diff -NurpP --minimal linux-2.6.2-rc1/arch/alpha/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/alpha/kernel/ptrace.c
--- linux-2.6.2-rc1/arch/alpha/kernel/ptrace.c	Fri Jan  9 08:00:02 2004
+++ linux-2.6.2-rc1-vs0.05.1/arch/alpha/kernel/ptrace.c	Sat Jan 24 06:45:48 2004
@@ -6,6 +6,7 @@
 
 #include <linux/kernel.h>
 #include <linux/sched.h>
+#include <linux/vinline.h>
 #include <linux/mm.h>
 #include <linux/smp.h>
 #include <linux/smp_lock.h>
@@ -285,7 +286,7 @@ do_sys_ptrace(long request, long pid, lo
 	if (child)
 		get_task_struct(child);
 	read_unlock(&tasklist_lock);
-	if (!child)
+	if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
 		goto out_notsk;
 
 	if (request == PTRACE_ATTACH) {
diff -NurpP --minimal linux-2.6.2-rc1/arch/alpha/kernel/systbls.S linux-2.6.2-rc1-vs0.05.1/arch/alpha/kernel/systbls.S
--- linux-2.6.2-rc1/arch/alpha/kernel/systbls.S	Fri Jan  9 07:59:45 2004
+++ linux-2.6.2-rc1-vs0.05.1/arch/alpha/kernel/systbls.S	Sat Jan 24 06:45:48 2004
@@ -291,7 +291,7 @@ sys_call_table:
 	.quad alpha_ni_syscall			/* 270 */
 	.quad alpha_ni_syscall
 	.quad alpha_ni_syscall
-	.quad alpha_ni_syscall
+	.quad sys_vserver			/* 273 sys_vserver */
 	.quad alpha_ni_syscall
 	.quad alpha_ni_syscall			/* 275 */
 	.quad alpha_ni_syscall
diff -NurpP --minimal linux-2.6.2-rc1/arch/i386/kernel/entry.S linux-2.6.2-rc1-vs0.05.1/arch/i386/kernel/entry.S
--- linux-2.6.2-rc1/arch/i386/kernel/entry.S	Fri Jan  9 07:59:19 2004
+++ linux-2.6.2-rc1-vs0.05.1/arch/i386/kernel/entry.S	Sat Jan 24 06:45:48 2004
@@ -881,6 +881,6 @@ ENTRY(sys_call_table)
 	.long sys_tgkill	/* 270 */
 	.long sys_utimes
  	.long sys_fadvise64_64
-	.long sys_ni_syscall	/* sys_vserver */
+	.long sys_vserver
 
 syscall_table_size=(.-sys_call_table)
diff -NurpP --minimal linux-2.6.2-rc1/arch/i386/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/i386/kernel/ptrace.c
--- linux-2.6.2-rc1/arch/i386/kernel/ptrace.c	Fri Jan  9 07:59:19 2004
+++ linux-2.6.2-rc1-vs0.05.1/arch/i386/kernel/ptrace.c	Sat Jan 24 06:45:48 2004
@@ -7,6 +7,7 @@
 
 #include <linux/kernel.h>
 #include <linux/sched.h>
+#include <linux/vinline.h>
 #include <linux/mm.h>
 #include <linux/smp.h>
 #include <linux/smp_lock.h>
@@ -255,7 +256,7 @@ asmlinkage int sys_ptrace(long request, 
 	if (child)
 		get_task_struct(child);
 	read_unlock(&tasklist_lock);
-	if (!child)
+	if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
 		goto out;
 
 	ret = -EPERM;
diff -NurpP --minimal linux-2.6.2-rc1/arch/ia64/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/ia64/kernel/ptrace.c
--- linux-2.6.2-rc1/arch/ia64/kernel/ptrace.c	Fri Jan  9 08:00:12 2004
+++ linux-2.6.2-rc1-vs0.05.1/arch/ia64/kernel/ptrace.c	Sat Jan 24 06:45:48 2004
@@ -10,6 +10,7 @@
 #include <linux/config.h>
 #include <linux/kernel.h>
 #include <linux/sched.h>
+#include <linux/vinline.h>
 #include <linux/slab.h>
 #include <linux/mm.h>
 #include <linux/errno.h>
@@ -1282,7 +1283,7 @@ sys_ptrace (long request, pid_t pid, uns
 		}
 	}
 	read_unlock(&tasklist_lock);
-	if (!child)
+	if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
 		goto out;
 	ret = -EPERM;
 	if (pid == 1)		/* no messing around with init! */
diff -NurpP --minimal linux-2.6.2-rc1/arch/m68k/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/m68k/kernel/ptrace.c
--- linux-2.6.2-rc1/arch/m68k/kernel/ptrace.c	Fri Jan  9 07:59:19 2004
+++ linux-2.6.2-rc1-vs0.05.1/arch/m68k/kernel/ptrace.c	Sat Jan 24 06:45:48 2004
@@ -12,6 +12,7 @@
 
 #include <linux/kernel.h>
 #include <linux/sched.h>
+#include <linux/vinline.h>
 #include <linux/mm.h>
 #include <linux/smp.h>
 #include <linux/smp_lock.h>
@@ -124,7 +125,7 @@ asmlinkage int sys_ptrace(long request, 
 	if (child)
 		get_task_struct(child);
 	read_unlock(&tasklist_lock);
-	if (!child)
+	if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
 		goto out;
 
 	ret = -EPERM;
diff -NurpP --minimal linux-2.6.2-rc1/arch/mips/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/mips/kernel/ptrace.c
--- linux-2.6.2-rc1/arch/mips/kernel/ptrace.c	Fri Jan  9 08:00:13 2004
+++ linux-2.6.2-rc1-vs0.05.1/arch/mips/kernel/ptrace.c	Sat Jan 24 06:45:48 2004
@@ -18,6 +18,7 @@
 #include <linux/compiler.h>
 #include <linux/kernel.h>
 #include <linux/sched.h>
+#include <linux/vinline.h>
 #include <linux/mm.h>
 #include <linux/errno.h>
 #include <linux/ptrace.h>
@@ -74,7 +75,7 @@ asmlinkage int sys_ptrace(long request, 
 	if (child)
 		get_task_struct(child);
 	read_unlock(&tasklist_lock);
-	if (!child)
+	if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
 		goto out;
 
 	ret = -EPERM;
diff -NurpP --minimal linux-2.6.2-rc1/arch/parisc/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/parisc/kernel/ptrace.c
--- linux-2.6.2-rc1/arch/parisc/kernel/ptrace.c	Fri Jan  9 07:59:09 2004
+++ linux-2.6.2-rc1-vs0.05.1/arch/parisc/kernel/ptrace.c	Sat Jan 24 06:45:48 2004
@@ -8,6 +8,7 @@
 
 #include <linux/kernel.h>
 #include <linux/sched.h>
+#include <linux/vinline.h>
 #include <linux/mm.h>
 #include <linux/smp.h>
 #include <linux/smp_lock.h>
@@ -109,7 +110,7 @@ long sys_ptrace(long request, pid_t pid,
 	if (child)
 		get_task_struct(child);
 	read_unlock(&tasklist_lock);
-	if (!child)
+	if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
 		goto out;
 	ret = -EPERM;
 	if (pid == 1)		/* no messing around with init! */
diff -NurpP --minimal linux-2.6.2-rc1/arch/ppc/kernel/misc.S linux-2.6.2-rc1-vs0.05.1/arch/ppc/kernel/misc.S
--- linux-2.6.2-rc1/arch/ppc/kernel/misc.S	Sat Jan 24 03:18:04 2004
+++ linux-2.6.2-rc1-vs0.05.1/arch/ppc/kernel/misc.S	Sat Jan 24 06:45:48 2004
@@ -1386,3 +1386,22 @@ _GLOBAL(sys_call_table)
 	.long sys_fstatfs64
 	.long ppc_fadvise64_64
 	.long sys_ni_syscall	/* 255 - rtas (used on ppc64) */
+	.long sys_ni_syscall
+	.long sys_ni_syscall
+	.long sys_ni_syscall
+	.long sys_ni_syscall
+	.long sys_ni_syscall	/* 260 */
+	.long sys_ni_syscall
+	.long sys_ni_syscall
+	.long sys_ni_syscall
+	.long sys_ni_syscall
+	.long sys_ni_syscall	/* 265 */
+	.long sys_ni_syscall
+	.long sys_ni_syscall
+	.long sys_ni_syscall
+	.long sys_ni_syscall
+	.long sys_ni_syscall	/* 270 */
+	.long sys_ni_syscall
+	.long sys_ni_syscall
+	.long sys_vserver	/* 273 sys_vserver */
+
diff -NurpP --minimal linux-2.6.2-rc1/arch/ppc/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/ppc/kernel/ptrace.c
--- linux-2.6.2-rc1/arch/ppc/kernel/ptrace.c	Fri Jan  9 07:59:19 2004
+++ linux-2.6.2-rc1-vs0.05.1/arch/ppc/kernel/ptrace.c	Sat Jan 24 06:45:48 2004
@@ -19,6 +19,7 @@
 
 #include <linux/kernel.h>
 #include <linux/sched.h>
+#include <linux/vinline.h>
 #include <linux/mm.h>
 #include <linux/smp.h>
 #include <linux/smp_lock.h>
@@ -195,7 +196,7 @@ int sys_ptrace(long request, long pid, l
 	if (child)
 		get_task_struct(child);
 	read_unlock(&tasklist_lock);
-	if (!child)
+	if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
 		goto out;
 
 	ret = -EPERM;
diff -NurpP --minimal linux-2.6.2-rc1/arch/ppc64/kernel/misc.S linux-2.6.2-rc1-vs0.05.1/arch/ppc64/kernel/misc.S
--- linux-2.6.2-rc1/arch/ppc64/kernel/misc.S	Sat Jan 24 03:18:04 2004
+++ linux-2.6.2-rc1-vs0.05.1/arch/ppc64/kernel/misc.S	Sat Jan 24 06:45:48 2004
@@ -819,6 +819,24 @@ _GLOBAL(sys_call_table32)
 	.llong .compat_fstatfs64
 	.llong .ppc32_fadvise64_64	/* 32bit only fadvise64_64 */
 	.llong .ppc_rtas		/* 255 */
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall		/* 260 */
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall		/* 265 */
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall		/* 270 */
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall
+	.llong .sys_vserver		/* 273 sys_vserver */
 
 	.balign 8
 _GLOBAL(sys_call_table)
@@ -1078,3 +1096,22 @@ _GLOBAL(sys_call_table)
 	.llong .sys_fstatfs64
 	.llong .sys_ni_syscall		/* 32bit only fadvise64_64 */
 	.llong .ppc_rtas		/* 255 */
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall		/* 260 */
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall		/* 265 */
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall		/* 270 */
+	.llong .sys_ni_syscall
+	.llong .sys_ni_syscall
+	.llong .sys_vserver		/* 273 sys_vserver */
+
diff -NurpP --minimal linux-2.6.2-rc1/arch/ppc64/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/ppc64/kernel/ptrace.c
--- linux-2.6.2-rc1/arch/ppc64/kernel/ptrace.c	Fri Jan  9 07:59:56 2004
+++ linux-2.6.2-rc1-vs0.05.1/arch/ppc64/kernel/ptrace.c	Sat Jan 24 06:45:48 2004
@@ -19,6 +19,7 @@
 
 #include <linux/kernel.h>
 #include <linux/sched.h>
+#include <linux/vinline.h>
 #include <linux/mm.h>
 #include <linux/smp.h>
 #include <linux/smp_lock.h>
@@ -73,7 +74,7 @@ int sys_ptrace(long request, long pid, l
 	if (child)
 		get_task_struct(child);
 	read_unlock(&tasklist_lock);
-	if (!child)
+	if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
 		goto out;
 
 	ret = -EPERM;
diff -NurpP --minimal linux-2.6.2-rc1/arch/s390/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/s390/kernel/ptrace.c
--- linux-2.6.2-rc1/arch/s390/kernel/ptrace.c	Sat Jan 24 03:18:05 2004
+++ linux-2.6.2-rc1-vs0.05.1/arch/s390/kernel/ptrace.c	Sat Jan 24 06:45:48 2004
@@ -24,6 +24,7 @@
 
 #include <linux/kernel.h>
 #include <linux/sched.h>
+#include <linux/vinline.h>
 #include <linux/mm.h>
 #include <linux/smp.h>
 #include <linux/smp_lock.h>
@@ -647,7 +648,7 @@ sys_ptrace(long request, long pid, long 
 	if (child)
 		get_task_struct(child);
 	read_unlock(&tasklist_lock);
-	if (!child)
+	if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
 		goto out;
 
 	ret = do_ptrace(child, request, addr, data);
diff -NurpP --minimal linux-2.6.2-rc1/arch/s390/kernel/syscalls.S linux-2.6.2-rc1-vs0.05.1/arch/s390/kernel/syscalls.S
--- linux-2.6.2-rc1/arch/s390/kernel/syscalls.S	Sat Jan 24 03:18:05 2004
+++ linux-2.6.2-rc1-vs0.05.1/arch/s390/kernel/syscalls.S	Sat Jan 24 06:45:48 2004
@@ -271,5 +271,5 @@ SYSCALL(sys_clock_settime,sys_clock_sett
 SYSCALL(sys_clock_gettime,sys_clock_gettime,sys32_clock_gettime_wrapper)	/* 260 */
 SYSCALL(sys_clock_getres,sys_clock_getres,sys32_clock_getres_wrapper)
 SYSCALL(sys_clock_nanosleep,sys_clock_nanosleep,sys32_clock_nanosleep_wrapper)
-NI_SYSCALL							/* reserved for vserver */
+SYSCALL(sys_vserver,sys_vserver,sys_vserver)
 SYSCALL(s390_fadvise64_64,sys_ni_syscall,sys32_fadvise64_64_wrapper)
diff -NurpP --minimal linux-2.6.2-rc1/arch/sparc/kernel/systbls.S linux-2.6.2-rc1-vs0.05.1/arch/sparc/kernel/systbls.S
--- linux-2.6.2-rc1/arch/sparc/kernel/systbls.S	Fri Jan  9 07:59:34 2004
+++ linux-2.6.2-rc1-vs0.05.1/arch/sparc/kernel/systbls.S	Sat Jan 24 06:45:48 2004
@@ -72,7 +72,7 @@ sys_call_table:
 /*250*/	.long sparc_mremap, sys_sysctl, sys_getsid, sys_fdatasync, sys_nfsservctl
 /*255*/	.long sys_nis_syscall, sys_clock_settime, sys_clock_gettime, sys_clock_getres, sys_clock_nanosleep
 /*260*/	.long sys_sched_getaffinity, sys_sched_setaffinity, sys_timer_settime, sys_timer_gettime, sys_timer_getoverrun
-/*265*/	.long sys_timer_delete, sys_timer_create, sys_nis_syscall, sys_io_setup, sys_io_destroy
+/*265*/	.long sys_timer_delete, sys_timer_create, sys_vserver, sys_io_setup, sys_io_destroy
 /*270*/	.long sys_io_submit, sys_io_cancel, sys_io_getevents, sys_nis_syscall
 
 #ifdef CONFIG_SUNOS_EMUL
diff -NurpP --minimal linux-2.6.2-rc1/arch/sparc64/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/sparc64/kernel/ptrace.c
--- linux-2.6.2-rc1/arch/sparc64/kernel/ptrace.c	Fri Jan  9 08:00:05 2004
+++ linux-2.6.2-rc1-vs0.05.1/arch/sparc64/kernel/ptrace.c	Sat Jan 24 06:45:48 2004
@@ -12,6 +12,7 @@
 
 #include <linux/kernel.h>
 #include <linux/sched.h>
+#include <linux/vinline.h>
 #include <linux/mm.h>
 #include <linux/errno.h>
 #include <linux/ptrace.h>
@@ -164,7 +165,7 @@ asmlinkage void do_ptrace(struct pt_regs
 		get_task_struct(child);
 	read_unlock(&tasklist_lock);
 
-	if (!child) {
+	if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT)) {
 		pt_error_return(regs, ESRCH);
 		goto out;
 	}
diff -NurpP --minimal linux-2.6.2-rc1/arch/sparc64/kernel/systbls.S linux-2.6.2-rc1-vs0.05.1/arch/sparc64/kernel/systbls.S
--- linux-2.6.2-rc1/arch/sparc64/kernel/systbls.S	Fri Jan  9 07:59:26 2004
+++ linux-2.6.2-rc1-vs0.05.1/arch/sparc64/kernel/systbls.S	Sat Jan 24 06:45:48 2004
@@ -73,7 +73,7 @@ sys_call_table32:
 	.word sys_ni_syscall, compat_clock_settime, compat_clock_gettime, compat_clock_getres, compat_clock_nanosleep
 /*260*/	.word compat_sys_sched_getaffinity, compat_sys_sched_setaffinity, compat_timer_settime, compat_timer_gettime, sys_timer_getoverrun
 	.word sys_timer_delete, sys32_timer_create, sys_ni_syscall, compat_sys_io_setup, sys_io_destroy
-/*270*/	.word compat_sys_io_submit, sys_io_cancel, compat_sys_io_getevents, sys_ni_syscall
+/*270*/ .word compat_sys_io_submit, sys_io_cancel, compat_sys_io_getevents, sys_vserver
 
 	/* Now the 64-bit native Linux syscall table. */
 
@@ -135,7 +135,7 @@ sys_call_table:
 	.word sys_ni_syscall, sys_clock_settime, sys_clock_gettime, sys_clock_getres, sys_clock_nanosleep
 /*260*/	.word sys_sched_getaffinity, sys_sched_setaffinity, sys_timer_settime, sys_timer_gettime, sys_timer_getoverrun
 	.word sys_timer_delete, sys_timer_create, sys_ni_syscall, sys_io_setup, sys_io_destroy
-/*270*/	.word sys_io_submit, sys_io_cancel, sys_io_getevents, sys_ni_syscall
+/*270*/ .word sys_io_submit, sys_io_cancel, sys_io_getevents, sys_vserver
 
 #if defined(CONFIG_SUNOS_EMUL) || defined(CONFIG_SOLARIS_EMUL) || \
     defined(CONFIG_SOLARIS_EMUL_MODULE)
diff -NurpP --minimal linux-2.6.2-rc1/arch/x86_64/ia32/ia32entry.S linux-2.6.2-rc1-vs0.05.1/arch/x86_64/ia32/ia32entry.S
--- linux-2.6.2-rc1/arch/x86_64/ia32/ia32entry.S	Fri Jan  9 07:59:27 2004
+++ linux-2.6.2-rc1-vs0.05.1/arch/x86_64/ia32/ia32entry.S	Sat Jan 24 06:45:48 2004
@@ -448,34 +448,35 @@ ia32_sys_call_table:
         .quad compat_sys_sched_getaffinity
 	.quad sys32_set_thread_area
 	.quad sys32_get_thread_area
-	.quad sys32_io_setup
+	.quad sys32_io_setup	/* 245 */
 	.quad sys_io_destroy
 	.quad sys32_io_getevents
 	.quad sys32_io_submit
 	.quad sys_io_cancel
-	.quad sys_fadvise64
+	.quad sys_fadvise64	/* 250 */
 	.quad sys_ni_syscall /* free_huge_pages */
 	.quad sys_exit_group /* exit_group */
 	.quad sys_lookup_dcookie
 	.quad sys_epoll_create
-	.quad sys_epoll_ctl
+	.quad sys_epoll_ctl	/* 255 */
 	.quad sys_epoll_wait
 	.quad sys_remap_file_pages
 	.quad sys_set_tid_address
 	.quad sys32_timer_create
-	.quad compat_timer_settime
+	.quad compat_timer_settime	/* 260 */
 	.quad compat_timer_gettime
 	.quad sys_timer_getoverrun
 	.quad sys_timer_delete
 	.quad compat_clock_settime
-	.quad compat_clock_gettime
+	.quad compat_clock_gettime	/* 265 */
 	.quad compat_clock_getres
 	.quad compat_clock_nanosleep
 	.quad compat_statfs64   /* statfs64 */
 	.quad compat_fstatfs64  /* fstatfs64 */
-	.quad sys_tgkill
+	.quad sys_tgkill	/* 270 */
 	.quad compat_sys_utimes
 	.quad sys32_fadvise64_64
+	.quad sys_vserver	/* 273 sys_vserver */
 	/* don't forget to change IA32_NR_syscalls */
 ia32_syscall_end:		
 	.rept IA32_NR_syscalls-(ia32_syscall_end-ia32_sys_call_table)/8
diff -NurpP --minimal linux-2.6.2-rc1/arch/x86_64/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/x86_64/kernel/ptrace.c
--- linux-2.6.2-rc1/arch/x86_64/kernel/ptrace.c	Fri Jan  9 07:59:19 2004
+++ linux-2.6.2-rc1-vs0.05.1/arch/x86_64/kernel/ptrace.c	Sat Jan 24 06:45:48 2004
@@ -9,6 +9,7 @@
 
