+++ /dev/null
-diff -urN util-vserver-0.30.215/lib/syscall_netadd-netv2.hc util-vserver-trunk/lib/syscall_netadd-netv2.hc
---- util-vserver-0.30.215/lib/syscall_netadd-netv2.hc 2008-03-17 09:59:48.000000000 +0100
-+++ util-vserver-trunk/lib/syscall_netadd-netv2.hc 2008-05-22 23:51:10.000000000 +0200
-@@ -1,4 +1,4 @@
--// $Id$ --*- c -*--
-+// $Id$ --*- c -*--
-
- // Copyright (C) 2007 Daniel Hokka Zakrisson
- //
-@@ -27,10 +27,15 @@
- case VC_NXA_TYPE_IPV4: {
- struct vcmd_net_addr_ipv4_v1 k_info;
-
-- k_info.type = info->vna_type & ~VC_NXA_TYPE_IPV4;
-- k_info.flags = info->vna_flags;
-- k_info.ip.s_addr = info->vna_v4_ip.s_addr;
-- k_info.mask.s_addr = info->vna_v4_mask.s_addr;
-+ k_info.type = info->vna_type & ~VC_NXA_TYPE_IPV4;
-+ k_info.flags = info->vna_flags;
-+ k_info.ip.s_addr = info->vna_v4_ip.s_addr;
-+ k_info.mask.s_addr = info->vna_v4_mask.s_addr;
-+
-+ if (k_info.ip.s_addr == 0) {
-+ k_info.type = VC_NXA_TYPE_MASK;
-+ k_info.mask.s_addr = 0;
-+ }
-
- return vserver(VCMD_net_add_ipv4, NID_USER2KERNEL(nid), &k_info);
- }
-diff -urN util-vserver-0.30.215/src/naddress.c util-vserver-trunk/src/naddress.c
---- util-vserver-0.30.215/src/naddress.c 2008-03-17 09:59:45.000000000 +0100
-+++ util-vserver-trunk/src/naddress.c 2008-05-22 23:51:01.000000000 +0200
-@@ -1,4 +1,4 @@
--// $Id$
-+// $Id$
-
- // Copyright (C) 2003 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
- // Copyright (C) 2006 Daniel Hokka Zakrisson <daniel@hozac.com>
-@@ -315,7 +315,6 @@
- }
-
- out:
-- free(str);
- return ret;
- }
-
-diff -urN util-vserver-0.30.215/src/capability-compat.h util-vserver-trunk/src/capability-compat.h
---- util-vserver-0.30.215/src/capability-compat.h 2008-03-17 09:59:45.000000000 +0100
-+++ util-vserver-trunk/src/capability-compat.h 2008-05-22 23:51:01.000000000 +0200
-@@ -1,4 +1,4 @@
--// $Id$ --*- c -*--
-+// $Id$ --*- c -*--
-
- // Copyright (C) 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
- //
-@@ -29,3 +29,11 @@
- extern int capset (struct __user_cap_header_struct *, struct __user_cap_data_struct *);
-
- #endif
-+
-+#ifndef _LINUX_CAPABILITY_VERSION_1
-+# define _LINUX_CAPABILITY_VERSION_1 _LINUX_CAPABILITY_VERSION
-+#endif
-+
-+#ifndef _LINUX_CAPABILITY_VERSION_2
-+# define _LINUX_CAPABILITY_VERSION_2 0x20071026
-+#endif
-diff -urN util-vserver-0.30.215/src/rpm-fake.c util-vserver-trunk/src/rpm-fake.c
---- util-vserver-0.30.215/src/rpm-fake.c 2008-03-17 09:59:45.000000000 +0100
-+++ util-vserver-trunk/src/rpm-fake.c 2008-05-22 23:51:01.000000000 +0200
-@@ -1,4 +1,4 @@
--// $Id$ --*- c++ -*--
-+// $Id$ --*- c++ -*--
-
- // Copyright (C) 2003 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
- //
-@@ -419,22 +419,30 @@
- static void
- reduceCapabilities()
- {
-+ int retried = 0;
- struct __user_cap_header_struct header;
-- struct __user_cap_data_struct user;
-+ struct __user_cap_data_struct user[2];
-
-- header.version = _LINUX_CAPABILITY_VERSION;
-+ header.version = _LINUX_CAPABILITY_VERSION_2;
- header.pid = 0;
-
-- if (capget(&header, &user)==-1) {
-+retry:
-+ if (capget(&header, user)==-1) {
-+ if (!retried &&
-+ header.version != _LINUX_CAPABILITY_VERSION_2) {
-+ header.version = _LINUX_CAPABILITY_VERSION_1;
