: libvirt-1.0.5/src/qemu/qemu_cgroup.c
===================================================================
--- libvirt-1.0.5.orig/src/qemu/qemu_cgroup.c
+++ libvirt-1.0.5/src/qemu/qemu_cgroup.c
@@ -415,8 +415,7 @@ int qemuInitCgroup(virQEMUDriverPtr driv
if (rc != 0) {
if (rc == -ENXIO ||
rc == -EPERM ||
- rc == -EACCES ||
- rc == -ENOENT) { /* No cgroups mounts == success */
+ rc == -EACCES) { /* No cgroups mounts == success */
VIR_DEBUG("No cgroups present/configured/accessible, ignoring error");
goto done;
}
Index: libvirt-1.0.5/src/util/vircgroup.c
===================================================================
--- libvirt-1.0.5.orig/src/util/vircgroup.c
+++ libvirt-1.0.5/src/util/vircgroup.c
@@ -1110,8 +1110,13 @@ static int virCgroupPartitionNeedsEscapi
path[0] == '.')
return 1;
- if (!(fp = fopen("/proc/cgroups", "r")))
+ if (!(fp = fopen("/proc/cgroups", "r"))) {
+ /* The API contract is that we return ENXIO
+ * if cgroups are not available on a host */
+ if (errno == ENOENT)
+ errno = ENXIO;
return -errno;
+ }
/*
* Data looks like this:

26
ca697e90-CVE-2013-1962.patch Normal file
View File

@ -0,0 +1,26 @@
commit ca697e90d5bd6a6dfb94bfb6d4438bdf9a44b739
Author: Ján Tomko <jtomko@redhat.com>
Date: Fri Apr 12 17:30:56 2013 +0200
daemon: fix leak after listing all volumes
CVE-2013-1962
remoteDispatchStoragePoolListAllVolumes wasn't freeing the pool.
The pool also held a reference to the connection, preventing it from
getting freed and closing the netcf interface driver, which held two
sockets open.
Index: libvirt-1.0.5/daemon/remote.c
===================================================================
--- libvirt-1.0.5.orig/daemon/remote.c
+++ libvirt-1.0.5/daemon/remote.c
@@ -4226,6 +4226,8 @@ cleanup:
virStorageVolFree(vols[i]);
VIR_FREE(vols);
}
+ if (pool)
+ virStoragePoolFree(pool);
return rv;
}

34
f493d83f-cgroup-swap-control.patch Normal file
View File

@ -0,0 +1,34 @@
commit f493d83fbd3257453e63f2f32ee90a216fd531c1
Author: Daniel P. Berrange <berrange@redhat.com>
Date: Thu May 9 13:53:39 2013 +0100
Cope with missing swap cgroup controls
It is possible to build a kernel without swap cgroup controls
present. This causes a fatal error when querying memory
parameters. Treat missing swap controls as meaning "unlimited".
The fatal error remains if the user tries to actually change
the limit.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Index: libvirt-1.0.5/src/qemu/qemu_driver.c
===================================================================
--- libvirt-1.0.5.orig/src/qemu/qemu_driver.c
+++ libvirt-1.0.5/src/qemu/qemu_driver.c
@@ -7351,9 +7351,12 @@ qemuDomainGetMemoryParameters(virDomainP
case 2: /* fill swap hard limit here */
rc = virCgroupGetMemSwapHardLimit(priv->cgroup, &val);
if (rc != 0) {
- virReportSystemError(-rc, "%s",
- _("unable to get swap hard limit"));
- goto cleanup;
+ if (rc != -ENOENT) {
+ virReportSystemError(-rc, "%s",
+ _("unable to get swap hard limit"));
+ goto cleanup;
+ }
+ val = VIR_DOMAIN_MEMORY_PARAM_UNLIMITED;
}
if (virTypedParameterAssign(param,
VIR_DOMAIN_MEMORY_SWAP_HARD_LIMIT,

22
libvirt.changes
View File

@ -1,3 +1,25 @@
-------------------------------------------------------------------
Sat May 18 09:15:00 MDT 2013 - jfehlig@suse.com
- fix leak after listing all volumes - CVE-2013-1962
ca697e90-CVE-2013-1962.patch
bnc#820397
- Fix iohelper usage with streams opened for read
a2214c52-iohelper.patch
- Cope with missing swap cgroup controls
f493d83f-cgroup-swap-control.patch
bnc#819976
- Fix cgroup handling when setting VCPU BW
0471637d-cgroups-vcpu-bw.patch
rhb#963592
- Escape a leading '.' with '_' in the cgroup names
0ced83dc-cgroup-escape-dot.patch
- Add missing documentation on new cgroup layout
486a86eb-cgroups-docs.patch
- Another fix related to systems with no cgroups
c2cf5f1c-no-cgroups-fix.patch
bnc#819963
-------------------------------------------------------------------
Thu May 16 16:25:13 MDT 2013 - jfehlig@suse.com

16
libvirt.spec
View File

@ -423,7 +423,14 @@ Source1: libvirtd.init
Source2: libvirtd-relocation-server.fw
Source99: baselibs.conf
# Upstream patches
Patch0: bbe97ae9-no-cgroups.patch
Patch0: f493d83f-cgroup-swap-control.patch
Patch1: 486a86eb-cgroups-docs.patch
Patch2: 0ced83dc-cgroup-escape-dot.patch
Patch3: bbe97ae9-no-cgroups.patch
Patch4: 0471637d-cgroups-vcpu-bw.patch
Patch5: c2cf5f1c-no-cgroups-fix.patch
Patch6: a2214c52-iohelper.patch
Patch7: ca697e90-CVE-2013-1962.patch
# Need to go upstream
Patch100: xen-name-for-devid.patch
Patch101: clone.patch
@ -565,6 +572,13 @@ Authors:
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch100 -p1
%patch101
%patch102 -p1