 #include <linux/kernel.h>
 #include <linux/sched.h>
+#include <linux/vinline.h>
 #include <linux/mm.h>
 #include <linux/smp.h>
 #include <linux/smp_lock.h>
@@ -205,7 +206,7 @@ asmlinkage long sys_ptrace(long request,
 	if (child)
 		get_task_struct(child);
 	read_unlock(&tasklist_lock);
-	if (!child)
+	if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
 		goto out;
 
 	ret = -EPERM;
diff -NurpP --minimal linux-2.6.2-rc1/fs/ext2/ialloc.c linux-2.6.2-rc1-vs0.05.1/fs/ext2/ialloc.c
--- linux-2.6.2-rc1/fs/ext2/ialloc.c	Sat Jan 24 03:18:15 2004
+++ linux-2.6.2-rc1-vs0.05.1/fs/ext2/ialloc.c	Sat Jan 24 06:14:24 2004
@@ -581,7 +581,7 @@ got:
 	memset(ei->i_data, 0, sizeof(ei->i_data));
 	ei->i_flags = EXT2_I(dir)->i_flags & ~EXT2_BTREE_FL;
 	if (S_ISLNK(mode))
-		ei->i_flags &= ~(EXT2_IMMUTABLE_FL|EXT2_APPEND_FL);
+		ei->i_flags &= ~(EXT2_IMMUTABLE_FL|EXT2_IUNLINK_FL|EXT2_APPEND_FL);
 	/* dirsync is only applied to directories */
 	if (!S_ISDIR(mode))
 		ei->i_flags &= ~EXT2_DIRSYNC_FL;
diff -NurpP --minimal linux-2.6.2-rc1/fs/ext2/inode.c linux-2.6.2-rc1-vs0.05.1/fs/ext2/inode.c
--- linux-2.6.2-rc1/fs/ext2/inode.c	Sat Jan 24 03:18:15 2004
+++ linux-2.6.2-rc1-vs0.05.1/fs/ext2/inode.c	Sat Jan 24 06:28:27 2004
@@ -64,6 +64,8 @@ void ext2_put_inode(struct inode *inode)
 		ext2_discard_prealloc(inode);
 }
 
+static void ext2_truncate_nocheck (struct inode * inode);
+
 /*
  * Called at the last iput() if i_nlink is zero.
  */
@@ -77,7 +79,7 @@ void ext2_delete_inode (struct inode * i
 
 	inode->i_size = 0;
 	if (inode->i_blocks)
-		ext2_truncate (inode);
+		ext2_truncate_nocheck(inode);
 	ext2_free_inode (inode);
 
 	return;
@@ -876,7 +878,7 @@ static void ext2_free_branches(struct in
 		ext2_free_data(inode, p, q);
 }
 
-void ext2_truncate (struct inode * inode)
+static void ext2_truncate_nocheck(struct inode * inode)
 {
 	u32 *i_data = EXT2_I(inode)->i_data;
 	int addr_per_block = EXT2_ADDR_PER_BLOCK(inode->i_sb);
@@ -893,8 +895,6 @@ void ext2_truncate (struct inode * inode
 		return;
 	if (ext2_inode_is_fast_symlink(inode))
 		return;
-	if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
-		return;
 
 	ext2_discard_prealloc(inode);
 
@@ -1016,17 +1016,26 @@ Egdp:
 	return ERR_PTR(-EIO);
 }
 
+void ext2_truncate (struct inode * inode)
+{
+	if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
+		return;
+	ext2_truncate_nocheck(inode);
+}
+
 void ext2_set_inode_flags(struct inode *inode)
 {
 	unsigned int flags = EXT2_I(inode)->i_flags;
 
-	inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC);
+	inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_IUNLINK|S_NOATIME|S_DIRSYNC);
 	if (flags & EXT2_SYNC_FL)
 		inode->i_flags |= S_SYNC;
 	if (flags & EXT2_APPEND_FL)
 		inode->i_flags |= S_APPEND;
 	if (flags & EXT2_IMMUTABLE_FL)
 		inode->i_flags |= S_IMMUTABLE;
+	if (flags & EXT2_IUNLINK_FL)
+		inode->i_flags |= S_IUNLINK;
 	if (flags & EXT2_NOATIME_FL)
 		inode->i_flags |= S_NOATIME;
 	if (flags & EXT2_DIRSYNC_FL)
diff -NurpP --minimal linux-2.6.2-rc1/fs/ext3/ialloc.c linux-2.6.2-rc1-vs0.05.1/fs/ext3/ialloc.c
--- linux-2.6.2-rc1/fs/ext3/ialloc.c	Sat Jan 24 03:18:15 2004
+++ linux-2.6.2-rc1-vs0.05.1/fs/ext3/ialloc.c	Sat Jan 24 06:14:24 2004
@@ -569,7 +569,7 @@ got:
 
 	ei->i_flags = EXT3_I(dir)->i_flags & ~EXT3_INDEX_FL;
 	if (S_ISLNK(mode))
-		ei->i_flags &= ~(EXT3_IMMUTABLE_FL|EXT3_APPEND_FL);
+		ei->i_flags &= ~(EXT3_IMMUTABLE_FL|EXT3_IUNLINK_FL|EXT3_APPEND_FL);
 	/* dirsync only applies to directories */
 	if (!S_ISDIR(mode))
 		ei->i_flags &= ~EXT3_DIRSYNC_FL;
diff -NurpP --minimal linux-2.6.2-rc1/fs/ext3/inode.c linux-2.6.2-rc1-vs0.05.1/fs/ext3/inode.c
--- linux-2.6.2-rc1/fs/ext3/inode.c	Sat Jan 24 03:18:15 2004
+++ linux-2.6.2-rc1-vs0.05.1/fs/ext3/inode.c	Sat Jan 24 22:44:56 2004
@@ -189,6 +189,8 @@ void ext3_put_inode(struct inode *inode)
 		ext3_discard_prealloc(inode);
 }
 
+static void ext3_truncate_nocheck (struct inode *inode);
+
 /*
  * Called at the last iput() if i_nlink is zero.
  */
@@ -214,7 +216,7 @@ void ext3_delete_inode (struct inode * i
 		handle->h_sync = 1;
 	inode->i_size = 0;
 	if (inode->i_blocks)
-		ext3_truncate(inode);
+		ext3_truncate_nocheck(inode);
 	/*
 	 * Kill off the orphan record which ext3_truncate created.
 	 * AKPM: I think this can be inside the above `if'.
@@ -2114,7 +2116,7 @@ static void ext3_free_branches(handle_t 
  * ext3_truncate() run will find them and release them.
  */
 
-void ext3_truncate(struct inode * inode)
+void ext3_truncate_nocheck(struct inode * inode)
 {
 	handle_t *handle;
 	struct ext3_inode_info *ei = EXT3_I(inode);
@@ -2135,8 +2137,6 @@ void ext3_truncate(struct inode * inode)
 		return;
 	if (ext3_inode_is_fast_symlink(inode))
 		return;
-	if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
-		return;
 
 	ext3_discard_prealloc(inode);
 
@@ -2443,17 +2443,26 @@ has_buffer:
 	return 0;
 }
 
+void ext3_truncate(struct inode * inode)
+{
+	if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
+		return;
+	ext3_truncate_nocheck(inode);
+}
+
 void ext3_set_inode_flags(struct inode *inode)
 {
 	unsigned int flags = EXT3_I(inode)->i_flags;
 
-	inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC);
+	inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_IUNLINK|S_NOATIME|S_DIRSYNC);
 	if (flags & EXT3_SYNC_FL)
 		inode->i_flags |= S_SYNC;
 	if (flags & EXT3_APPEND_FL)
 		inode->i_flags |= S_APPEND;
 	if (flags & EXT3_IMMUTABLE_FL)
 		inode->i_flags |= S_IMMUTABLE;
+	if (flags & EXT3_IUNLINK_FL)
+		inode->i_flags |= S_IUNLINK;
 	if (flags & EXT3_NOATIME_FL)
 		inode->i_flags |= S_NOATIME;
 	if (flags & EXT3_DIRSYNC_FL)
diff -NurpP --minimal linux-2.6.2-rc1/fs/inode.c linux-2.6.2-rc1-vs0.05.1/fs/inode.c
--- linux-2.6.2-rc1/fs/inode.c	Fri Jan  9 08:00:12 2004
+++ linux-2.6.2-rc1-vs0.05.1/fs/inode.c	Sat Jan 24 06:23:57 2004
@@ -131,6 +131,7 @@ static struct inode *alloc_inode(struct 
 		inode->i_bdev = NULL;
 		inode->i_cdev = NULL;
 		inode->i_rdev = 0;
+		// inode->i_xid = 0;	/* maybe not too wise ... */
 		inode->i_security = NULL;
 		if (security_inode_alloc(inode)) {
 			if (inode->i_sb->s_op->destroy_inode)
diff -NurpP --minimal linux-2.6.2-rc1/fs/ioctl.c linux-2.6.2-rc1-vs0.05.1/fs/ioctl.c
--- linux-2.6.2-rc1/fs/ioctl.c	Sat Jan 24 03:18:15 2004
+++ linux-2.6.2-rc1-vs0.05.1/fs/ioctl.c	Sat Jan 24 07:49:20 2004
@@ -9,10 +9,15 @@
 #include <linux/file.h>
 #include <linux/fs.h>
 #include <linux/security.h>
+#include <linux/proc_fs.h>
+#include <linux/vserver/inode.h>
 
 #include <asm/uaccess.h>
 #include <asm/ioctls.h>
 
+extern int vx_proc_ioctl(struct inode *, struct file *,
+	unsigned int, unsigned long);
+
 static int file_ioctl(struct file *filp,unsigned int cmd,unsigned long arg)
 {
 	int error;
@@ -118,6 +123,12 @@ asmlinkage long sys_ioctl(unsigned int f
 			}
 			else
 				error = -ENOTTY;
+			break;
+		case FIOC_GETXFLG:
+		case FIOC_SETXFLG:
+			error = -ENOTTY;
+			if (filp->f_dentry->d_inode->i_sb->s_magic == PROC_SUPER_MAGIC)
+				error = vx_proc_ioctl(filp->f_dentry->d_inode, filp, cmd, arg);
 			break;
 		default:
 			error = -ENOTTY;
diff -NurpP --minimal linux-2.6.2-rc1/fs/namei.c linux-2.6.2-rc1-vs0.05.1/fs/namei.c
--- linux-2.6.2-rc1/fs/namei.c	Fri Jan  9 07:59:26 2004
+++ linux-2.6.2-rc1-vs0.05.1/fs/namei.c	Sat Jan 24 06:14:24 2004
@@ -1021,7 +1021,7 @@ static inline int may_delete(struct inod
 	if (IS_APPEND(dir))
 		return -EPERM;
 	if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)||
-	    IS_IMMUTABLE(victim->d_inode))
+	    IS_IXUNLINK(victim->d_inode))
 		return -EPERM;
 	if (isdir) {
 		if (!S_ISDIR(victim->d_inode->i_mode))
@@ -1816,7 +1816,7 @@ int vfs_link(struct dentry *old_dentry, 
 	/*
 	 * A link to an append-only or immutable file cannot be created.
 	 */
-	if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
+	if (IS_APPEND(inode) || IS_IXUNLINK(inode))
 		return -EPERM;
 	if (!dir->i_op || !dir->i_op->link)
 		return -EPERM;
diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/Makefile linux-2.6.2-rc1-vs0.05.1/fs/proc/Makefile
--- linux-2.6.2-rc1/fs/proc/Makefile	Fri Jan  9 07:59:07 2004
+++ linux-2.6.2-rc1-vs0.05.1/fs/proc/Makefile	Sat Jan 24 05:45:59 2004
@@ -8,7 +8,7 @@ proc-y			:= task_nommu.o
 proc-$(CONFIG_MMU)	:= task_mmu.o
 
 proc-y       += inode.o root.o base.o generic.o array.o \
-		kmsg.o proc_tty.o proc_misc.o
+		kmsg.o proc_tty.o proc_misc.o virtual.o
 
 proc-$(CONFIG_PROC_KCORE)	+= kcore.o
 proc-$(CONFIG_PROC_DEVICETREE)	+= proc_devtree.o
diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/array.c linux-2.6.2-rc1-vs0.05.1/fs/proc/array.c
--- linux-2.6.2-rc1/fs/proc/array.c	Fri Jan  9 07:59:44 2004
+++ linux-2.6.2-rc1-vs0.05.1/fs/proc/array.c	Sat Jan 24 07:01:35 2004
@@ -73,6 +73,7 @@
 #include <linux/highmem.h>
 #include <linux/file.h>
 #include <linux/times.h>
+#include <linux/vinline.h>
 
 #include <asm/uaccess.h>
 #include <asm/pgtable.h>
@@ -150,8 +151,13 @@ static inline const char * get_task_stat
 static inline char * task_state(struct task_struct *p, char *buffer)
 {
 	int g;
-
+	pid_t ppid;
 	read_lock(&tasklist_lock);
+	ppid = p->real_parent->pid;
+	if (ppid != 0
+		&& current->vx_info
+		&& current->vx_info->vx_initpid == ppid)
+		ppid = 1;
 	buffer += sprintf(buffer,
 		"State:\t%s\n"
 		"SleepAVG:\t%lu%%\n"
@@ -164,7 +170,7 @@ static inline char * task_state(struct t
 		get_task_state(p),
 		(p->sleep_avg/1024)*100/(1000000000/1024),
 	       	p->tgid,
-		p->pid, p->pid ? p->real_parent->pid : 0,
+		p->pid, p->pid ? ppid : 0,
 		p->pid && p->ptrace ? p->parent->pid : 0,
 		p->uid, p->euid, p->suid, p->fsuid,
 		p->gid, p->egid, p->sgid, p->fsgid);
@@ -263,16 +269,20 @@ static inline char *task_cap(struct task
 {
     return buffer + sprintf(buffer, "CapInh:\t%016x\n"
 			    "CapPrm:\t%016x\n"
-			    "CapEff:\t%016x\n",
+			    "CapEff:\t%016x\n"
+			    "CapBset:\t%016x\n",
 			    cap_t(p->cap_inheritable),
 			    cap_t(p->cap_permitted),
-			    cap_t(p->cap_effective));
+			    cap_t(p->cap_effective),
+			    cap_t(p->cap_bset));
 }
 
 extern char *task_mem(struct mm_struct *, char *);
 int proc_pid_status(struct task_struct *task, char * buffer)
 {
 	char * orig = buffer;
+	struct vx_info *vxi;
+	struct ip_info *ipi;
 	struct mm_struct *mm = get_task_mm(task);
 
 	buffer = task_name(task, buffer);
@@ -284,6 +294,39 @@ int proc_pid_status(struct task_struct *
 	}
 	buffer = task_sig(task, buffer);
 	buffer = task_cap(task, buffer);
+
+	buffer += sprintf (buffer,"s_context: %d\n", vx_task_xid(task));
+	vxi = task_get_vx_info(task);
+	if (vxi) {
+		buffer += sprintf (buffer,"ctxflags: %d\n"
+			,vxi->vx_flags);
+		buffer += sprintf (buffer,"initpid: %d\n"
+			,vxi->vx_initpid);
+	} else {
+		buffer += sprintf (buffer,"ctxflags: none\n");
+		buffer += sprintf (buffer,"initpid: none\n");
+	}
+	put_vx_info(vxi);
+	ipi = task_get_ip_info(task);
+	if (ipi) {
+		int i;
+
+		buffer += sprintf (buffer,"ipv4root:");
+		for (i=0; i<ipi->nbipv4; i++){
+			buffer += sprintf (buffer," %08x/%08x"
+				,ipi->ipv4[i]
+				,ipi->mask[i]);
+		}
+		*buffer++ = '\n';
+		buffer += sprintf (buffer,"ipv4root_bcast: %08x\n"
+			,ipi->v4_bcast);
+		buffer += sprintf (buffer,"ipv4root_refcnt: %d\n"
+			,atomic_read(&ipi->ip_refcount));
+	} else {
+		buffer += sprintf (buffer,"ipv4root: 0\n");
+		buffer += sprintf (buffer,"ipv4root_bcast: 0\n");
+	}
+	put_ip_info(ipi);
 #if defined(CONFIG_ARCH_S390)
 	buffer = task_show_regs(task, buffer);
 #endif
diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/base.c linux-2.6.2-rc1-vs0.05.1/fs/proc/base.c
--- linux-2.6.2-rc1/fs/proc/base.c	Sat Jan 24 03:18:15 2004
+++ linux-2.6.2-rc1-vs0.05.1/fs/proc/base.c	Sat Jan 24 06:29:01 2004
@@ -32,6 +32,7 @@
 #include <linux/mount.h>
 #include <linux/security.h>
 #include <linux/ptrace.h>
+#include <linux/vinline.h>
 
 /*
  * For hysterical raisins we keep the same inumbers as in the old procfs.
@@ -67,6 +68,7 @@ enum pid_directory_inos {
 	PROC_TGID_ATTR_EXEC,
 	PROC_TGID_ATTR_FSCREATE,
 #endif
+	PROC_TGID_VINFO,
 	PROC_TGID_FD_DIR,
 	PROC_TID_INO,
 	PROC_TID_STATUS,
@@ -90,6 +92,7 @@ enum pid_directory_inos {
 	PROC_TID_ATTR_EXEC,
 	PROC_TID_ATTR_FSCREATE,
 #endif
+	PROC_TID_VINFO,
 	PROC_TID_FD_DIR = 0x8000,	/* 0x8000-0xffff */
 };
 
@@ -123,6 +126,7 @@ static struct pid_entry tgid_base_stuff[
 #ifdef CONFIG_KALLSYMS
 	E(PROC_TGID_WCHAN,     "wchan",   S_IFREG|S_IRUGO),
 #endif
+	E(PROC_TGID_VINFO,     "vinfo",   S_IFREG|S_IRUGO),
 	{0,0,NULL,0}
 };
 static struct pid_entry tid_base_stuff[] = {
@@ -145,6 +149,7 @@ static struct pid_entry tid_base_stuff[]
 #ifdef CONFIG_KALLSYMS
 	E(PROC_TID_WCHAN,      "wchan",   S_IFREG|S_IRUGO),
 #endif
+	E(PROC_TID_VINFO,      "vinfo",   S_IFREG|S_IRUGO),
 	{0,0,NULL,0}
 };
 
@@ -181,6 +186,7 @@ int proc_pid_stat(struct task_struct*,ch
 int proc_pid_status(struct task_struct*,char*);
 int proc_pid_statm(struct task_struct*,char*);
 int proc_pid_cpu(struct task_struct*,char*);
+// int proc_pid_vinfo(struct task_struct*,char*);
 
 static int proc_fd_link(struct inode *inode, struct dentry **dentry, struct vfsmount **mnt)
 {
@@ -963,6 +969,7 @@ static struct inode *proc_pid_make_inode
 		inode->i_uid = task->euid;
 		inode->i_gid = task->egid;
 	}
+	// inode->i_xid = vx_task_xid(task);
 	security_task_to_inode(task, inode);
 
 out:
@@ -1392,6 +1399,11 @@ static struct dentry *proc_pident_lookup
 			ei->op.proc_read = proc_pid_wchan;
 			break;
 #endif
+		case PROC_TID_VINFO:
+		case PROC_TGID_VINFO:
+			inode->i_fop = &proc_info_file_operations;
+			ei->op.proc_read = proc_pid_vinfo;
+			break;
 		default:
 			printk("procfs: impossible type (%d)",p->type);
 			iput(inode);
@@ -1584,6 +1596,10 @@ struct dentry *proc_pid_lookup(struct in
 	if (!task)
 		goto out;
 
+	if (tgid != 1 && !vx_check(vx_task_xid(task), VX_WATCH|VX_IDENT)) {
+		put_task_struct(task);
+		goto out;
+	}
 	inode = proc_pid_make_inode(dir->i_sb, task, PROC_TGID_INO);
 