-+ retried = 1;
-+ goto retry;
-+ }
- perror("capget()");
- exit(wrapper_exit_code);
- }
-
-- user.effective &= ~(1<<CAP_MKNOD);
-- user.permitted &= ~(1<<CAP_MKNOD);
-- user.inheritable &= ~(1<<CAP_MKNOD);
-+ user[0].effective &= ~(1<<CAP_MKNOD);
-+ user[0].permitted &= ~(1<<CAP_MKNOD);
-+ user[0].inheritable &= ~(1<<CAP_MKNOD);
-
-- if (capset(&header, &user)==-1) {
-+ if (capset(&header, user)==-1) {
- perror("capset()");
- exit(wrapper_exit_code);
- }
-diff -urN util-vserver-0.30.215/src/vserver-info.c util-vserver-trunk/src/vserver-info.c
---- util-vserver-0.30.215/src/vserver-info.c 2008-03-17 09:59:45.000000000 +0100
-+++ util-vserver-trunk/src/vserver-info.c 2008-05-22 23:51:01.000000000 +0200
-@@ -1,4 +1,4 @@
--// $Id$ --*- c -*--
-+// $Id$ --*- c -*--
-
- // Copyright (C) 2003 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
- //
-@@ -185,9 +185,11 @@
- static bool
- verifyCap()
- {
-+ int retried = 0;
- struct __user_cap_header_struct header;
-- struct __user_cap_data_struct user;
-- header.version = _LINUX_CAPABILITY_VERSION;
-+ struct __user_cap_data_struct user[2];
-+
-+ header.version = _LINUX_CAPABILITY_VERSION_2;
- header.pid = 0;
-
- if (getuid()!=0) {
-@@ -199,17 +201,24 @@
- // perror( "prctl:" );
- // return false;
- // }
--
-- if (capget(&header, &user)==-1) {
-+
-+retry:
-+ if (capget(&header, user)==-1) {
-+ if (!retried &&
-+ header.version != _LINUX_CAPABILITY_VERSION_2) {
-+ header.version = _LINUX_CAPABILITY_VERSION_1;
-+ retried = 1;
-+ goto retry;
-+ }
- perror("capget()");
- return false;
- }
-
-- user.effective = 0;
-- user.permitted = 0;
-- user.inheritable = 0;
-+ user[0].effective = user[1].effective = 0;
-+ user[0].permitted = user[1].permitted = 0;
-+ user[0].inheritable = user[1].inheritable = 0;
-
-- if (capset(&header, &user)==-1) {
-+ if (capset(&header, user)==-1) {
- perror("capset()");
- return false;
- }
-diff -urN util-vserver-0.30.215/src/tunctl.c util-vserver-trunk/src/tunctl.c
---- util-vserver-0.30.215/src/tunctl.c 2008-03-17 09:59:45.000000000 +0100
-+++ util-vserver-trunk/src/tunctl.c 2008-05-22 23:51:01.000000000 +0200
-@@ -33,6 +33,21 @@
- #include <linux/if_tun.h>
-
- /* Make sure we have the necessary ioctls */
-+#ifndef TUNSETNOCSUM
-+# define TUNSETNOCSUM _IOW('T', 200, int)
-+#endif
-+#ifndef TUNSETIFF
-+# define TUNSETIFF _IOW('T', 202, int)
-+#endif
-+#ifndef TUNSETPERSIST
-+# define TUNSETPERSIST _IOW('T', 203, int)
-+#endif
-+#ifndef TUNSETOWNER
-+# define TUNSETOWNER _IOW('T', 204, int)
-+#endif
-+#ifndef TUNSETLINK
-+# define TUNSETLINK _IOW('T', 205, int)
-+#endif
- #ifndef TUNSETGROUP
- # define TUNSETGROUP _IOW('T', 206, int)
- #endif
-diff -urN util-vserver-0.30.215/src/vspace.c util-vserver-trunk/src/vspace.c
---- util-vserver-0.30.215/src/vspace.c 2008-03-17 09:59:45.000000000 +0100
-+++ util-vserver-trunk/src/vspace.c 2008-05-22 23:51:01.000000000 +0200
-@@ -1,4 +1,4 @@
--// $Id$ --*- c -*--
-+// $Id$ --*- c -*--
-
- // Copyright (C) 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
- // Copyright (C) 2007 Daniel Hokka Zakrisson
-@@ -114,6 +114,8 @@
- if (mask == 0)
- return;
-
-+ mask &= ~CLONE_FS;
-+
- signal(SIGCHLD, SIG_DFL);
-
- #ifdef NDEBUG