 
@@ -1691,6 +1707,10 @@ static int get_tgid_list(int index, unsi
 	for ( ; p != &init_task; p = next_task(p)) {
 		int tgid = p->pid;
 		if (!pid_alive(p))
+			continue;
+		if (tgid != 1 && !vx_check(vx_task_xid(p), VX_WATCH|VX_IDENT))
+			continue;
+		if (current->vx_info && current->vx_info->vx_initpid == tgid)
 			continue;
 		if (--index >= 0)
 			continue;
diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/generic.c linux-2.6.2-rc1-vs0.05.1/fs/proc/generic.c
--- linux-2.6.2-rc1/fs/proc/generic.c	Fri Jan  9 08:00:12 2004
+++ linux-2.6.2-rc1-vs0.05.1/fs/proc/generic.c	Sat Jan 24 05:45:59 2004
@@ -15,6 +15,7 @@
 #include <linux/module.h>
 #include <linux/mount.h>
 #include <linux/smp_lock.h>
+#include <linux/vinline.h>
 #include <asm/uaccess.h>
 #include <asm/bitops.h>
 
@@ -349,6 +350,8 @@ struct dentry *proc_lookup(struct inode 
 		for (de = de->subdir; de ; de = de->next) {
 			if (de->namelen != dentry->d_name.len)
 				continue;
+			if (!vx_weak_check(0, de->vx_flags))
+				continue;
 			if (!memcmp(dentry->d_name.name, de->name, de->namelen)) {
 				int ino = de->low_ino;
 				error = -EINVAL;
@@ -424,9 +427,12 @@ int proc_readdir(struct file * filp,
 			}
 
 			do {
+				if (!vx_weak_check(0, de->vx_flags))
+					goto skip;
 				if (filldir(dirent, de->name, de->namelen, filp->f_pos,
 					    de->low_ino, de->mode >> 12) < 0)
 					goto out;
+			skip:
 				filp->f_pos++;
 				de = de->next;
 			} while (de);
@@ -538,6 +544,7 @@ static struct proc_dir_entry *proc_creat
 	ent->namelen = len;
 	ent->mode = mode;
 	ent->nlink = nlink;
+	ent->vx_flags = VX_ADMIN;
  out:
 	return ent;
 }
@@ -558,7 +565,8 @@ struct proc_dir_entry *proc_symlink(cons
 				kfree(ent->data);
 				kfree(ent);
 				ent = NULL;
-			}
+			} else
+				ent->vx_flags = 0;
 		} else {
 			kfree(ent);
 			ent = NULL;
diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/inode.c linux-2.6.2-rc1-vs0.05.1/fs/proc/inode.c
--- linux-2.6.2-rc1/fs/proc/inode.c	Fri Jan  9 08:00:02 2004
+++ linux-2.6.2-rc1-vs0.05.1/fs/proc/inode.c	Sat Jan 24 05:45:59 2004
@@ -207,6 +207,8 @@ printk("proc_iget: using deleted entry %
 			inode->i_uid = de->uid;
 			inode->i_gid = de->gid;
 		}
+		if (de->vx_flags)
+			PROC_I(inode)->vx_flags = de->vx_flags;
 		if (de->size)
 			inode->i_size = de->size;
 		if (de->nlink)
diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/root.c linux-2.6.2-rc1-vs0.05.1/fs/proc/root.c
--- linux-2.6.2-rc1/fs/proc/root.c	Fri Jan  9 07:59:55 2004
+++ linux-2.6.2-rc1-vs0.05.1/fs/proc/root.c	Sat Jan 24 05:45:59 2004
@@ -23,6 +23,9 @@ struct proc_dir_entry *proc_net, *proc_b
 #ifdef CONFIG_SYSCTL
 struct proc_dir_entry *proc_sys_root;
 #endif
+struct proc_dir_entry *proc_virtual;
+
+extern void proc_vx_init(void);
 
 static struct super_block *proc_get_sb(struct file_system_type *fs_type,
 	int flags, const char *dev_name, void *data)
@@ -78,6 +81,7 @@ void __init proc_root_init(void)
 	proc_rtas_init();
 #endif
 	proc_bus = proc_mkdir("bus", 0);
+	proc_vx_init();
 }
 
 static struct dentry *proc_root_lookup(struct inode * dir, struct dentry * dentry, struct nameidata *nd)
diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/virtual.c linux-2.6.2-rc1-vs0.05.1/fs/proc/virtual.c
--- linux-2.6.2-rc1/fs/proc/virtual.c	Thu Jan  1 01:00:00 1970
+++ linux-2.6.2-rc1-vs0.05.1/fs/proc/virtual.c	Sat Jan 24 06:42:17 2004
@@ -0,0 +1,548 @@
+/*
+ *  linux/fs/proc/virtual.c
+ *
+ *  Virtual Context Support
+ *
+ *  Copyright (C) 2003-2004  Herbert Pötzl
+ *
+ *  V0.01  basic structure
+ *  V0.02  adaptation vs1.3.0
+ *  V0.03  proc permissions
+ *  V0.04  locking/generic
+ *  V0.05  next generation procfs
+ *  V0.06  inode validation
+ *
+ */
+
+#include <asm/uaccess.h>
+
+#include <linux/config.h>
+#include <linux/errno.h>
+#include <linux/proc_fs.h>
+
+#include <linux/vinline.h>
+
+
+static struct proc_dir_entry *proc_virtual;
+
+enum xid_directory_inos {
+	PROC_XID_INO = 32,
+	PROC_XID_INFO,
+	PROC_XID_STATUS,
+	PROC_XID_LIMIT,
+};
+
+
+
+/* first the actual feeds */
+
+
+static int proc_virtual_info(struct vx_info *vxi, char *buffer)
+{
+	return sprintf(buffer,
+		"VCIVersion:\t%04x:%04x\n"
+		,VCI_VERSION >> 16
+		,VCI_VERSION & 0xFFFF);
+}
+
+
+int proc_xid_info (struct vx_info *vxi, char *buffer)
+{
+	return sprintf(buffer,
+		"ID:\t%d\n"
+		"Info:\t%p\n"
+		"Init:\t%d\n"
+		,vxi->vx_id
+		,vxi
+		,vxi->vx_initpid);
+}
+
+int proc_xid_status (struct vx_info *vxi, char *buffer)
+{
+	return sprintf(buffer,
+		"RefC:\t%d\n"		
+		"Flags:\t%08x\n"
+		"Ticks:\t%d\n"		
+		,atomic_read(&vxi->vx_refcount)
+		,vxi->vx_flags
+		,atomic_read(&vxi->limit.ticks));
+}
+
+int proc_xid_limit (struct vx_info *vxi, char *buffer)
+{
+	return sprintf(buffer,
+		"PROC:\t%8d/%ld\n"
+		"VM:\t%8d/%ld\n"
+		"VML:\t%8d/%ld\n"		
+		"RSS:\t%8d/%ld\n"
+		,atomic_read(&vxi->limit.res[RLIMIT_NPROC])
+		,vxi->limit.rlim[RLIMIT_NPROC]
+		,atomic_read(&vxi->limit.res[RLIMIT_AS])
+		,vxi->limit.rlim[RLIMIT_AS]
+		,atomic_read(&vxi->limit.res[RLIMIT_MEMLOCK])
+		,vxi->limit.rlim[RLIMIT_MEMLOCK]
+		,atomic_read(&vxi->limit.res[RLIMIT_RSS])
+		,vxi->limit.rlim[RLIMIT_RSS]);
+}
+
+
+
+
+/* here the inode helpers */
+
+
+
+#define fake_ino(xid,ino) (((xid)<<16)|(ino))
+
+#define MAX_MULBY10	((~0U-9)/10)
+
+
+static struct inode *proc_xid_make_inode(struct super_block * sb,
+	struct vx_info *vxi, int ino)
+{
+	struct inode *inode = new_inode(sb);
+	xid_t xid = (vxi)?vxi->vx_id:1;
+
+	if (!inode)
+		goto out;
+
+	inode->i_mtime = inode->i_atime =
+		inode->i_ctime = CURRENT_TIME;
+	inode->i_ino = fake_ino(xid, ino);
+
+	inode->u.generic_ip = vxi; /* reference from above */
+	inode->i_uid = 0;
+	inode->i_gid = 0;
+	// inode->i_xid = xid;
+out:
+	return inode;
+}
+
+void proc_xid_delete_inode(struct inode *inode)
+{
+	struct vx_info *vxi = (struct vx_info *)inode->u.generic_ip;
+
+	if (vxi)
+		put_vx_info(vxi);
+}
+
+static int proc_xid_revalidate(struct dentry * dentry, struct nameidata *nd)
+{
+	struct vx_info *vxi = (struct vx_info *)dentry->d_inode->u.generic_ip;
+
+	if (atomic_read(&vxi->limit.res[RLIMIT_NPROC]))
+		return 1;
+        return 0;
+}
+
+
+
+static int proc_xid_delete_dentry(struct dentry * dentry)
+{
+        return 1;
+}
+
+
+
+#define PROC_BLOCK_SIZE (PAGE_SIZE - 1024)
+
+static ssize_t proc_xid_info_read(struct file * file, char * buf,
+			  size_t count, loff_t *ppos)
+{
+	struct inode * inode = file->f_dentry->d_inode;
+	unsigned long page;
+	ssize_t length;
+	ssize_t end;
+	struct vx_info *vxi =
+		(struct vx_info *)inode->u.generic_ip;
+
+	if (count > PROC_BLOCK_SIZE)
+		count = PROC_BLOCK_SIZE;
+	if (!(page = __get_free_page(GFP_KERNEL)))
+		return -ENOMEM;
+
+	length = PROC_I(inode)->op.proc_xid_read(vxi, (char*)page);
+
+	if (length < 0) {
+		free_page(page);
+		return length;
+	}
+	/* Static 4kB (or whatever) block capacity */
+	if (*ppos >= length) {
+		free_page(page);
+		return 0;
+	}
+	if (count + *ppos > length)
+		count = length - *ppos;
+	end = count + *ppos;
+	copy_to_user(buf, (char *) page + *ppos, count);
+	*ppos = end;
+	free_page(page);
+	return count;
+}
+
+
+
+
+
+/* here comes the lower level (xid) */
+
+static struct file_operations proc_xid_info_file_operations = {
+	read:		proc_xid_info_read,
+};
+
+
+struct xid_entry {
+	int type;
+	int len;
+	char *name;
+	mode_t mode;
+};
+
+#define E(type,name,mode) {(type),sizeof(name)-1,(name),(mode)}
+
+static struct xid_entry base_stuff[] = {
+	E(PROC_XID_INFO,	"info",		S_IFREG|S_IRUGO),
+	E(PROC_XID_STATUS,	"status",	S_IFREG|S_IRUGO),
+	E(PROC_XID_LIMIT,	"limit",	S_IFREG|S_IRUGO),
+	{0,0,NULL,0}
+};
+
+static struct dentry *proc_xid_lookup(struct inode *dir,
+	struct dentry *dentry, struct nameidata *nd)
+{
+	struct inode *inode;
+	struct vx_info *vxi;
+	struct xid_entry *p;
+	int error;
+
+	error = -ENOENT;
+	inode = NULL;
+
+	for (p = base_stuff; p->name; p++) {
+		if (p->len != dentry->d_name.len)
+			continue;
+		if (!memcmp(dentry->d_name.name, p->name, p->len))
+			break;
+	}
+	if (!p->name)
+		goto out;
+	vxi = get_vx_info((struct vx_info *)dir->u.generic_ip);
+	if (!vxi)
+		goto out;
+
+	error = -EINVAL;
+	inode = proc_xid_make_inode(dir->i_sb, vxi, p->type);
+	if (!inode)
+		goto out_release;
+
+	switch(p->type) {
+		case PROC_XID_INFO:
+			PROC_I(inode)->op.proc_xid_read = proc_xid_info;
+			break;
+		case PROC_XID_STATUS:
+			PROC_I(inode)->op.proc_xid_read = proc_xid_status;
+			break;
+		case PROC_XID_LIMIT:
+			PROC_I(inode)->op.proc_xid_read = proc_xid_limit;
+			break;
+		default:
+			printk("procfs: impossible type (%d)",p->type);
+			iput(inode);
+			return ERR_PTR(-EINVAL);
+	}
+	inode->i_mode = p->mode;
+//	inode->i_op = &proc_xid_info_inode_operations;
+	inode->i_fop = &proc_xid_info_file_operations;
+	inode->i_nlink = 1;
+	inode->i_flags|=S_IMMUTABLE;
+	
+//	dentry->d_op = &proc_xid_dentry_operations;
+	d_add(dentry, inode);
+	return NULL;
+
+out_release:
+	put_vx_info(vxi);
+out:
+	return ERR_PTR(error);
+}
+
+
+static int proc_xid_readdir(struct file * filp,
+	void * dirent, filldir_t filldir)
+{
+	int i, xid;
+	struct inode *inode = filp->f_dentry->d_inode;
+	struct vx_info *vxi = (struct vx_info *)inode->u.generic_ip;
+	struct xid_entry *p;
+	
+	xid = vxi->vx_id;
+	i = filp->f_pos;
+	switch (i) {
+		case 0:
+			if (filldir(dirent, ".", 1, i,
+				inode->i_ino, DT_DIR) < 0)
+				return 0;
+			i++;
+			filp->f_pos++;
+			/* fall through */
+		case 1:
+			if (filldir(dirent, "..", 2, i,
+				PROC_ROOT_INO, DT_DIR) < 0)
+				return 0;
+			i++;
+			filp->f_pos++;
+			/* fall through */
+		default:
+			i -= 2;
+			if (i>=sizeof(base_stuff)/sizeof(base_stuff[0]))
+				return 1;
+			p = base_stuff + i;
+			while (p->name) {
+				if (filldir(dirent, p->name, p->len,
+					filp->f_pos, fake_ino(xid, p->type),
+					p->mode >> 12) < 0)
+					return 0;
+				filp->f_pos++;
+				p++;
+			}
+	}
+	return 1;
+}
+
+
+
+
+/* now the upper level (virtual) */
+
+static struct file_operations proc_xid_file_operations = {
+	read:		generic_read_dir,
+	readdir:	proc_xid_readdir,
+};
+
+static struct inode_operations proc_xid_inode_operations = {
+	lookup:		proc_xid_lookup,
+};
+
+static struct dentry_operations proc_xid_dentry_operations =
+{
+	d_revalidate:   proc_xid_revalidate,
+	d_delete:       proc_xid_delete_dentry,
+};
+
+
+
+struct dentry *proc_virtual_lookup(struct inode *dir,
+	struct dentry * dentry, struct nameidata *nd)
+{
+	int xid, c;
+	struct vx_info *vxi;
+	const char *name;
+	struct inode *inode;
+	int len;
+
+	xid = 0;
+	name = dentry->d_name.name;
+	len = dentry->d_name.len;
+	if (len == 7 && !memcmp(name, "current", 7)) {
+		inode = new_inode(dir->i_sb);
+		if (!inode)
+			return ERR_PTR(-ENOMEM);
+		inode->i_mtime = inode->i_atime =
+			inode->i_ctime = CURRENT_TIME;
+		inode->i_ino = fake_ino(1, PROC_XID_INO);
+		inode->u.generic_ip = NULL;
+		inode->i_mode = S_IFLNK|S_IRWXUGO;
+		inode->i_uid = inode->i_gid = 0;
+		inode->i_size = 64;
+//		inode->i_op = &proc_current_inode_operations;
+		d_add(dentry, inode);
+		return NULL;
+	}
+	if (len == 4 && !memcmp(name, "info", 4)) {
+		inode = proc_xid_make_inode(dir->i_sb, NULL, PROC_XID_INFO);
+		if (!inode)
+			return ERR_PTR(-ENOMEM);
+		inode->i_fop = &proc_xid_info_file_operations;
+		PROC_I(inode)->op.proc_xid_read = proc_virtual_info;
+		inode->i_mode = S_IFREG|S_IRUGO;
+//		inode->i_size = 64;
+//		inode->i_op = &proc_current_inode_operations;
+		d_add(dentry, inode);
+		return NULL;
+	}
+
+	while (len-- > 0) {
+		c = *name - '0';
+		name++;
+		if (c > 9)
+			goto out;
+		if (xid >= MAX_MULBY10)
+			goto out;
+		xid *= 10;
+		xid += c;
+		if (!xid)
+			goto out;
+	}
+
+	vxi = find_vx_info(xid);
+	if (!vxi)
+		goto out;
+
+	inode = NULL;
+	if (vx_check(xid, VX_ADMIN|VX_WATCH|VX_IDENT))
+		inode = proc_xid_make_inode(dir->i_sb,
+			vxi, PROC_XID_INO);
+	if (!inode)
+		goto out_release;
+
+	inode->i_mode = S_IFDIR|S_IRUGO;
+	inode->i_op = &proc_xid_inode_operations;
+	inode->i_fop = &proc_xid_file_operations;
+	inode->i_nlink = 2;
+	inode->i_flags|=S_IMMUTABLE;
+
+	dentry->d_op = &proc_xid_dentry_operations;
+	d_add(dentry, inode);
+	return NULL;
+	
+out_release:
+	put_vx_info(vxi);
+out:
+	return ERR_PTR(-ENOENT);
+}
+
+
+
+#define PROC_NUMBUF 10
+#define PROC_MAXXIDS 32
+
+
+static int get_xid_list(int index, unsigned int *xids)
+{
+	struct vx_info *p;
+	int nr_xids = 0;
+
+	index--;
+	spin_lock(&vxlist_lock);
+	list_for_each_entry(p, &vx_infos, vx_list) {
+		int xid = p->vx_id;
+
+		if (--index >= 0)
+			continue;
+		xids[nr_xids] = xid;
+		if (++nr_xids >= PROC_MAXXIDS)
+			break;
+	}
+	spin_unlock(&vxlist_lock);
+	return nr_xids;
+}
+
+int proc_virtual_readdir(struct file * filp,
+	void * dirent, filldir_t filldir)
+{
+	unsigned int xid_array[PROC_MAXXIDS];
+	char buf[PROC_NUMBUF];
+	unsigned int nr = filp->f_pos-3;
+	unsigned int nr_xids, i;
+	ino_t ino;
+
+	switch (filp->f_pos) {
+		case 0:
+			ino = fake_ino(0, PROC_XID_INO);
+			if (filldir(dirent, ".", 1,
+				filp->f_pos, ino, DT_DIR) < 0)
+				return 0;
+			filp->f_pos++;
+			/* fall through */
+		case 1:
+			ino = filp->f_dentry->d_parent->d_inode->i_ino;
+			if (filldir(dirent, "..", 2,
+				filp->f_pos, ino, DT_DIR) < 0)
+				return 0;
+			filp->f_pos++;
+			/* fall through */
+		case 2:
+			ino = fake_ino(0, PROC_XID_INFO);
+			if (filldir(dirent, "info", 4,
+				filp->f_pos, ino, DT_LNK) < 0)
+				return 0;
+			filp->f_pos++;
+			/* fall through */
+		case 3:
+			if (current->xid > 1) {
+				ino = fake_ino(1, PROC_XID_INO);
+				if (filldir(dirent, "current", 7,
+					filp->f_pos, ino, DT_LNK) < 0)
+					return 0;
+			}
+			filp->f_pos++;
+		default:
+	}
+
+	nr_xids = get_xid_list(nr, xid_array);
+
+	for (i = 0; i < nr_xids; i++) {
+		int xid = xid_array[i];
+		ino_t ino = fake_ino(xid, PROC_XID_INO);
+		unsigned long j = PROC_NUMBUF;
+
+		do buf[--j] = '0' + (xid % 10); while (xid/=10);
+
+		if (filldir(dirent, buf+j, PROC_NUMBUF-j,
+			filp->f_pos, ino, DT_DIR) < 0)
+			break;
+		filp->f_pos++;
+	}
+	return 0;
+}
+
+
+static struct file_operations proc_virtual_dir_operations = {
+	read:		generic_read_dir,
+	readdir:	proc_virtual_readdir,
+};
+
+static struct inode_operations proc_virtual_dir_inode_operations = {
+	lookup:		proc_virtual_lookup,
+};
+
+
+
+
+
+
+
+void proc_vx_init(void)
+{
+	struct proc_dir_entry *ent;
+
+	ent = proc_mkdir("virtual", 0);
+	if (ent) {
+		ent->proc_fops = &proc_virtual_dir_operations;
+		ent->proc_iops = &proc_virtual_dir_inode_operations;
+	}
+	proc_virtual = ent;
+}
+
+
+
+
+/* per pid info */
+
+
+char *task_vinfo(struct task_struct *p, char *buffer)
+{
+	return buffer + sprintf(buffer,
+		"XID:\t%d\n"
+		,p->xid);
+}
+
+int proc_pid_vinfo(struct task_struct *p, char *buffer)
+{
+	char * orig = buffer;
+
+	buffer = task_vinfo(p, buffer);
+	return buffer - orig;
+}
+
diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/virtual_old.c linux-2.6.2-rc1-vs0.05.1/fs/proc/virtual_old.c
--- linux-2.6.2-rc1/fs/proc/virtual_old.c	Thu Jan  1 01:00:00 1970
+++ linux-2.6.2-rc1-vs0.05.1/fs/proc/virtual_old.c	Sat Jan 24 05:45:59 2004
@@ -0,0 +1,179 @@
+/*
+ *  linux/fs/proc/virtual.c
+ *
+ *  Virtual Context ProcFS Support
+ *
+ *  Copyright (C) 2003  Herbert Pötzl
+ *
+ *  V0.01  basic directory array
+ *  V0.02  per context info & stat
+ *  V0.03  proc permissions
+ *
+ */
+
+#include <asm/uaccess.h>
+
+#include <linux/config.h>
+#include <linux/errno.h>
+#include <linux/proc_fs.h>
+
+#include <linux/init.h>
+#include <linux/vswitch.h>
+#include <linux/vinline.h>
+
+
+extern struct proc_dir_entry *proc_virtual;
+static struct proc_dir_entry *proc_virtual_info;
+
+
+char *task_vinfo(struct task_struct *p, char *buffer)
+{
+	return buffer + sprintf(buffer,
+		"VxID:\t%d\n"
+		,p->vx_id);
+}
+
+int proc_pid_vinfo(struct task_struct *p, char *buffer)
+{
+	char * orig = buffer;
+
+        buffer = task_vinfo(p, buffer);
+        return buffer - orig;
+}
+
+
+static int __generic_info_read_func(char *page, char **start,
+	off_t off, int count, int *eof, void *data,
+	char *(*info_func)(void *, char *))
+{
+	int len;
+	char *buffer = page;
+
+	buffer = info_func(data, buffer);
+
+	len = buffer-page;
+	if (len <= off+count) *eof = 1;
+	
+	*start = page + off;
+	len -= off;
+	if (len>count) len = count;
+	if (len<0) len = 0;
+	return len;
+}
+
+char *vx_proc_info (void *data, char *buffer)
+{
+	struct vx_info *vxi = data;
+	buffer += sprintf(buffer,
+		"VxID:\t%d\n"
+		"Info:\t%p\n"
+		"Init:\t%d\n"
+		,vxi->vx_id
+		,vxi
+		,vxi->vx_initpid);
+	return buffer;
+}
+
+int vx_info_read_func (char *page, char **start,
+	off_t off, int count, int *eof, void *data)
+{
+	return __generic_info_read_func(page, start,
+	    off, count, eof, data, vx_proc_info);
+}
+
+char *vx_proc_status (void *data, char *buffer)
+{
+	struct vx_info *vxi = data;
+	buffer += sprintf(buffer,
+		"RefC:\t%d\n"		
+		"Flags:\t%08x\n"
+		"Ticks:\t%d\n"		
+		,atomic_read(&vxi->vx_refcount)
+		,vxi->vx_flags
+		,atomic_read(&vxi->limit.ticks));
+	return buffer;
+}
+
+int vx_status_read_func (char *page, char **start,
+	off_t off, int count, int *eof, void *data)
+{
+	return __generic_info_read_func(page, start,
+	    off, count, eof, data, vx_proc_status);
+}
+
+
+static int vx_proc_permission(struct inode *inode,
+	int mask, struct nameidata *nd)
+{
+	vxdprintk("vx_proc_permission(%p) = #%d,%04x\n",
+		inode, inode->i_xid, PROC_I(inode)->vx_flags);
+	if (vx_check(inode->i_xid, PROC_I(inode)->vx_flags))
+		return 0;
+	vxdprintk("vx_proc_permission(%p) #%d != #%d\n",
+		inode, inode->i_xid, vx_current_id());
+	return -ENOENT;
+}
+
+static struct inode_operations vx_proc_inode_operations = {
+	.lookup = proc_lookup,
+	.permission = vx_proc_permission,
+};
+
+
+int vx_proc_create(struct vx_info *vxi)
+{
+	struct proc_dir_entry *entry, *sub;
+	char name[8];
+
+	snprintf(name, sizeof(name)-1, "%d", vxi->vx_id);
+	entry = create_proc_entry(name,
+		S_IFDIR|S_IXUGO, proc_virtual);
+	entry->vx_flags = VX_ADMIN|VX_WATCH|VX_IDENT;
+	entry->xid = vxi->vx_id;
+	entry->proc_iops = &vx_proc_inode_operations;
+        vxi->vx_procent = entry;
+	sub = create_proc_read_entry("info",
+		S_IFREG|S_IRUGO|S_IWUSR,
+		entry, vx_info_read_func, vxi);
+	sub = create_proc_read_entry("status",
+		S_IFREG|S_IRUGO|S_IWUSR,
+		entry, vx_status_read_func, vxi);
+	return 0;
+}
+
+int vx_proc_destroy(struct vx_info *vxi)
+{
+	struct proc_dir_entry *entry = vxi->vx_procent;
+	if (!entry)
+	    return 0;
+	remove_proc_entry(entry->name, proc_virtual);
+	vxi->vx_procent = NULL;
+	return 0;
+}
+
+char *vs_proc_info(void *data, char *buffer)
+{
+	buffer += sprintf(buffer,
+		"VCIVersion:\t%04x:%04x\n"
+		,VCI_VERSION >> 16
+		,VCI_VERSION & 0xFFFF);
+	return buffer;
+}
+
+int vs_info_read_func(char *page, char **start,
+	off_t off, int count, int *eof, void *data)
+{
+	return __generic_info_read_func(page, start,
+	    off, count, eof, data, vs_proc_info);
+}
+
+
+static int __init virtual_proc_init(void)
+{
+	proc_virtual_info = create_proc_read_entry("info",
+		S_IFREG|S_IRUGO|S_IWUSR,
+		proc_virtual, vs_info_read_func, NULL);
+	return 0;
+}
+
+__initcall(virtual_proc_init);
diff -NurpP --minimal linux-2.6.2-rc1/fs/reiserfs/ioctl.c linux-2.6.2-rc1-vs0.05.1/fs/reiserfs/ioctl.c
--- linux-2.6.2-rc1/fs/reiserfs/ioctl.c	Fri Jan  9 07:59:26 2004
+++ linux-2.6.2-rc1-vs0.05.1/fs/reiserfs/ioctl.c	Sat Jan 24 06:14:24 2004
@@ -47,7 +47,8 @@ int reiserfs_ioctl (struct inode * inode
 		if (get_user(flags, (int *) arg))
 			return -EFAULT;
 
-		if ( ( ( flags ^ REISERFS_I(inode) -> i_attrs) & ( REISERFS_IMMUTABLE_FL | REISERFS_APPEND_FL)) &&
+		if ( ( ( flags ^ REISERFS_I(inode) -> i_attrs) &
+		   ( REISERFS_IMMUTABLE_FL | REISERFS_IUNLINK_FL | REISERFS_APPEND_FL)) &&
 		     !capable( CAP_LINUX_IMMUTABLE ) )
 			return -EPERM;
 			
diff -NurpP --minimal linux-2.6.2-rc1/include/asm-alpha/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-alpha/unistd.h
--- linux-2.6.2-rc1/include/asm-alpha/unistd.h	Fri Jan  9 07:59:26 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/asm-alpha/unistd.h	Sat Jan 24 06:45:48 2004
@@ -233,6 +233,7 @@
 #define __NR_osf_memcntl	260	/* not implemented */
 #define __NR_osf_fdatasync	261	/* not implemented */
 
+#define __NR_vserver		273
 
 /*
  * Linux-specific system calls begin at 300
diff -NurpP --minimal linux-2.6.2-rc1/include/asm-m68k/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-m68k/unistd.h
--- linux-2.6.2-rc1/include/asm-m68k/unistd.h	Fri Jan  9 07:59:33 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/asm-m68k/unistd.h	Sat Jan 24 06:45:48 2004
@@ -239,7 +239,9 @@
 #define __NR_fremovexattr	234
 #define __NR_futex		235
 
-#define NR_syscalls		236
+#define __NR_vserver		273
+
+#define NR_syscalls		274
 
 /* user-visible error numbers are in the range -1 - -124: see
    <asm-m68k/errno.h> */
diff -NurpP --minimal linux-2.6.2-rc1/include/asm-m68knommu/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-m68knommu/unistd.h
--- linux-2.6.2-rc1/include/asm-m68knommu/unistd.h	Fri Jan  9 07:59:41 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/asm-m68knommu/unistd.h	Sat Jan 24 06:45:48 2004
@@ -221,7 +221,9 @@
 #define __NR_setfsuid32		215
 #define __NR_setfsgid32		216
 
-#define	NR_syscalls		256
+#define __NR_vserver		273
+
+#define	NR_syscalls		274
 
 /* user-visible error numbers are in the range -1 - -122: see
    <asm-m68k/errno.h> */
diff -NurpP --minimal linux-2.6.2-rc1/include/asm-mips/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-mips/unistd.h
--- linux-2.6.2-rc1/include/asm-mips/unistd.h	Fri Jan  9 07:59:05 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/asm-mips/unistd.h	Sat Jan 24 06:45:48 2004
@@ -289,10 +289,12 @@
 #define __NR_tgkill			(__NR_Linux + 266)
 #define __NR_utimes			(__NR_Linux + 267)
 
+#define __NR_vserver			(__NR_Linux + 273)
+
 /*
  * Offset of the last Linux o32 flavoured syscall
  */
-#define __NR_Linux_syscalls		267
+#define __NR_Linux_syscalls		273
 
 #endif /* _MIPS_SIM == _MIPS_SIM_ABI32 */
 
diff -NurpP --minimal linux-2.6.2-rc1/include/asm-parisc/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-parisc/unistd.h
--- linux-2.6.2-rc1/include/asm-parisc/unistd.h	Fri Jan  9 07:59:03 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/asm-parisc/unistd.h	Sat Jan 24 06:45:48 2004
@@ -722,8 +722,9 @@
 #define __NR_remap_file_pages	(__NR_Linux + 227)
 #define __NR_semtimedop		(__NR_Linux + 228)
 
+#define __NR_vserver		(__NR_Linux + 273)
 
-#define __NR_Linux_syscalls     228
+#define __NR_Linux_syscalls     273
 
 #define HPUX_GATEWAY_ADDR       0xC0000004
 #define LINUX_GATEWAY_ADDR      0x100
diff -NurpP --minimal linux-2.6.2-rc1/include/asm-ppc/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-ppc/unistd.h
--- linux-2.6.2-rc1/include/asm-ppc/unistd.h	Sat Jan 24 03:18:18 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/asm-ppc/unistd.h	Sat Jan 24 06:45:48 2004
@@ -261,7 +261,9 @@
 #define __NR_fadvise64_64	254
 #define __NR_rtas		255
 
-#define __NR_syscalls		256
+#define __NR_vserver		273
+
+#define __NR_syscalls		274
 
 #define __NR(n)	#n
 
diff -NurpP --minimal linux-2.6.2-rc1/include/asm-ppc64/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-ppc64/unistd.h
--- linux-2.6.2-rc1/include/asm-ppc64/unistd.h	Sat Jan 24 03:18:18 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/asm-ppc64/unistd.h	Sat Jan 24 06:45:48 2004
@@ -267,7 +267,9 @@
 #define __NR_fadvise64_64	254
 #define __NR_rtas		255
 
-#define __NR_syscalls		256
+#define __NR_vserver		273
+
+#define __NR_syscalls		274
 #ifdef __KERNEL__
 #define NR_syscalls	__NR_syscalls
 #endif
diff -NurpP --minimal linux-2.6.2-rc1/include/asm-s390/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-s390/unistd.h
--- linux-2.6.2-rc1/include/asm-s390/unistd.h	Sat Jan 24 03:18:18 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/asm-s390/unistd.h	Sat Jan 24 06:45:48 2004
@@ -256,9 +256,7 @@
 #define __NR_clock_gettime	(__NR_timer_create+6)
 #define __NR_clock_getres	(__NR_timer_create+7)
 #define __NR_clock_nanosleep	(__NR_timer_create+8)
-/*
- * Number 263 is reserved for vserver
- */
+#define __NR_vserver		263
 #define __NR_fadvise64_64	264
 
 #define NR_syscalls 265
diff -NurpP --minimal linux-2.6.2-rc1/include/asm-sparc/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-sparc/unistd.h
--- linux-2.6.2-rc1/include/asm-sparc/unistd.h	Fri Jan  9 07:59:08 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/asm-sparc/unistd.h	Sat Jan 24 06:45:48 2004
@@ -283,7 +283,7 @@
 #define __NR_timer_getoverrun	264
 #define __NR_timer_delete	265
 #define __NR_timer_create	266
-/* #define __NR_vserver		267 Reserved for VSERVER */
+#define __NR_vserver		267
 #define __NR_io_setup		268
 #define __NR_io_destroy		268
 #define __NR_io_submit		269
diff -NurpP --minimal linux-2.6.2-rc1/include/asm-sparc64/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-sparc64/unistd.h
--- linux-2.6.2-rc1/include/asm-sparc64/unistd.h	Fri Jan  9 07:59:10 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/asm-sparc64/unistd.h	Sat Jan 24 06:45:48 2004
@@ -285,7 +285,7 @@
 #define __NR_timer_getoverrun	264
 #define __NR_timer_delete	265
 #define __NR_timer_create	266
-/* #define __NR_vserver		267 Reserved for VSERVER */
+#define __NR_vserver		267
 #define __NR_io_setup		268
 #define __NR_io_destroy		268
 #define __NR_io_submit		269
diff -NurpP --minimal linux-2.6.2-rc1/include/asm-x86_64/ia32_unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-x86_64/ia32_unistd.h
--- linux-2.6.2-rc1/include/asm-x86_64/ia32_unistd.h	Fri Jan  9 07:59:45 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/asm-x86_64/ia32_unistd.h	Sat Jan 24 06:45:48 2004
@@ -278,6 +278,7 @@
 #define __NR_ia32_tgkill		270
 #define __NR_ia32_utimes		271
 #define __NR_ia32_fadvise64_64		272
+#define __NR_ia32_vserver		273
 
 #define IA32_NR_syscalls 275	/* must be > than biggest syscall! */	
 
diff -NurpP --minimal linux-2.6.2-rc1/include/linux/capability.h linux-2.6.2-rc1-vs0.05.1/include/linux/capability.h
--- linux-2.6.2-rc1/include/linux/capability.h	Fri Jan  9 07:59:19 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/linux/capability.h	Sat Jan 24 06:21:35 2004
@@ -235,6 +235,7 @@ typedef __u32 kernel_cap_t;
 /* Allow enabling/disabling tagged queuing on SCSI controllers and sending
    arbitrary SCSI commands */
 /* Allow setting encryption key on loopback filesystem */
+/* Allow the selection of a security context */
 
 #define CAP_SYS_ADMIN        21
 
@@ -283,6 +284,15 @@ typedef __u32 kernel_cap_t;
 /* Allow taking of leases on files */
 
 #define CAP_LEASE            28
+
+/* Allow quotactl */
+
+#define CAP_QUOTACTL         29
+
+/* Allow context manipulations */
+/* Allow changing context info on files */
+
+#define CAP_CONTEXT          30
 
 #ifdef __KERNEL__
 /* 
diff -NurpP --minimal linux-2.6.2-rc1/include/linux/ext2_fs.h linux-2.6.2-rc1-vs0.05.1/include/linux/ext2_fs.h
--- linux-2.6.2-rc1/include/linux/ext2_fs.h	Fri Jan  9 07:59:09 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/linux/ext2_fs.h	Sat Jan 24 06:14:24 2004
@@ -192,10 +192,12 @@ struct ext2_group_desc
 #define EXT2_NOTAIL_FL			0x00008000 /* file tail should not be merged */
 #define EXT2_DIRSYNC_FL			0x00010000 /* dirsync behaviour (directories only) */
 #define EXT2_TOPDIR_FL			0x00020000 /* Top of directory hierarchies*/
+#define EXT2_BARRIER_FL			0x04000000 /* chroot barrier */
+#define EXT2_IUNLINK_FL			0x08000000 /* Immutable unlink */
 #define EXT2_RESERVED_FL		0x80000000 /* reserved for ext2 lib */
 
-#define EXT2_FL_USER_VISIBLE		0x0003DFFF /* User visible flags */
-#define EXT2_FL_USER_MODIFIABLE		0x000380FF /* User modifiable flags */
+#define EXT2_FL_USER_VISIBLE		0x0c03DFFF /* User visible flags */
+#define EXT2_FL_USER_MODIFIABLE		0x0c0380FF /* User modifiable flags */
 
 /*
  * ioctl commands
diff -NurpP --minimal linux-2.6.2-rc1/include/linux/ext3_fs.h linux-2.6.2-rc1-vs0.05.1/include/linux/ext3_fs.h
--- linux-2.6.2-rc1/include/linux/ext3_fs.h	Fri Jan  9 07:59:44 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/linux/ext3_fs.h	Sat Jan 24 06:14:24 2004
@@ -185,10 +185,12 @@ struct ext3_group_desc
 #define EXT3_NOTAIL_FL			0x00008000 /* file tail should not be merged */
 #define EXT3_DIRSYNC_FL			0x00010000 /* dirsync behaviour (directories only) */
 #define EXT3_TOPDIR_FL			0x00020000 /* Top of directory hierarchies*/
+#define EXT3_BARRIER_FL			0x04000000 /* chroot barrier */
+#define EXT3_IUNLINK_FL			0x08000000 /* Immutable unlink */
 #define EXT3_RESERVED_FL		0x80000000 /* reserved for ext3 lib */
 
-#define EXT3_FL_USER_VISIBLE		0x0003DFFF /* User visible flags */
-#define EXT3_FL_USER_MODIFIABLE		0x000380FF /* User modifiable flags */
+#define EXT3_FL_USER_VISIBLE		0x0c03DFFF /* User visible flags */
+#define EXT3_FL_USER_MODIFIABLE		0x0c0380FF /* User modifiable flags */
 
 /*
  * Inode dynamic state flags
diff -NurpP --minimal linux-2.6.2-rc1/include/linux/fs.h linux-2.6.2-rc1-vs0.05.1/include/linux/fs.h
--- linux-2.6.2-rc1/include/linux/fs.h	Sat Jan 24 03:18:19 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/linux/fs.h	Sat Jan 24 06:18:09 2004
@@ -2,9 +2,9 @@
 #define _LINUX_FS_H
 
 /*
- * This file has definitions for some important file table
- * structures etc.
- */
+* This file has definitions for some important file table
+* structures etc.
+*/
 
 #include <linux/config.h>
 #include <linux/linkage.h>
@@ -30,14 +30,14 @@ struct vm_area_struct;
 struct vfsmount;
 
 /*
- * It's silly to have NR_OPEN bigger than NR_FILE, but you can change
- * the file limit at runtime and only root can increase the per-process
- * nr_file rlimit, so it's safe to set up a ridiculously high absolute
- * upper limit on files-per-process.
- *
- * Some programs (notably those using select()) may have to be 
- * recompiled to take full advantage of the new limits..  
- */
+* It's silly to have NR_OPEN bigger than NR_FILE, but you can change
+* the file limit at runtime and only root can increase the per-process
+* nr_file rlimit, so it's safe to set up a ridiculously high absolute
+* upper limit on files-per-process.
+*
+* Some programs (notably those using select()) may have to be
+* recompiled to take full advantage of the new limits..
+*/
 
 /* Fixed constants first: */
 #undef NR_OPEN
@@ -49,16 +49,16 @@ struct vfsmount;
 
 /* And dynamically-tunable limits and defaults: */
 struct files_stat_struct {
-	int nr_files;		/* read only */
-	int nr_free_files;	/* read only */
-	int max_files;		/* tunable */
+int nr_files;		/* read only */
+int nr_free_files;	/* read only */
+int max_files;		/* tunable */
 };
 extern struct files_stat_struct files_stat;
 
 struct inodes_stat_t {
-	int nr_inodes;
-	int nr_unused;
-	int dummy[5];
+int nr_inodes;
+int nr_unused;
+int dummy[5];
 };
 extern struct inodes_stat_t inodes_stat;
 
@@ -91,11 +91,11 @@ extern int leases_enable, dir_notify_ena
 #define FS_REQUIRES_DEV 1 
 #define FS_REVAL_DOT	16384	/* Check the paths ".", ".." for staleness */
 #define FS_ODD_RENAME	32768	/* Temporary stuff; will go away as soon
-				  * as nfs_rename() will be cleaned up
-				  */
+			  * as nfs_rename() will be cleaned up
+			  */
 /*
- * These are the fs-independent mount-flags: up to 32 flags are supported
- */
+* These are the fs-independent mount-flags: up to 32 flags are supported
+*/
 #define MS_RDONLY	 1	/* Mount read-only */
 #define MS_NOSUID	 2	/* Ignore suid and sgid bits */
 #define MS_NODEV	 4	/* Disallow access to device special files */
@@ -116,14 +116,14 @@ extern int leases_enable, dir_notify_ena
 #define MS_NOUSER	(1<<31)
 
 /*
- * Superblock flags that can be altered by MS_REMOUNT
- */
+* Superblock flags that can be altered by MS_REMOUNT
+*/
 #define MS_RMT_MASK	(MS_RDONLY|MS_SYNCHRONOUS|MS_MANDLOCK|MS_NOATIME|\
-			 MS_NODIRATIME)
+		 MS_NODIRATIME)
 
 /*
- * Old magic mount flag and mask
- */
+* Old magic mount flag and mask
+*/
 #define MS_MGC_VAL 0xC0ED0000
 #define MS_MGC_MSK 0xffff0000
 
@@ -137,6 +137,8 @@ extern int leases_enable, dir_notify_ena
 #define S_DEAD		32	/* removed, but still open directory */
 #define S_NOQUOTA	64	/* Inode is not counted to quota */
 #define S_DIRSYNC	128	/* Directory modifications are synchronous */
+#define S_BARRIER	256	/* chroot barrier */
+#define S_IUNLINK	512	/* Immutable unlink */
 
 /*
  * Note that nosuid etc flags are inode-specific: setting some file-system
@@ -164,11 +166,14 @@ extern int leases_enable, dir_notify_ena
 #define IS_NOQUOTA(inode)	((inode)->i_flags & S_NOQUOTA)
 #define IS_APPEND(inode)	((inode)->i_flags & S_APPEND)
 #define IS_IMMUTABLE(inode)	((inode)->i_flags & S_IMMUTABLE)
+#define IS_IUNLINK(inode)	((inode)->i_flags & S_IUNLINK)
+#define IS_IXUNLINK(inode)	((IS_IUNLINK(inode) ? S_IMMUTABLE : 0) ^ IS_IMMUTABLE(inode))
 #define IS_NOATIME(inode)	(__IS_FLG(inode, MS_NOATIME) || ((inode)->i_flags & S_NOATIME))
 #define IS_NODIRATIME(inode)	__IS_FLG(inode, MS_NODIRATIME)
 #define IS_POSIXACL(inode)	__IS_FLG(inode, MS_POSIXACL)
 #define IS_ONE_SECOND(inode)	__IS_FLG(inode, MS_ONE_SECOND)
 
+#define IS_BARRIER(inode)	((inode)->i_flags & S_BARRIER)
 #define IS_DEADDIR(inode)	((inode)->i_flags & S_DEAD)
 
 /* the read-only stuff doesn't really belong here, but any other place is
diff -NurpP --minimal linux-2.6.2-rc1/include/linux/init_task.h linux-2.6.2-rc1-vs0.05.1/include/linux/init_task.h
--- linux-2.6.2-rc1/include/linux/init_task.h	Fri Jan  9 07:59:08 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/linux/init_task.h	Sat Jan 24 07:24:16 2004
@@ -108,6 +108,10 @@
 	.proc_lock	= SPIN_LOCK_UNLOCKED,				\
 	.switch_lock	= SPIN_LOCK_UNLOCKED,				\
 	.journal_info	= NULL,						\
+	.cap_bset	= CAP_INIT_EFF_SET,				\
+	.xid		= 0,						\
+	.vx_info	= NULL,						\
+	.ip_info	= NULL,						\
 }
 
 
diff -NurpP --minimal linux-2.6.2-rc1/include/linux/ip.h linux-2.6.2-rc1-vs0.05.1/include/linux/ip.h
--- linux-2.6.2-rc1/include/linux/ip.h	Fri Jan  9 07:59:19 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/linux/ip.h	Sat Jan 24 05:46:08 2004
@@ -111,9 +111,11 @@ struct inet_opt {
 	/* Socket demultiplex comparisons on incoming packets. */
 	__u32			daddr;		/* Foreign IPv4 addr */
 	__u32			rcv_saddr;	/* Bound local IPv4 addr */
+	__u32			rcv_saddr2;	/* Second bound ipv4 addr, for ipv4root */
 	__u16			dport;		/* Destination port */
 	__u16			num;		/* Local port */
 	__u32			saddr;		/* Sending source */
+//	__u32			saddr2;		/* Second bound ipv4 addr, for ipv4root */
 	int			uc_ttl;		/* Unicast TTL */
 	int			tos;		/* TOS */
 	unsigned	   	cmsg_flags;
diff -NurpP --minimal linux-2.6.2-rc1/include/linux/proc_fs.h linux-2.6.2-rc1-vs0.05.1/include/linux/proc_fs.h
--- linux-2.6.2-rc1/include/linux/proc_fs.h	Sat Jan 24 03:18:19 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/linux/proc_fs.h	Sat Jan 24 05:45:59 2004
@@ -60,6 +60,7 @@ struct proc_dir_entry {
 	nlink_t nlink;
 	uid_t uid;
 	gid_t gid;
+	int vx_flags;
 	unsigned long size;
 	struct inode_operations * proc_iops;
 	struct file_operations * proc_fops;
@@ -237,12 +238,16 @@ extern void kclist_add(struct kcore_list
 extern struct kcore_list *kclist_del(void *);
 #endif
 
+struct vx_info;
+
 struct proc_inode {
 	struct task_struct *task;
 	int type;
+	int vx_flags;
 	union {
 		int (*proc_get_link)(struct inode *, struct dentry **, struct vfsmount **);
 		int (*proc_read)(struct task_struct *task, char *page);
+		int (*proc_xid_read)(struct vx_info *vxi, char *page);
 	} op;
 	struct proc_dir_entry *pde;
 	struct inode vfs_inode;
diff -NurpP --minimal linux-2.6.2-rc1/include/linux/reiserfs_fs.h linux-2.6.2-rc1-vs0.05.1/include/linux/reiserfs_fs.h
--- linux-2.6.2-rc1/include/linux/reiserfs_fs.h	Fri Jan  9 08:00:02 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/linux/reiserfs_fs.h	Sat Jan 24 22:45:38 2004
@@ -879,6 +879,8 @@ struct stat_data_v1
 /* we want common flags to have the same values as in ext2,
    so chattr(1) will work without problems */
 #define REISERFS_IMMUTABLE_FL EXT2_IMMUTABLE_FL
+#define REISERFS_IUNLINK_FL   EXT2_IUNLINK_FL
+#define REISERFS_BARRIER_FL   EXT2_BARRIER_FL
 #define REISERFS_APPEND_FL    EXT2_APPEND_FL
 #define REISERFS_SYNC_FL      EXT2_SYNC_FL
 #define REISERFS_NOATIME_FL   EXT2_NOATIME_FL
@@ -890,6 +892,7 @@ struct stat_data_v1
 
 /* persistent flags that file inherits from the parent directory */
 #define REISERFS_INHERIT_MASK ( REISERFS_IMMUTABLE_FL |	\
+				REISERFS_IUNLINK_FL |	\
 				REISERFS_SYNC_FL |	\
 				REISERFS_NOATIME_FL |	\
 				REISERFS_NODUMP_FL |	\
diff -NurpP --minimal linux-2.6.2-rc1/include/linux/sched.h linux-2.6.2-rc1-vs0.05.1/include/linux/sched.h
--- linux-2.6.2-rc1/include/linux/sched.h	Sat Jan 24 03:18:19 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/linux/sched.h	Sat Jan 24 05:57:44 2004
@@ -102,6 +102,7 @@ extern unsigned long nr_iowait(void);
 #include <linux/timer.h>
 
 #include <asm/processor.h>
+#include <linux/vserver/context.h>
 
 #define TASK_RUNNING		0
 #define TASK_INTERRUPTIBLE	1
@@ -296,9 +297,10 @@ struct user_struct {
 	/* Hash table maintenance information */
 	struct list_head uidhash_list;
 	uid_t uid;
+	int vx_id;
 };
 
-extern struct user_struct *find_user(uid_t);
+extern struct user_struct *find_user(xid_t, uid_t);
 
 extern struct user_struct root_user;
 #define INIT_USER (&root_user)
@@ -440,6 +442,12 @@ struct task_struct {
 	
 	void *security;
 
+/* vserver data */
+	kernel_cap_t cap_bset;
+	xid_t xid;
+	struct vx_info *vx_info;
+	struct ip_info *ip_info;
+
 /* Thread group tracking */
    	u32 parent_exec_id;
    	u32 self_exec_id;
@@ -561,7 +569,7 @@ extern void set_special_pids(pid_t sessi
 extern void __set_special_pids(pid_t session, pid_t pgrp);
 
 /* per-UID process charging. */
-extern struct user_struct * alloc_uid(uid_t);
+extern struct user_struct * alloc_uid(xid_t, uid_t);
 extern void free_uid(struct user_struct *);
 extern void switch_uid(struct user_struct *);
 
diff -NurpP --minimal linux-2.6.2-rc1/include/linux/types.h linux-2.6.2-rc1-vs0.05.1/include/linux/types.h
--- linux-2.6.2-rc1/include/linux/types.h	Fri Jan  9 07:59:57 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/linux/types.h	Sat Jan 24 05:45:51 2004
@@ -37,6 +37,7 @@ typedef __kernel_uid32_t	uid_t;
 typedef __kernel_gid32_t	gid_t;
 typedef __kernel_uid16_t        uid16_t;
 typedef __kernel_gid16_t        gid16_t;
+typedef unsigned int		xid_t;
 
 #ifdef CONFIG_UID16
 /* This is defined by include/asm-{arch}/posix_types.h */
diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vinline.h linux-2.6.2-rc1-vs0.05.1/include/linux/vinline.h
--- linux-2.6.2-rc1/include/linux/vinline.h	Thu Jan  1 01:00:00 1970
+++ linux-2.6.2-rc1-vs0.05.1/include/linux/vinline.h	Sat Jan 24 05:14:16 2004
@@ -0,0 +1,289 @@
+#ifndef _VX_INLINE_H
+#define _VX_INLINE_H
+
+
+// #define VX_DEBUG
+
+#include <linux/kernel.h>
+#include <linux/sched.h>
+
+#include <linux/vserver/context.h>
+#include <linux/vserver/network.h>
+
+#if defined(VX_DEBUG)
+#define vxdprintk(x...) printk("vxd: " x)
+#else
+#define vxdprintk(x...)
+#endif
+
+
+
+void free_vx_info(struct vx_info *);
+
+extern int proc_pid_vinfo(struct task_struct *, char *);
+
+
+#define get_vx_info(i)	__get_vx_info(i,__FILE__,__LINE__)
+
+static __inline__ struct vx_info *__get_vx_info(struct vx_info *vxi, const char *_file, int _line)
+{
+	/* for now we allow vxi to be null */
+	if (!vxi)
+		return NULL;
+	vxdprintk("get_vx_info(%p[#%d.%d])\t%s:%d\n", vxi,
+		vxi->vx_id, atomic_read(&vxi->vx_refcount),
+		_file, _line);
+	atomic_inc(&vxi->vx_refcount);
+	return vxi;
+}
+
+#define put_vx_info(i)	__put_vx_info(i,__FILE__,__LINE__)
+
+static __inline__ void __put_vx_info(struct vx_info *vxi, const char *_file, int _line)
+{
+	/* for now we allow vxi to be null */
+	if (!vxi)
+		return;
+	vxdprintk("put_vx_info(%p[#%d.%d])\t%s:%d\n", vxi,
+		vxi->vx_id, atomic_read(&vxi->vx_refcount),
+		_file, _line);
+	if (atomic_dec_and_lock(&vxi->vx_refcount, &vxlist_lock)) {
+		list_del(&vxi->vx_list);
+		spin_unlock(&vxlist_lock);
+		free_vx_info(vxi);
+	}
+}
+
+#define task_get_vx_info(i)	__task_get_vx_info(i,__FILE__,__LINE__)
+
+static __inline__ struct vx_info *__task_get_vx_info(struct task_struct *p,
+	const char *_file, int _line)
+{
+	struct vx_info *vxi;
+	
+	task_lock(p);
+	vxi = __get_vx_info(p->vx_info, _file, _line);
+	task_unlock(p);
+	return vxi;
+}
+
+
+#define vx_verify_info(p,i)	\
+	__vx_verify_info((p)->vx_info,i,__FILE__,__LINE__)
+
+static __inline__ void __vx_verify_info(
+	struct vx_info *vxa, struct vx_info *vxb,
+	const char *_file, int _line)
+{
+	if (vxa == vxb)
+		return;
+	printk(KERN_ERR "vx bad assumption (%p==%p) at %s:%d\n",
+		vxa, vxb, _file, _line);
+}
+
+
+#define vx_task_xid(t)   ((t)->xid)
+
+#define vx_current_xid() vx_task_xid(current)
+
+#define vx_check(c,m)	__vx_check(vx_current_xid(),c,m)
+
+#define vx_weak_check(c,m)	((m) ? vx_check(c,m) : 1)
+
+/*
+ * check current context for ADMIN/WATCH and
+ * optionally agains supplied argument
+ */
+static __inline__ int __vx_check(xid_t cid, xid_t id, unsigned int mode)
+{
+	if (mode & VX_ARG_MASK) {
+		if ((mode & VX_IDENT) &&
+			(id == cid))
+			return 1;
+	}
+	if (mode & VX_ATR_MASK) {
+		if ((mode & VX_DYNAMIC) &&
+			(id >= MIN_D_CONTEXT) &&
+			(id <= MAX_S_CONTEXT))
+			return 1;
+		if ((mode & VX_STATIC) &&
+			(id > 1) && (id < MIN_D_CONTEXT))
+			return 1;
+	}
+	return (((mode & VX_ADMIN) && (cid == 0)) ||
+		((mode & VX_WATCH) && (cid == 1)));
+}
+
+
+
+void free_ip_info(struct ip_info *);
+
+#define get_ip_info(i)	__get_ip_info(i,__FILE__,__LINE__)
+
+static __inline__ struct ip_info *__get_ip_info(struct ip_info *ipi, const char *_file, int _line)
+{
+	/* for now we allow vxi to be null */
+	if (!ipi)
+		return NULL;
+	vxdprintk("get_ip_info(%p[%d])\t%s:%d\n", ipi,
+		atomic_read(&ipi->ip_refcount), _file, _line);
+	atomic_inc(&ipi->ip_refcount);
+	return ipi;
+}
+
+#define put_ip_info(i)	__put_ip_info(i,__FILE__,__LINE__)
+
+static __inline__ void __put_ip_info(struct ip_info *ipi, const char *_file, int _line)
+{
+	/* for now we allow vxi to be null */
+	if (!ipi)
+		return;
+	vxdprintk("put_ip_info(%p[%d])\t%s:%d\n", ipi,
+		atomic_read(&ipi->ip_refcount), _file, _line);
+	if (atomic_dec_and_lock(&ipi->ip_refcount, &iplist_lock)) {
+		list_del(&ipi->ip_list);
+		spin_unlock(&iplist_lock);
+		free_ip_info(ipi);
+	}
+}
+
+#define task_get_ip_info(i)	__task_get_ip_info(i,__FILE__,__LINE__)
+
+static __inline__ struct ip_info *__task_get_ip_info(struct task_struct *p,
+	const char *_file, int _line)
+{
+	struct ip_info *ipi;
+	
+	task_lock(p);
+	ipi = __get_ip_info(p->ip_info, _file, _line);
+	task_unlock(p);
+	return ipi;
+}
+
+#define ip_verify_info(p,i)	\
+	__ip_verify_info((p)->ip_info,i,__FILE__,__LINE__)
+
+static __inline__ void __ip_verify_info(
+	struct ip_info *ipa, struct ip_info *ipb,
+	const char *_file, int _line)
+{
+	if (ipa == ipb)
+		return;
+	printk(KERN_ERR "ip bad assumption (%p==%p) at %s:%d\n",
+		ipa, ipb, _file, _line);
+}
+
+
+
+#define VX_DEBUG_ACC_RSS   0
+#define VX_DEBUG_ACC_VM    0
+#define VX_DEBUG_ACC_VML   0
+
+
+#define vx_acc_page(m, d, v, r) \
+	__vx_acc_page(&(m->v), m->mm_vx_info, r, d, __FILE__, __LINE__)
+
+static inline void __vx_acc_page(unsigned long *v, struct vx_info *vxi,
+                int res, int dir, char *file, int line)
+{
+        if (v) {
+                if (dir > 0)
+                        ++(*v);
+                else
+                        --(*v);
+        }
+        if (vxi) {
+                if (dir > 0)
+                        atomic_inc(&vxi->limit.res[res]);
+                else
+                        atomic_dec(&vxi->limit.res[res]);
+        }
+}
+
+
+#define vx_acc_pages(m, p, v, r) \
+	__vx_acc_pages(&(m->v), m->mm_vx_info, r, p, __FILE__, __LINE__)
+
+static inline void __vx_acc_pages(unsigned long *v, struct vx_info *vxi,
+                int res, int pages, char *file, int line)
+{
+        if ((pages > 1 || pages < -1) &&
+                ((res == RLIMIT_RSS && VX_DEBUG_ACC_RSS) ||
+                 (res == RLIMIT_AS && VX_DEBUG_ACC_VM) ||
+                 (res == RLIMIT_MEMLOCK && VX_DEBUG_ACC_VML)))
+                vxdprintk("vx_acc_pages  [%5d,%2d]: %5d += %5d in %s:%d\n",
+                        (vxi?vxi->vx_id:-1), res,
+                        (vxi?atomic_read(&vxi->limit.res[res]):0),
+			pages, file, line);
+        if (pages == 0)
+                return;
+        if (v)
+                *v += pages;
+        if (vxi)
+                atomic_add(pages, &vxi->limit.res[res]);
+}
+
+
+
+#define vx_acc_vmpage(m,d)     vx_acc_page(m, d, total_vm,  RLIMIT_AS)
+#define vx_acc_vmlpage(m,d)    vx_acc_page(m, d, locked_vm, RLIMIT_MEMLOCK)
+#define vx_acc_rsspage(m,d)    vx_acc_page(m, d, rss,	    RLIMIT_RSS)
+
+#define vx_acc_vmpages(m,p)    vx_acc_pages(m, p, total_vm,  RLIMIT_AS)
+#define vx_acc_vmlpages(m,p)   vx_acc_pages(m, p, locked_vm, RLIMIT_MEMLOCK)
+#define vx_acc_rsspages(m,p)   vx_acc_pages(m, p, rss,       RLIMIT_RSS)
+
+#define vx_pages_add(s,r,p)    __vx_acc_pages(0, s, r, p, __FILE__, __LINE__)
+#define vx_pages_sub(s,r,p)    __vx_pages_add(s, r, -(p))
+
+#define vx_vmpages_inc(m)      vx_acc_vmpage(m, 1)
+#define vx_vmpages_dec(m)      vx_acc_vmpage(m,-1)
+#define vx_vmpages_add(m,p)    vx_acc_vmpages(m, p)
+#define vx_vmpages_sub(m,p)    vx_acc_vmpages(m,-(p))
+
+#define vx_vmlocked_inc(m)     vx_acc_vmlpage(m, 1)
+#define vx_vmlocked_dec(m)     vx_acc_vmlpage(m,-1)
+#define vx_vmlocked_add(m,p)   vx_acc_vmlpages(m, p)
+#define vx_vmlocked_sub(m,p)   vx_acc_vmlpages(m,-(p))
+
+#define vx_rsspages_inc(m)     vx_acc_rsspage(m, 1)
+#define vx_rsspages_dec(m)     vx_acc_rsspage(m,-1)
+#define vx_rsspages_add(m,p)   vx_acc_rsspages(m, p)
+#define vx_rsspages_sub(m,p)   vx_acc_rsspages(m,-(p))
+
+
+
+#define vx_pages_avail(m, p, r) \
+        __vx_pages_avail((m)->mm_vx_info, (r), (p), __FILE__, __LINE__)
+
+static inline int __vx_pages_avail(struct vx_info *vxi,
+                int res, int pages, char *file, int line)
+{
+        if ((res == RLIMIT_RSS && VX_DEBUG_ACC_RSS) ||
+                (res == RLIMIT_AS && VX_DEBUG_ACC_VM) ||
+                (res == RLIMIT_MEMLOCK && VX_DEBUG_ACC_VML))
+                printk("vx_pages_avail[%5d,%2d]: %5ld > %5d + %5d in %s:%d\n",
+                        (vxi?vxi->vx_id:-1), res,
+			(vxi?vxi->limit.rlim[res]:1),
+                        (vxi?atomic_read(&vxi->limit.res[res]):0),
+			pages, file, line);
+        if (!vxi)
+                return 1;
+        if (vxi->limit.rlim[res] == RLIM_INFINITY)
+                return 1;
+        if (vxi->limit.rlim[res] < atomic_read(&vxi->limit.res[res]) + pages)
+                return 0;
+        return 1;
+}
+
+#define vx_vmpages_avail(m,p)  vx_pages_avail(m, p, RLIMIT_AS)
+#define vx_vmlocked_avail(m,p) vx_pages_avail(m, p, RLIMIT_MEMLOCK)
+#define vx_rsspages_avail(m,p) vx_pages_avail(m, p, RLIMIT_RSS)
+
+/* procfs ioctls */
+
+#define	FIOC_GETXFLG	_IOR('x', 5, long)
+#define	FIOC_SETXFLG	_IOW('x', 6, long)
+
+
+#endif
diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/context.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/context.h
--- linux-2.6.2-rc1/include/linux/vserver/context.h	Thu Jan  1 01:00:00 1970
+++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/context.h	Sat Jan 24 06:06:06 2004
@@ -0,0 +1,134 @@
+#ifndef _VX_CONTEXT_H
+#define _VX_CONTEXT_H
+
+	
+#include <linux/types.h>
+
+
+#define MAX_S_CONTEXT	65535	/* Arbitrary limit */
+#define MIN_D_CONTEXT	49152	/* dynamic contexts start here */
+
+#define VX_DYNAMIC_ID	(-1UL)	/* id for dynamic context */
+
+
+#include <linux/utsname.h>
+
+struct _vx_virt {
+	int nr_threads;
+	int nr_running;
+	int max_threads;
+	unsigned long total_forks;
+
+	unsigned int bias_cswtch;
+	long bias_jiffies;
+	long bias_idle;
+
+	struct new_utsname utsname;
+};
+
+
+#include <linux/list.h>
+#include <linux/spinlock.h>
+#include <asm/atomic.h>
+
+#include <linux/vserver/limit.h>
+#include <linux/vserver/sched.h>
+
+struct vx_info {
+	struct list_head vx_list;		/* linked list of contexts */
+	xid_t vx_id;				/* context id */
+	atomic_t vx_refcount;			/* refcount */
+	struct vx_info *vx_parent;		/* parent context */
+
+	struct proc_dir_entry *vx_procent;	/* proc entry */
+	unsigned int vx_flags;			/* VX_INFO_xxx */
+	pid_t vx_initpid;			/* PID of fake init process */
+
+	struct _vx_virt virt;			/* virtual/bias stuff */
+	struct _vx_limit limit;			/* vserver limits */
+	struct _vx_sched sched;			/* vserver scheduler */
+
+	char vx_name[65];			/* vserver name */
+};
+
+
+extern spinlock_t vxlist_lock;
+extern struct list_head vx_infos;
+
+
+#define	VX_ADMIN	0x0001
+#define	VX_WATCH	0x0002
+#define VX_DUMMY	0x0008
+
+#define	VX_IDENT	0x0010
+#define	VX_EQUIV	0x0020
+#define	VX_PARENT	0x0040
+#define	VX_CHILD	0x0080
+
+#define	VX_ARG_MASK	0x00F0
+
+#define	VX_DYNAMIC	0x0100
+#define	VX_STATIC	0x0200
+
+#define	VX_ATR_MASK	0x0F00
+
+
+void free_vx_info(struct vx_info *);
+
+extern struct vx_info *find_vx_info(int);
+extern struct vx_info *find_or_create_vx_info(int);
+
+
+#include <linux/vserver/switch.h>
+
+/* vinfo commands */
+
+#define	VCMD_task_xid		VC_CMD(VINFO, 1, 0)
+#define	VCMD_task_nid		VC_CMD(VINFO, 2, 0)
+
+extern int vc_task_xid(uint32_t, void *);
+
+
+#define	VCMD_vx_info		VC_CMD(VINFO, 5, 0)
+#define	VCMD_nx_info		VC_CMD(VINFO, 6, 0)
+
+struct  vcmd_vx_info_v0 {
+	uint32_t xid;
+	uint32_t initpid;
+	/* more to come */	
+};
+
+extern int vc_vx_info(uint32_t, void *);
+
+
+/* virtual host info names */
+
+#define	VCMD_vx_set_vhi_name	VC_CMD(VHOST, 1, 0)
+#define	VCMD_vx_get_vhi_name	VC_CMD(VHOST, 2, 0)
+
+extern int vc_set_vhi_name(uint32_t, void *);
+extern int vc_get_vhi_name(uint32_t, void *);
+
+struct  vcmd_vx_vhi_name_v0 {
+	uint32_t field;
+	char name[65];
+};
+
+
+enum vx_vhi_name_field {
+	VHIN_CONTEXT=0,
+	VHIN_SYSNAME,
+	VHIN_NODENAME,
+	VHIN_RELEASE,
+	VHIN_VERSION,
+	VHIN_MACHINE,
+	VHIN_DOMAINNAME,
+};
+
+
+// EXPORT_SYMBOL_GPL(vxlist_lock);
+// EXPORT_SYMBOL_GPL(vx_infos);
+
+// EXPORT_SYMBOL_GPL(find_vx_info);
+
+#endif
diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/inode.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/inode.h
--- linux-2.6.2-rc1/include/linux/vserver/inode.h	Thu Jan  1 01:00:00 1970
+++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/inode.h	Sat Jan 24 05:45:51 2004
@@ -0,0 +1,41 @@
+#ifndef _VX_INODE_H
+#define _VX_INODE_H
+
+
+#include <linux/vserver/switch.h>
+
+/*  inode vserver commands */
+
+#define VCMD_get_iattr		VC_CMD(INODE, 1, 0)
+#define VCMD_set_iattr		VC_CMD(INODE, 2, 0)
+
+struct  vcmd_ctx_iattr_v0 {
+	/* device handle in id */
+	uint64_t ino;
+	uint32_t xid;
+	uint32_t flags;
+	uint32_t mask;
+};
+
+#define IATTR_XID	0x01000000
+
+#define IATTR_ADMIN	0x00000001
+#define IATTR_WATCH	0x00000002
+#define IATTR_HIDE	0x00000004
+#define IATTR_FLAGS	0x00000007
+
+#define IATTR_BARRIER	0x00010000
+#define	IATTR_IUNLINK	0x00020000
+
+
+extern int vc_get_iattr(uint32_t, void *);
+extern int vc_set_iattr(uint32_t, void *);
+
+
+/* inode ioctls */
+
+#define	FIOC_GETXFLG	_IOR('x', 5, long)
+#define	FIOC_SETXFLG	_IOW('x', 6, long)
+
+
+#endif
diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/legacy.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/legacy.h
--- linux-2.6.2-rc1/include/linux/vserver/legacy.h	Thu Jan  1 01:00:00 1970
+++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/legacy.h	Sat Jan 24 05:14:16 2004
@@ -0,0 +1,57 @@
+#ifndef _VX_LEGACY_H
+#define _VX_LEGACY_H
+
+
+#include <linux/vserver/switch.h>
+#include <linux/vserver/network.h>
+
+/*  compatibiliy vserver commands */
+
+#define VCMD_new_s_context	VC_CMD(COMPAT, 1, 1)
+#define VCMD_set_ipv4root	VC_CMD(COMPAT, 2, 3)
+
+/*  compatibiliy vserver arguments */
+
+struct  vcmd_new_s_context_v1 {
+	uint32_t remove_cap;
+	uint32_t flags;
+};
+
+struct  vcmd_set_ipv4root_v3 {
+	/* number of pairs in id */
+	uint32_t broadcast;
+	struct {
+		uint32_t ip;
+		uint32_t mask;
+	} ip_mask_pair[NB_IPV4ROOT];
+};
+
+
+#define VX_INFO_LOCK		1	/* Can't request a new vx_id */
+#define VX_INFO_SCHED		2	/* All process in the vx_id */
+					/* Contribute to the schedular */
+#define VX_INFO_NPROC		4	/* Limit number of processes in a context */
+#define VX_INFO_PRIVATE		8	/* Noone can join this security context */
+#define VX_INFO_INIT		16	/* This process wants to become the */
+					/* logical process 1 of the security */
+					/* context */
+#define VX_INFO_HIDEINFO	32	/* Hide some information in /proc */
+#define VX_INFO_ULIMIT		64	/* Use ulimit of the current process */
+					/* to become the global limits */
+					/* of the context */
+	
+#define MAX_S_CONTEXT	65535	/* Arbitrary limit */
+#define MIN_D_CONTEXT	49152	/* dynamic contexts start here */
+
+#define VX_DYNAMIC_ID	(-1UL)	/* id for dynamic context */
+
+#define NB_S_CONTEXT	16
+
+#define NB_IPV4ROOT	16
+
+
+extern int vc_new_s_context(uint32_t, void *);
+extern int vc_set_ipv4root(uint32_t, void *);
+
+
+#endif
diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/limit.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/limit.h
--- linux-2.6.2-rc1/include/linux/vserver/limit.h	Thu Jan  1 01:00:00 1970
+++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/limit.h	Sat Jan 24 05:54:14 2004
@@ -0,0 +1,49 @@
+#ifndef _VX_LIMIT_H
+#define _VX_LIMIT_H
+
+
+#include <linux/vserver/switch.h>
+
+/*  rlimit vserver commands */
+
+#define VCMD_get_rlimit		VC_CMD(RLIMIT, 1, 0)
+#define VCMD_set_rlimit		VC_CMD(RLIMIT, 2, 0)
+#define VCMD_get_rlimit_mask	VC_CMD(RLIMIT, 3, 0)
+
+struct  vcmd_ctx_rlimit_v0 {
+	uint32_t id;
+	uint64_t minimum;
+	uint64_t softlimit;
+	uint64_t maximum;
+};
+
+struct  vcmd_ctx_rlimit_mask_v0 {
+	uint32_t minimum;
+	uint32_t softlimit;
+	uint32_t maximum;
+};
+
+#define CRLIM_UNSET		(0ULL)
+#define CRLIM_INFINITY		(~0ULL)
+#define CRLIM_KEEP		(~1ULL)
+
+
+extern int vc_get_rlimit(uint32_t, void *);
+extern int vc_set_rlimit(uint32_t, void *);
+extern int vc_get_rlimit_mask(uint32_t, void *);
+
+
+#include <asm/atomic.h>
+#include <asm/resource.h>
+
+/* context sub struct */
+
+struct _vx_limit {
+	atomic_t ticks;
+
+	unsigned long rlim[RLIM_NLIMITS];	/* Per context limit */
+	atomic_t res[RLIM_NLIMITS];		/* Current value */
+};
+
+
+#endif
diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/network.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/network.h
--- linux-2.6.2-rc1/include/linux/vserver/network.h	Thu Jan  1 01:00:00 1970
+++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/network.h	Sat Jan 24 05:46:08 2004
@@ -0,0 +1,43 @@
+#ifndef _VX_NETWORK_H
+#define _VX_NETWORK_H
+
+
+#define NB_IPV4ROOT	16
+
+#include <linux/list.h>
+#include <linux/spinlock.h>
+#include <linux/utsname.h>
+#include <asm/resource.h>
+#include <asm/atomic.h>
+
+
+struct ip_info {
+	struct list_head ip_list;		/* linked list of ipinfos */
+	atomic_t ip_refcount;
+	int nbipv4;
+	__u32 ipv4[NB_IPV4ROOT];/* Process can only bind to these IPs */
+				/* The first one is used to connect */
+				/* and for bind any service */
+				/* The other must be used explicity when */
+				/* binding */
+	__u32 mask[NB_IPV4ROOT];/* Netmask for each ipv4 */
+				/* Used to select the proper source address */
+				/* for sockets */
+	__u32 v4_bcast;	/* Broadcast address used to receive UDP packets */
+};
+
+
+extern spinlock_t iplist_lock;
+extern struct list_head ip_infos;
+
+
+void free_ip_info(struct ip_info *);
+struct ip_info *create_ip_info(void);
+
+
+// EXPORT_SYMBOL_GPL(iplist_lock);
+// EXPORT_SYMBOL_GPL(ip_infos);
+
+// EXPORT_SYMBOL_GPL(find_ip_info);
+
+#endif
diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/sched.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/sched.h
--- linux-2.6.2-rc1/include/linux/vserver/sched.h	Thu Jan  1 01:00:00 1970
+++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/sched.h	Sat Jan 24 06:12:29 2004
@@ -0,0 +1,42 @@
+#ifndef _VX_SCHED_H
+#define _VX_SCHED_H
+
+
+#include <linux/vserver/switch.h>
+
+/*  sched vserver commands */
+
+#define VCMD_set_sched		VC_CMD(SYSTEST, 1, 1)
+
+/* Options - these ones enable or disable the CTX_SCHED flag */
+#define TBF_SCHED_ENABLE       0x0001
+#define TBF_SCHED_DISABLE      0x0002
+
+struct  vcmd_set_sched_v1 {
+	uint32_t options;
+
+	int32_t fill_rate;
+	int32_t period;
+	int32_t fill_level;
+	int32_t bucket_size;
+};
+
+
+extern int vc_set_sched(uint32_t, void *);
+
+#include <linux/spinlock.h>
+
+/* context sub struct */
+
+struct _vx_sched {
+	spinlock_t tokens_lock; /* lock for this structure */
+
+	int tokens;		/* number of CPU tokens in this context */
+	int tokens_fr;	/* Fill rate: add X tokens... */
+	int tokens_div;	/* Divisor:   per Y jiffies   */
+	int tokens_max;	/* Limit:     no more than N tokens */
+	uint32_t tokens_jfy;    /* add an integral multiple of Y to this */
+};
+
+
+#endif
diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/signal.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/signal.h
--- linux-2.6.2-rc1/include/linux/vserver/signal.h	Thu Jan  1 01:00:00 1970
+++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/signal.h	Sat Jan 24 06:02:39 2004
@@ -0,0 +1,20 @@
+#ifndef _VX_SIGNAL_H
+#define _VX_SIGNAL_H
+
+	
+#include <linux/vserver/switch.h>
+
+/*  context signalling */
+
+#define VCMD_ctx_kill		VC_CMD(PROCTRL, 1, 0)
+
+struct  vcmd_ctx_kill_v0 {
+	int32_t pid;
+	int32_t sig;
+};
+
+
+extern int vc_ctx_kill(uint32_t, void *);
+
+
+#endif
diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/switch.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/switch.h
--- linux-2.6.2-rc1/include/linux/vserver/switch.h	Thu Jan  1 01:00:00 1970
+++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/switch.h	Sat Jan 24 05:14:16 2004
@@ -0,0 +1,82 @@
+#ifndef _LINUX_VIRTUAL_H
+#define _LINUX_VIRTUAL_H
+
+#include <linux/types.h>
+
+#define VC_CATEGORY(c)		(((c) >> 24) & 0x3F)
+#define VC_COMMAND(c)		(((c) >> 16) & 0xFF)
+#define VC_VERSION(c)		((c) & 0xFFF)
+
+#define VC_CMD(c,i,v)		((((VC_CAT_ ## c) & 0x3F) << 24) \
+				| (((i) & 0xFF) << 16) | ((v) & 0xFFF))
+
+/*
+
+  Syscall Matrix V2.4
+
+         |VERSION|CREATE |MODIFY |MIGRATE|CONTROL|EXPERIM| |SPECIAL|SPECIAL|
+         |STATS  |DESTROY|ALTER  |CHANGE |LIMIT  |TEST   | |       |       |
+         |INFO   |SETUP  |       |MOVE   |       |       | |       |       |
+  -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
+  SYSTEM |VERSION|       |       |       |       |       | |DEVICES|       |
+  HOST   |     00|     01|     02|     03|     04|     05| |     06|     07|
+  -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
+  CPU    |       |       |       |       |       |       | |SCHED. |       |
+  PROCESS|     08|     09|     10|     11|     12|     13| |     14|     15|
+  -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
+  MEMORY |       |       |       |       |       |       | |SWAP   |       |
+         |     16|     17|     18|     19|     20|     21| |     22|     23|
+  -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
+  NETWORK|       |       |       |       |       |       | |SERIAL |       |
+         |     24|     25|     26|     27|     28|     29| |     30|     31|
+  -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
+  DISK   |       |       |       |       |       |       | |INODE  |       |
+  VFS    |     32|     33|     34|     35|     36|     37| |     38|     39|
+  -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
+  OTHER  |       |       |       |       |       |       | |VINFO  |       |
+         |     40|     41|     42|     43|     44|     45| |     46|     47|
+  =======+=======+=======+=======+=======+=======+=======+ +=======+=======+
+  SPECIAL|       |       |       |       |       |       | |       |       |
+         |     48|     49|     50|     51|     52|     53| |     54|     55|
+  -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
+  SPECIAL|       |       |       |       |RLIMIT |SYSCALL| |       |COMPAT |
+         |     56|     57|     58|     59|     60|TEST 61| |     62|     63|
+  -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
+
+*/
+
+#define VC_CAT_VERSION		0
+
+#define	VC_CAT_VHOST		2
+	
+#define VC_CAT_PROCTRL		12
+
+#define VC_CAT_SCHED		14
+#define VC_CAT_INODE		38
+
+#define	VC_CAT_VINFO		46
+
+#define VC_CAT_RLIMIT		60
+
+#define VC_CAT_SYSTEST		61
+#define VC_CAT_COMPAT		63
+	
+/*  interface version */
+
+#define VCI_VERSION		0x00010010
+
+
+/*  query version */
+
+#define VCMD_get_version	VC_CMD(VERSION, 0, 0)
+
+
+#include <linux/errno.h>
+
+#define	ENOTSUP		ENOTSUPP
+
+
+// EXPORT_SYMBOL_GPL(sys_vserver);
+
+
+#endif /* _LINUX_VIRTUAL_H */
diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver.h
--- linux-2.6.2-rc1/include/linux/vserver.h	Thu Jan  1 01:00:00 1970
+++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver.h	Sat Jan 24 05:14:16 2004
@@ -0,0 +1,8 @@
+#ifndef _LINUX_VSERVER_H
+#define _LINUX_VSERVER_H
+
+#include <linux/vserver/context.h>
+#include <linux/vserver/network.h>
+#include <linux/vinline.h>
+
+#endif
diff -NurpP --minimal linux-2.6.2-rc1/include/net/route.h linux-2.6.2-rc1-vs0.05.1/include/net/route.h
--- linux-2.6.2-rc1/include/net/route.h	Fri Jan  9 07:59:02 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/net/route.h	Sat Jan 24 05:46:08 2004
@@ -33,6 +33,7 @@
 #include <linux/route.h>
 #include <linux/ip.h>
 #include <linux/cache.h>
+#include <linux/vinline.h>
 
 #ifndef __KERNEL__
 #warning This file is not supposed to be used outside of kernel.
@@ -160,6 +161,45 @@ static inline int ip_route_connect(struc
 					 .dport = dport } } };
 
 	int err;
+	struct ip_info *ip_info = current->ip_info;
+	if (ip_info) {
+		__u32 ipv4root = ip_info->ipv4[0];
+		if (ipv4root) {
+			int n = ip_info->nbipv4;
+			if (src == 0) {
+				if (n > 1) {
+					u32 foundsrc;
+					int i;
+					err = __ip_route_output_key(rp, &fl);
+					if (err)
+						return err;
+					foundsrc = (*rp)->rt_src;
+					ip_rt_put(*rp);
+					for (i=0; i<n; i++){
+						u32 mask = ip_info->mask[i];
+						u32 ipv4 = ip_info->ipv4[i];
+						u32 netipv4 = ipv4 & mask;
+						if ((foundsrc & mask) == netipv4) {
+							src = ipv4;
+							break;
+						}
+					}
+				}
+				if (src == 0)
+					src = dst == 0x0100007f
+						? 0x0100007f: ipv4root;
+			} else {
+				int i;
+				for (i=0; i<n; i++) {
+					if (ip_info->ipv4[i] == src) break;
+				}
+				if (i == n)
+					return -EPERM;
+			}
+			if (dst == 0x0100007f && !vx_check(0, VX_ADMIN))
+				dst = ipv4root;
+		}
+	}
 	if (!dst || !src) {
 		err = __ip_route_output_key(rp, &fl);
 		if (err)
diff -NurpP --minimal linux-2.6.2-rc1/include/net/sock.h linux-2.6.2-rc1-vs0.05.1/include/net/sock.h
--- linux-2.6.2-rc1/include/net/sock.h	Sat Jan 24 03:18:19 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/net/sock.h	Sat Jan 24 05:46:08 2004
@@ -50,6 +50,7 @@
 #include <linux/security.h>
 
 #include <linux/filter.h>
+#include <linux/vinline.h>
 
 #include <asm/atomic.h>
 #include <net/dst.h>
@@ -109,6 +110,8 @@ struct sock_common {
 	struct hlist_node	skc_node;
 	struct hlist_node	skc_bind_node;
 	atomic_t		skc_refcnt;
+	xid_t			skc_xid;
+	struct ip_info		*skc_ip_info;
 };
 
 /**
@@ -186,6 +189,8 @@ struct sock {
 #define sk_node			__sk_common.skc_node
 #define sk_bind_node		__sk_common.skc_bind_node
 #define sk_refcnt		__sk_common.skc_refcnt
+#define sk_xid			__sk_common.skc_xid
+#define sk_ip_info		__sk_common.skc_ip_info
 	volatile unsigned char	sk_zapped;
 	unsigned char		sk_shutdown;
 	unsigned char		sk_use_write_queue;
diff -NurpP --minimal linux-2.6.2-rc1/include/net/tcp.h linux-2.6.2-rc1-vs0.05.1/include/net/tcp.h
--- linux-2.6.2-rc1/include/net/tcp.h	Sat Jan 24 03:18:19 2004
+++ linux-2.6.2-rc1-vs0.05.1/include/net/tcp.h	Sat Jan 24 05:46:08 2004
@@ -195,6 +195,8 @@ struct tcp_tw_bucket {
 #define tw_node			__tw_common.skc_node
 #define tw_bind_node		__tw_common.skc_bind_node
 #define tw_refcnt		__tw_common.skc_refcnt
+#define tw_xid			__tw_common.skc_xid
+#define tw_ip_info		__tw_common.skc_ip_info
 	volatile unsigned char	tw_substate;
 	unsigned char		tw_rcv_wscale;
 	__u16			tw_sport;
diff -NurpP --minimal linux-2.6.2-rc1/kernel/Makefile linux-2.6.2-rc1-vs0.05.1/kernel/Makefile
--- linux-2.6.2-rc1/kernel/Makefile	Fri Jan  9 07:59:10 2004
+++ linux-2.6.2-rc1-vs0.05.1/kernel/Makefile	Sat Jan 24 05:14:16 2004
@@ -8,6 +8,11 @@ obj-y     = sched.o fork.o exec_domain.o
 	    signal.o sys.o kmod.o workqueue.o pid.o \
 	    rcupdate.o intermodule.o extable.o params.o posix-timers.o
 
+# mod-subdirs := vserver
+
+subdir-y  += vserver
+obj-y	  += vserver/vserver.o
+
 obj-$(CONFIG_FUTEX) += futex.o
 obj-$(CONFIG_GENERIC_ISA_DMA) += dma.o
 obj-$(CONFIG_SMP) += cpu.o
diff -NurpP --minimal linux-2.6.2-rc1/kernel/sys.c linux-2.6.2-rc1-vs0.05.1/kernel/sys.c
--- linux-2.6.2-rc1/kernel/sys.c	Sat Jan 24 03:18:19 2004
+++ linux-2.6.2-rc1-vs0.05.1/kernel/sys.c	Sat Jan 24 06:15:34 2004
@@ -23,6 +23,7 @@
 #include <linux/security.h>
 #include <linux/dcookies.h>
 #include <linux/suspend.h>
+#include <linux/vinline.h>
 
 #include <asm/uaccess.h>
 #include <asm/io.h>
@@ -317,7 +318,7 @@ asmlinkage long sys_setpriority(int whic
 			if (!who)
 				user = current->user;
 			else
-				user = find_user(who);
+				user = find_user(vx_current_xid(), who);
 
 			if (!user)
 				goto out_unlock;
@@ -376,7 +377,7 @@ asmlinkage long sys_getpriority(int whic
 			if (!who)
 				user = current->user;
 			else
-				user = find_user(who);
+				user = find_user(vx_current_xid(), who);
 
 			if (!user)
 				goto out_unlock;
@@ -617,7 +618,7 @@ static int set_user(uid_t new_ruid, int 
 {
 	struct user_struct *new_user;
 
-	new_user = alloc_uid(new_ruid);
+	new_user = alloc_uid(vx_current_xid(), new_ruid);
 	if (!new_user)
 		return -EAGAIN;
 
diff -NurpP --minimal linux-2.6.2-rc1/kernel/user.c linux-2.6.2-rc1-vs0.05.1/kernel/user.c
--- linux-2.6.2-rc1/kernel/user.c	Fri Jan  9 07:59:26 2004
+++ linux-2.6.2-rc1-vs0.05.1/kernel/user.c	Sat Jan 24 05:45:51 2004
@@ -20,8 +20,8 @@
 #define UIDHASH_BITS		8
 #define UIDHASH_SZ		(1 << UIDHASH_BITS)
 #define UIDHASH_MASK		(UIDHASH_SZ - 1)
-#define __uidhashfn(uid)	(((uid >> UIDHASH_BITS) + uid) & UIDHASH_MASK)
-#define uidhashentry(uid)	(uidhash_table + __uidhashfn((uid)))
+#define __uidhashfn(xid,uid)	((((uid) >> UIDHASH_BITS) + ((uid)^(xid))) & UIDHASH_MASK)
+#define uidhashentry(xid,uid)	(uidhash_table + __uidhashfn((xid),(uid)))
 
 static kmem_cache_t *uid_cachep;
 static struct list_head uidhash_table[UIDHASH_SZ];
@@ -46,7 +46,7 @@ static inline void uid_hash_remove(struc
 	list_del(&up->uidhash_list);
 }
 
-static inline struct user_struct *uid_hash_find(uid_t uid, struct list_head *hashent)
+static inline struct user_struct *uid_hash_find(xid_t xid, uid_t uid, struct list_head *hashent)
 {
 	struct list_head *up;
 
@@ -55,7 +55,7 @@ static inline struct user_struct *uid_ha
 
 		user = list_entry(up, struct user_struct, uidhash_list);
 
-		if(user->uid == uid) {
+		if(user->uid == uid && user->vx_id == xid) {
 			atomic_inc(&user->__count);
 			return user;
 		}
@@ -64,9 +64,9 @@ static inline struct user_struct *uid_ha
 	return NULL;
 }
 
-struct user_struct *find_user(uid_t uid)
+struct user_struct *find_user(xid_t xid, uid_t uid)
 {
-	return uid_hash_find(uid, uidhashentry(uid));
+	return uid_hash_find(xid, uid, uidhashentry(xid, uid));
 }
 
 void free_uid(struct user_struct *up)
@@ -78,13 +78,13 @@ void free_uid(struct user_struct *up)
 	}
 }
 
-struct user_struct * alloc_uid(uid_t uid)
+struct user_struct * alloc_uid(xid_t xid, uid_t uid)
 {
-	struct list_head *hashent = uidhashentry(uid);
+	struct list_head *hashent = uidhashentry(xid, uid);
 	struct user_struct *up;
 
 	spin_lock(&uidhash_lock);
-	up = uid_hash_find(uid, hashent);
+	up = uid_hash_find(xid, uid, hashent);
 	spin_unlock(&uidhash_lock);
 
 	if (!up) {
@@ -94,6 +94,7 @@ struct user_struct * alloc_uid(uid_t uid
 		if (!new)
 			return NULL;
 		new->uid = uid;
+		new->vx_id = xid;
 		atomic_set(&new->__count, 1);
 		atomic_set(&new->processes, 0);
 		atomic_set(&new->files, 0);
@@ -103,7 +104,7 @@ struct user_struct * alloc_uid(uid_t uid
 		 * on adding the same user already..
 		 */
 		spin_lock(&uidhash_lock);
-		up = uid_hash_find(uid, hashent);
+		up = uid_hash_find(xid, uid, hashent);
 		if (up) {
 			kmem_cache_free(uid_cachep, new);
 		} else {
@@ -148,7 +149,7 @@ static int __init uid_cache_init(void)
 
 	/* Insert the root user immediately (init already runs as root) */
 	spin_lock(&uidhash_lock);
-	uid_hash_insert(&root_user, uidhashentry(0));
+	uid_hash_insert(&root_user, uidhashentry(0,0));
 	spin_unlock(&uidhash_lock);
 
 	return 0;
diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/Makefile linux-2.6.2-rc1-vs0.05.1/kernel/vserver/Makefile
--- linux-2.6.2-rc1/kernel/vserver/Makefile	Thu Jan  1 01:00:00 1970
+++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/Makefile	Sat Jan 24 06:36:45 2004
@@ -0,0 +1,11 @@
+#
+# Makefile for the Linux vserver routines.
+#
+
+
+obj-y		+= vserver.o
+
+vserver-y	:= switch.o context.o network.o inode.o limit.o signal.o
+
+vserver-y	+= legacy.o
+
diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/context.c linux-2.6.2-rc1-vs0.05.1/kernel/vserver/context.c
--- linux-2.6.2-rc1/kernel/vserver/context.c	Thu Jan  1 01:00:00 1970
+++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/context.c	Sat Jan 24 06:04:27 2004
@@ -0,0 +1,302 @@
+/*
+ *  linux/kernel/vserver/context.c
+ *
+ *  Virtual Server: Context Support
+ *
+ *  Copyright (C) 2003-2004  Herbert Pötzl
+ *
+ *  V0.01  context helper
+ *  V0.02  vx_ctx_kill syscall command
+ *  V0.03  replaced context_info calls
+ *  V0.04  redesign of struct (de)alloc
+ *  V0.05  rlimit basic implementation
+ *
+ */
+
+#include <linux/config.h>
+//#include <linux/linkage.h>
+#include <linux/utsname.h>
+#include <linux/slab.h>
+#include <linux/vserver/context.h>
+//#include <linux/vswitch.h>
+#include <linux/vinline.h>
+//#include <linux/sched.h>
+#include <linux/kernel_stat.h>
+
+#include <asm/errno.h>
+//#include <asm/uaccess.h>
+
+
+
+/*  system functions */
+
+
+LIST_HEAD(vx_infos);
+
+spinlock_t vxlist_lock
+	__cacheline_aligned_in_smp = SPIN_LOCK_UNLOCKED;
+
+
+/*
+ *	struct vx_info allocation and deallocation
+ */
+
+static struct vx_info *alloc_vx_info(int id)
+{
+	struct vx_info *new = NULL;
+	int lim;
+	
+	vxdprintk("alloc_vx_info(%d)\n", id);
+	/* would this benefit from a slab cache? */
+	new = kmalloc(sizeof(struct vx_info), GFP_KERNEL);
+	if (!new)
+		return 0;
+
+	memset (new, 0, sizeof(struct vx_info));
+	new->vx_id = id;
+	INIT_LIST_HEAD(&new->vx_list);
+	/* rest of init goes here */
+	
+	for (lim=0; lim<RLIM_NLIMITS; lim++)
+		new->limit.rlim[lim] = RLIM_INFINITY;
+	
+	/* scheduling; hard code starting values as constants */
+	new->sched.tokens_fr = 1;
+	new->sched.tokens_div = 4;
+	new->sched.tokens     = HZ * 5;
+	new->sched.tokens_max = HZ * 10;
+	new->sched.tokens_jfy = jiffies;
+	new->sched.tokens_lock = SPIN_LOCK_UNLOCKED;
+
+	new->virt.nr_threads = 1;
+	// new->virt.bias_cswtch = kstat.context_swtch;
+	new->virt.bias_jiffies = jiffies;
+	/* new->virt.bias_idle = init_tasks[0]->times.tms_utime +
+		init_tasks[0]->times.tms_stime;
+	*/
+	down_read(&uts_sem);
+	new->virt.utsname = system_utsname;
+	up_read(&uts_sem);
+	
+	vxdprintk("alloc_vx_info(%d) = %p\n", id, new);
+	return new;
+}
+
+void free_vx_info(struct vx_info *vxi)
+{
+	vxdprintk("free_vx_info(%p)\n", vxi);
+	kfree(vxi);
+}
+
+
+/*
+ *	struct vx_info search by id
+ *	assumes vxlist_lock is held
+ */
+
+static __inline__ struct vx_info *__find_vx_info(int id)
+{
+	struct vx_info *vxi;
+
+	list_for_each_entry(vxi, &vx_infos, vx_list)
+		if (vxi->vx_id == id)
+			return vxi;
+	return 0;
+}
+
+
+/*
+ *	struct vx_info ref stuff
+ */
+
+struct vx_info *find_vx_info(int id)
+{
+	struct vx_info *vxi;
+	
+	spin_lock(&vxlist_lock);
+	if ((vxi = __find_vx_info(id)))
+		get_vx_info(vxi);
+	spin_unlock(&vxlist_lock);
+	return vxi;
+}
+
+
+/*
+ *	struct vx_info search by id
+ *	assumes vxlist_lock is held
+ */
+
+static __inline__ xid_t __vx_dynamic_id(void)
+{
+	static xid_t seq = MAX_S_CONTEXT;
+	xid_t barrier = seq;
+	
+	do {
+		if (++seq > MAX_S_CONTEXT)
+			seq = MIN_D_CONTEXT;
+		if (!__find_vx_info(seq))
+			return seq;
+	} while (barrier != seq);
+	return 0;
+}
+
+
+struct vx_info *find_or_create_vx_info(int id)
+{
+	struct vx_info *new, *vxi = NULL;
+	
+	vxdprintk("find_or_create_vx_info(%d)\n", id);
+	if (!(new = alloc_vx_info(id)))
+		return 0;
+
+	spin_lock(&vxlist_lock);
+
+	/* dynamic context requested */
+	if (id == VX_DYNAMIC_ID) {
+		id = __vx_dynamic_id();
+		if (!id) {
+			printk(KERN_ERR "no dynamic context available.\n");
+			goto out_unlock;
+		}
+		new->vx_id = id;
+	}
+	/* existing context requested */
+	else if ((vxi = __find_vx_info(id))) {
+		vxdprintk("find_or_create_vx_info(%d) = %p (found)\n", id, vxi);
+		get_vx_info(vxi);
+		goto out_unlock;
+	}
+
+	/* new context requested */
+	vxdprintk("find_or_create_vx_info(%d) = %p (new)\n", id, vxi);
+	atomic_set(&new->vx_refcount, 1);
+	list_add(&new->vx_list, &vx_infos);
+	vxi = new, new = NULL;
+
+out_unlock:
+	spin_unlock(&vxlist_lock);
+	if (new)
+		free_vx_info(new);
+	return vxi;
+}
+
+
+#include <asm/uaccess.h>
+
+
+int vc_task_xid(uint32_t id, void *data)
+{
+	if (!vx_check(0, VX_ADMIN))
+		return -ENOSYS;
+	switch (id) {
+	case 0:
+		break;
+		
+	case -1:
+		break;
+		
+	default:
+		break;
+	
+	}
+	return 0;
+}
+
+
+int vc_vx_info(uint32_t id, void *data)
+{
+	struct vx_info *vxi;
+	struct vcmd_vx_info_v0 vc_data;
+
+	if (!vx_check(0, VX_ADMIN))
+		return -ENOSYS;
+	if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RESOURCE))
+		return -EPERM;
+
+	vxi = find_vx_info(id);
+	if (!vxi)
+		return -ESRCH;
+
+	if (copy_to_user (data, &vc_data, sizeof(vc_data)))
+		return -EFAULT;
+	return 0;
+}
+
+
+/* virtual host info names */
+
+static char * vx_vhi_name(struct vx_info *vxi, int id)
+{
+	switch (id) {
+		case VHIN_CONTEXT:
+			return vxi->vx_name;
+		case VHIN_SYSNAME:
+			return vxi->virt.utsname.sysname;
+		case VHIN_NODENAME:
+			return vxi->virt.utsname.nodename;
+		case VHIN_RELEASE:
+			return vxi->virt.utsname.release;
+		case VHIN_VERSION:
+			return vxi->virt.utsname.version;
+		case VHIN_MACHINE:
+			return vxi->virt.utsname.machine;
+		case VHIN_DOMAINNAME:
+			return vxi->virt.utsname.domainname;
+		default:
+	}
+	return NULL;
+}
+
+int vc_set_vhi_name(uint32_t id, void *data)
+{
+	struct vx_info *vxi;
+	struct vcmd_vx_vhi_name_v0 vc_data;
+	char *name;
+
+	if (!vx_check(0, VX_ADMIN))
+		return -ENOSYS;
+	if (!capable(CAP_SYS_ADMIN))
+		return -EPERM;
+	if (copy_from_user (&vc_data, data, sizeof(vc_data)))
+		return -EFAULT;
+	
+	vxi = find_vx_info(id);
+	if (!vxi)
+		return -ESRCH;
+	
+	name = vx_vhi_name(vxi, vc_data.field);
+	if (name)
+		memcpy(name, vc_data.name, 65);
+	put_vx_info(vxi);
+	return (name ? 0 : -EFAULT);
+}
+
+int vc_get_vhi_name(uint32_t id, void *data)
+{
+	struct vx_info *vxi;
+	struct vcmd_vx_vhi_name_v0 vc_data;
+	char *name;
+
+	if (!vx_check(0, VX_ADMIN))
+		return -ENOSYS;
+	if (copy_from_user (&vc_data, data, sizeof(vc_data)))
+		return -EFAULT;
+
+	vxi = find_vx_info(id);
+	if (!vxi)
+		return -ESRCH;
+
+	name = vx_vhi_name(vxi, vc_data.field);
+	if (!name)
+		goto out_put;
+			
+	memcpy(vc_data.name, name, 65);
+	if (copy_to_user (data, &vc_data, sizeof(vc_data)))
+		return -EFAULT;
+out_put:
+	put_vx_info(vxi);
+	return (name ? 0 : -EFAULT);
+}
+
+
+
diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/inode.c linux-2.6.2-rc1-vs0.05.1/kernel/vserver/inode.c
--- linux-2.6.2-rc1/kernel/vserver/inode.c	Thu Jan  1 01:00:00 1970
+++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/inode.c	Sat Jan 24 07:54:13 2004
@@ -0,0 +1,174 @@
+/*
+ *  linux/kernel/vserver/inode.c
+ *
+ *  Virtual Server: File System Support
+ *
+ *  Copyright (C) 2004  Herbert Pötzl
+ *
+ *  V0.01  separated from vcontext V0.05
+ *
+ */
+
+#include <linux/config.h>
+//#include <linux/linkage.h>
+//#include <linux/utsname.h>
+//#include <linux/slab.h>
+//#include <linux/vcontext.h>
+//#include <linux/vswitch.h>
+#include <linux/vinline.h>
+#include <linux/fs.h>
+#include <linux/proc_fs.h>
+//#include <linux/kernel_stat.h>
+#include <linux/vserver/inode.h>
+
+#include <asm/errno.h>
+#include <asm/uaccess.h>
+//#include <asm/smplock.h>
+
+
+int vc_get_iattr(uint32_t id, void *data)
+{
+	struct super_block *sb;
+	struct inode *in;
+	struct vcmd_ctx_iattr_v0 vc_data;
+	int ret;
+#if 0
+
+	if (!vx_check(0, VX_ADMIN))
+		return -ENOSYS;
+	if (copy_from_user (&vc_data, data, sizeof(vc_data)))
+		return -EFAULT;
+
+	ret = -ESRCH;
+	sb = get_super(to_kdev_t(id));
+	if (!sb)
+		goto out;
+	in = iget(sb, vc_data.ino);
+	if (!in)
+		goto out_drop_sb;
+	
+	vc_data.xid = in->i_xid;
+	vc_data.flags = IATTR_XID
+		| (IS_BARRIER(in) ? IATTR_BARRIER : 0)
+		| (IS_IUNLINK(in) ? IATTR_IUNLINK : 0);	
+	vc_data.mask = IATTR_XID | IATTR_BARRIER | IATTR_IUNLINK;
+
+	if (sb->s_magic == PROC_SUPER_MAGIC) {
+		vc_data.flags |= (in->u.proc_i.vx_flags & IATTR_FLAGS);	
+		vc_data.mask |= IATTR_FLAGS;
+	}
+
+	ret = 0;
+	if (copy_to_user (data, &vc_data, sizeof(vc_data)))
+		ret = -EFAULT;
+	iput(in);
+out_drop_sb:
+        drop_super(sb);
+out:
+#endif
+	return ret;
+}
+
+int vc_set_iattr(uint32_t id, void *data)
+{
+	struct super_block *sb;
+	struct inode *in;
+	struct vcmd_ctx_iattr_v0 vc_data;
+	int ret;
+#if 0
+	if (!vx_check(0, VX_ADMIN))
+		return -ENOSYS;
+	if (!capable(CAP_SYS_ADMIN) || !capable(CAP_LINUX_IMMUTABLE))
+		return -EPERM;
+	if (copy_from_user (&vc_data, data, sizeof(vc_data)))
+		return -EFAULT;
+
+	ret = -ESRCH;
+	sb = get_super(to_kdev_t(id));
+	if (!sb)
+		goto out;
+
+	ret = -ENOTSUP;
+	if ((vc_data.mask & IATTR_FLAGS) && (sb->s_magic != PROC_SUPER_MAGIC))
+		goto out_drop_sb;
+
+	ret = -ESRCH;
+	in = iget(sb, vc_data.ino);
+	if (!in)
+		goto out_drop_sb;
+
+	lock_kernel();
+	if (vc_data.mask & IATTR_XID)
+		in->i_xid = vc_data.xid;
+
+	if (vc_data.mask & IATTR_FLAGS) {
+		unsigned int flags = in->u.proc_i.vx_flags;
+		unsigned int mask = vc_data.mask;
+
+		in->u.proc_i.vx_flags = (flags & ~(mask & IATTR_FLAGS))
+			| (vc_data.flags & IATTR_FLAGS);
+	}
+	
+	if (vc_data.mask & IATTR_BARRIER)
+		in->i_flags = (in->i_flags & ~S_BARRIER)
+			| ((vc_data.flags & IATTR_BARRIER) ? S_BARRIER : 0);
+	if (vc_data.mask & IATTR_IUNLINK)
+		in->i_flags = (in->i_flags & ~S_IUNLINK)
+			| ((vc_data.flags & IATTR_IUNLINK) ? S_IUNLINK : 0);
+	mark_inode_dirty(in);
+	unlock_kernel();
+	iput(in);
+out_drop_sb:
+        drop_super(sb);
+out:
+#endif
+	return ret;
+}
+
+
+
+#include <linux/proc_fs.h>
+
+int vx_proc_ioctl(struct inode * inode, struct file * filp,
+	unsigned int cmd, unsigned long arg)
+{
+	struct proc_dir_entry *entry;
+	int error = 0;
+	int flags;
+
+	if (inode->i_ino < PROC_DYNAMIC_FIRST ||
+		inode->i_ino >= PROC_DYNAMIC_FIRST+PROC_NDYNAMIC)
+		return -ENOTTY;
+
+	entry = PROC_I(inode)->pde;
+
+	switch(cmd) {
+	case FIOC_GETXFLG: {
+		/* fixme: if stealth, return -ENOTTY */
+		error = -EPERM;
+		flags = entry->vx_flags;
+		if (capable(CAP_CONTEXT))
+			error = put_user(flags, (int *) arg);
+		break;
+	}
+	case FIOC_SETXFLG: {
+		/* fixme: if stealth, return -ENOTTY */
+		error = -EPERM;
+		if (!capable(CAP_CONTEXT))
+			break;
+		error = -EROFS;
+		if (IS_RDONLY(inode))
+			break;
+		error = -EFAULT;
+		if (get_user(flags, (int *) arg))
+			break;
+		error = 0;
+		entry->vx_flags = flags;
+		break;
+	}
+	default:
+		return -ENOTTY;
+	}
+	return error;
+}
+
diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/legacy.c linux-2.6.2-rc1-vs0.05.1/kernel/vserver/legacy.c
--- linux-2.6.2-rc1/kernel/vserver/legacy.c	Thu Jan  1 01:00:00 1970
+++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/legacy.c	Sat Jan 24 05:14:16 2004
@@ -0,0 +1,211 @@
+/*
+ *  linux/kernel/vserver/legacy.c
+ *
+ *  Virtual Server: Legacy Funtions
+ *
+ *  Copyright (C) 2001-2003  Jacques Gelinas
+ *  Copyright (C) 2003-2004  Herbert Pötzl
+ *
+ *  V0.01  broken out from vcontext.c V0.05
+ *
+ */
+
+#include <linux/config.h>
+//#include <linux/linkage.h>
+//#include <linux/utsname.h>
+//#include <linux/slab.h>
+#include <linux/vserver/context.h>
+#include <linux/vserver/legacy.h>
+//#include <linux/vswitch.h>
+#include <linux/vinline.h>
+#include <linux/sched.h>
+//#include <linux/kernel_stat.h>
+
+#include <asm/errno.h>
+#include <asm/uaccess.h>
+
+
+static int vx_migrate_user(struct task_struct *p, struct vx_info *vxi)
+{
+	struct user_struct *new_user, *old_user;
+	
+	if (!p || !vxi)
+		BUG();
+	new_user = alloc_uid(vxi->vx_id, p->uid);
+	if (!new_user)
+		return -ENOMEM;
+
+	old_user = p->user;
+	if (new_user != old_user) {
+		atomic_inc(&new_user->processes);
+		atomic_dec(&old_user->processes);
+		p->user = new_user;
+	}
+	free_uid(old_user);
+	return 0;
+}
+
+/*
+ *	migrate task to new context
+ *	gets vxi, puts old_vxi on change
+ */
+
+static int vx_migrate_task(struct task_struct *p, struct vx_info *vxi)
+{
+	struct vx_info *old_vxi = task_get_vx_info(p);
+	int ret = 0;
+	
+	if (!p || !vxi)
+		BUG();
+
+	vxdprintk("vx_migrate_task(%p,%p[#%d.%d)\n", p, vxi,
+		vxi->vx_id, atomic_read(&vxi->vx_refcount));
+	spin_lock(&p->alloc_lock);
+	if (old_vxi == vxi)
+		goto out;
+
+	if (!(ret = vx_migrate_user(p, vxi))) {
+		if (old_vxi) {
+			old_vxi->virt.nr_threads--;
+			atomic_dec(&old_vxi->limit.res[RLIMIT_NPROC]);
+		}		
+		vxi->virt.nr_threads++;
+		atomic_inc(&vxi->limit.res[RLIMIT_NPROC]);
+		p->vx_info = get_vx_info(vxi);
+		p->xid = vxi->vx_id;
+		if (old_vxi)
+			put_vx_info(old_vxi);
+	}
+out:
+	spin_unlock(&p->alloc_lock);
+	put_vx_info(old_vxi);
+	return ret;
+}
+
+
+static int vx_set_initpid(struct vx_info *vxi, int pid)
+{
+	int ret = 0;
+	if (vxi->vx_initpid)
+		ret = -EPERM;
+	else
+		vxi->vx_initpid = pid;
+	return ret;
+}
+
+int vc_new_s_context(uint32_t ctx, void *data)
+{
+	int ret = -ENOMEM;
+	struct vcmd_new_s_context_v1 vc_data;
+	struct vx_info *new_vxi;
+
+	if (copy_from_user(&vc_data, data, sizeof(vc_data)))
+		return -EFAULT;
+
+	/* legacy hack, will be removed soon */
+	if (ctx == -2) {
+		/* assign flags and initpid */
+		if (!current->vx_info)
+			return -EINVAL;
+		ret = 0;
+		if (vc_data.flags & VX_INFO_INIT)
+			ret = vx_set_initpid(current->vx_info, current->tgid);
+		if (ret == 0) {
+			/* We keep the same vx_id, but lower the capabilities */
+			current->cap_bset &= (~vc_data.remove_cap);
+			ret = vx_current_xid();
+			current->vx_info->vx_flags |= vc_data.flags;
+		}
+		return ret;
+	}
+	
+	if (!vx_check(0, VX_ADMIN) ||
+		!capable(CAP_SYS_ADMIN) ||
+		(current->vx_info &&
+		(current->vx_info->vx_flags & VX_INFO_LOCK)))
+		return -EPERM;
+
+	if (((ctx > MAX_S_CONTEXT) && (ctx != VX_DYNAMIC_ID)) ||
+		(ctx == 0))
+		return -EINVAL;
+		
+	if ((ctx == VX_DYNAMIC_ID) || (ctx < MIN_D_CONTEXT))
+		new_vxi = find_or_create_vx_info(ctx);
+	else
+		new_vxi = find_vx_info(ctx);
+		
+	if (!new_vxi)
+		return -EINVAL;
+
+	ret = vx_migrate_task(current, new_vxi);
+	if (ret == 0) {
+		current->cap_bset &= (~vc_data.remove_cap);
+		new_vxi->vx_flags |= vc_data.flags;
+		if (vc_data.flags & VX_INFO_INIT)
+			vx_set_initpid(new_vxi, current->tgid);
+		if (vc_data.flags & VX_INFO_NPROC)
+			new_vxi->limit.rlim[RLIMIT_NPROC] =
+				current->rlim[RLIMIT_NPROC].rlim_max;
+		ret = new_vxi->vx_id;
+	}
+	put_vx_info(new_vxi);
+	return ret;
+}
+
+
+
+/*  set ipv4 root (syscall) */
+
+int vc_set_ipv4root(uint32_t nbip, void *data)
+{
+	int i, err = -EPERM;
+	struct vcmd_set_ipv4root_v3 vc_data;
+	struct ip_info *new_ipi, *ipi = current->ip_info;
+
+	if (nbip < 0 || nbip > NB_IPV4ROOT)
+		return -EINVAL;
+	if (copy_from_user (&vc_data, data, sizeof(vc_data)))
+		return -EFAULT;
+
+	if (!ipi || ipi->ipv4[0] == 0 || capable(CAP_NET_ADMIN))
+		// We are allowed to change everything
+		err = 0;
+	else if (ipi) {
+		int found = 0;
+		
+		// We are allowed to select a subset of the currently
+		// installed IP numbers. No new one allowed
+		// We can't change the broadcast address though
+		for (i=0; i<nbip; i++) {
+			int j;
+			__u32 ipip = vc_data.ip_mask_pair[i].ip;
+			for (j=0; j<ipi->nbipv4; j++) {
+				if (ipip == ipi->ipv4[j]) {
+					found++;
+					break;
+				}
+			}
+		}
+		if ((found == nbip) &&
+			(vc_data.broadcast == ipi->v4_bcast))
+			err = 0;
+	}
+	if (err)
+		return err;
+
+	new_ipi = create_ip_info();
+	if (!new_ipi)
+		return -EINVAL;
+
+	new_ipi->nbipv4 = nbip;
+	for (i=0; i<nbip; i++) {
+		new_ipi->ipv4[i] = vc_data.ip_mask_pair[i].ip;
+		new_ipi->mask[i] = vc_data.ip_mask_pair[i].mask;
+	}
+	new_ipi->v4_bcast = vc_data.broadcast;
+	current->ip_info = new_ipi;
+	put_ip_info(ipi);
+	return 0;
+}
+
+
diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/limit.c linux-2.6.2-rc1-vs0.05.1/kernel/vserver/limit.c
--- linux-2.6.2-rc1/kernel/vserver/limit.c	Thu Jan  1 01:00:00 1970
+++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/limit.c	Sat Jan 24 05:54:03 2004
@@ -0,0 +1,116 @@
+/*
+ *  linux/kernel/vserver/limit.c
+ *
+ *  Virtual Server: Context Limits
+ *
+ *  Copyright (C) 2004  Herbert Pötzl
+ *
+ *  V0.01  broken out from vcontext V0.05
+ *
+ */
+
+#include <linux/config.h>
+//#include <linux/linkage.h>
+//#include <linux/utsname.h>
+//#include <linux/slab.h>
+#include <linux/vserver/limit.h>
+#include <linux/vserver/context.h>
+#include <linux/vserver/switch.h>
+#include <linux/vinline.h>
+//#include <linux/sched.h>
+//#include <linux/kernel_stat.h>
+
+#include <asm/errno.h>
+#include <asm/uaccess.h>
+
+
+static int is_valid_rlimit(int id)
+{
+	int valid = 0;
+
+	switch (id) {
+		case RLIMIT_NPROC:
+		case RLIMIT_AS:
+		case RLIMIT_RSS:
+			valid = 1;
+			break;
+	}
+	return valid;
+}
+
+int vc_get_rlimit(uint32_t id, void *data)
+{
+	struct vx_info *vxi;
+	struct vcmd_ctx_rlimit_v0 vc_data;
+
+	if (!vx_check(0, VX_ADMIN))
+		return -ENOSYS;
+	if (copy_from_user (&vc_data, data, sizeof(vc_data)))
+		return -EFAULT;
+	if (!is_valid_rlimit(vc_data.id))
+		return -ENOTSUPP;
+		
+	vxi = find_vx_info(id);
+	if (!vxi)
+		return -ESRCH;
+
+	if (vc_data.maximum != CRLIM_KEEP)
+		vc_data.maximum = vxi->limit.rlim[vc_data.id];
+	vc_data.minimum = CRLIM_UNSET;
+	vc_data.softlimit = CRLIM_UNSET;
+	put_vx_info(vxi);
+
+	if (copy_to_user (data, &vc_data, sizeof(vc_data)))
+		return -EFAULT;
+	return 0;
+}
+
+int vc_set_rlimit(uint32_t id, void *data)
+{
+	struct vx_info *vxi;
+	struct vcmd_ctx_rlimit_v0 vc_data;
+
+	if (!vx_check(0, VX_ADMIN))
+		return -ENOSYS;
+	if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RESOURCE))
+		return -EPERM;
+	if (copy_from_user (&vc_data, data, sizeof(vc_data)))
+		return -EFAULT;
+	if (!is_valid_rlimit(vc_data.id))
+		return -ENOTSUPP;
+
+	vxi = find_vx_info(id);
+	if (!vxi)
+		return -ESRCH;
+
+	if (vc_data.maximum != CRLIM_KEEP)
+		vxi->limit.rlim[vc_data.id] = vc_data.maximum;
+	printk("setting [%d] = %d\n", vc_data.id, (int)vc_data.maximum);
+	put_vx_info(vxi);
+
+	return 0;
+}
+
+int vc_get_rlimit_mask(uint32_t id, void *data)
+{
+	static struct vcmd_ctx_rlimit_mask_v0 mask = {
+			/* minimum */
+		0
+		,	/* softlimit */
+		0
+		,	/* maximum */
+		(1 << RLIMIT_NPROC) |
+		(1 << RLIMIT_AS) |
+		(1 << RLIMIT_RSS)
+		};
+
+	if (!vx_check(0, VX_ADMIN))
+		return -ENOSYS;
+	if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RESOURCE))
+		return -EPERM;
+	if (copy_to_user(data, &mask, sizeof(mask)))
+                return -EFAULT;
+	return 0;
+}
+
+
diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/network.c linux-2.6.2-rc1-vs0.05.1/kernel/vserver/network.c
--- linux-2.6.2-rc1/kernel/vserver/network.c	Thu Jan  1 01:00:00 1970
+++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/network.c	Sat Jan 24 05:46:08 2004
@@ -0,0 +1,83 @@
+/*
+ *  linux/kernel/vserver/network.c
+ *
+ *  Virtual Server: Network Support
+ *
+ *  Copyright (C) 2003-2004  Herbert Pötzl
+ *
+ *  V0.01  broken out from vcontext V0.05
+ *  V0.05  rlimit basic implementation
+ *
+ */
+
+#include <linux/config.h>
+//#include <linux/linkage.h>
+//#include <linux/utsname.h>
+#include <linux/slab.h>
+#include <linux/vserver/network.h>
+//#include <linux/vswitch.h>
+#include <linux/vinline.h>
+//#include <linux/sched.h>
+//#include <linux/kernel_stat.h>
+
+#include <asm/errno.h>
+//#include <asm/uaccess.h>
+
+
+
+LIST_HEAD(ip_infos);
+
+spinlock_t iplist_lock
+	__cacheline_aligned_in_smp = SPIN_LOCK_UNLOCKED;
+
+
+/*
+ *	struct ip_info allocation and deallocation
+ */
+
+static struct ip_info *alloc_ip_info(void)
+{
+	struct ip_info *new = NULL;
+	
+	vxdprintk("alloc_ip_info()\n");
+	/* would this benefit from a slab cache? */
+	new = kmalloc(sizeof(struct ip_info), GFP_KERNEL);
+	if (!new)
+		return 0;
+	
+	memset (new, 0, sizeof(struct ip_info));
+	/* rest of init goes here */
+	
+	
+	vxdprintk("alloc_ip_info() = %p\n", new);
+	return new;
+}
+
+// extern int ip_proc_destroy(struct ip_info *);
+
+void free_ip_info(struct ip_info *ipi)
+{
+	vxdprintk("free_ip_info(%p)\n", ipi);
+//	ip_proc_destroy(ipi);
+	kfree(ipi);
+}
+
+struct ip_info *create_ip_info(void)
+{
+	struct ip_info *new;
+	
+	vxdprintk("create_ip_info()\n");
+	if (!(new = alloc_ip_info()))
+		return 0;
+
+	spin_lock(&iplist_lock);
+
+	/* new ip info */
+	atomic_set(&new->ip_refcount, 1);
+	list_add(&new->ip_list, &ip_infos);
+//	ip_proc_create(new);
+
+	spin_unlock(&iplist_lock);
+	return new;
+}
+
diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/signal.c linux-2.6.2-rc1-vs0.05.1/kernel/vserver/signal.c
--- linux-2.6.2-rc1/kernel/vserver/signal.c	Thu Jan  1 01:00:00 1970
+++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/signal.c	Sat Jan 24 06:37:18 2004
@@ -0,0 +1,85 @@
+/*
+ *  linux/kernel/vserver/signal.c
+ *
+ *  Virtual Server: Signal Support
+ *
+ *  Copyright (C) 2003-2004  Herbert Pötzl
+ *
+ *  V0.01  broken out from vcontext V0.05
+ *
+ */
+
+#include <linux/config.h>
+#include <linux/sched.h>
+
+#include <asm/errno.h>
+#include <asm/uaccess.h>
+
+#include <linux/vinline.h>
+#include <linux/vserver/signal.h>
+
+
+int vc_ctx_kill(uint32_t id, void *data)
+{
+	int retval, count=0;
+	struct vcmd_ctx_kill_v0 vc_data;
+	struct siginfo info;
+	struct task_struct *p;
+	struct vx_info *vxi;
+
+	if (!vx_check(0, VX_ADMIN))
+		return -ENOSYS;
+	if (copy_from_user (&vc_data, data, sizeof(vc_data)))
+		return -EFAULT;
+	
+	info.si_signo = vc_data.sig;
+	info.si_errno = 0;
+	info.si_code = SI_USER;
+	info.si_pid = current->pid;
+	info.si_uid = current->uid;
+
+	vxi = find_vx_info(id);
+	if (!vxi)
+		return -ESRCH;
+
+	retval = -ESRCH;
+	read_lock(&tasklist_lock);
+	switch (vc_data.pid) {
+	case -1:
+	case  0:
+		for_each_process(p) {
+			int err = 0;
+
+			if (vx_task_xid(p) != id || p->pid <= 1 ||
+				(vc_data.pid && vxi->vx_initpid == p->pid) ||
+				!thread_group_leader(p))
+				continue;
+
+			err = send_sig_info(vc_data.sig, &info, p);
+			++count;
+			if (err != -EPERM)
+				retval = err;
+		}
+		break;
+		
+	default:
+	p = find_task_by_pid(vc_data.pid);
+		if (p) {
+			if (!thread_group_leader(p)) {
+				struct task_struct *tg;
+			
+				tg = find_task_by_pid(p->tgid);
+				if (tg)
+					p = tg;
+			}
+			if ((id == -1) || (vx_task_xid(p) == id))
+				retval = send_sig_info(vc_data.sig, &info, p);
+		}
+		break;
+	}
+	read_unlock(&tasklist_lock);
+	put_vx_info(vxi);
+	return retval;
+}
+
+
diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/switch.c linux-2.6.2-rc1-vs0.05.1/kernel/vserver/switch.c
--- linux-2.6.2-rc1/kernel/vserver/switch.c	Thu Jan  1 01:00:00 1970
+++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/switch.c	Sat Jan 24 05:14:16 2004
@@ -0,0 +1,84 @@
+/*
+ *  linux/kernel/vserver/switch.c
+ *
+ *  Virtual Server: Syscall Switch
+ *
+ *  Copyright (C) 2003-2004  Herbert Pötzl
+ *
+ *  V0.01  syscall switch
+ *  V0.02  added signal to context
+ *  V0.03  added rlimit functions
+ *  V0.04  added iattr, task/xid functions
+ *
+ */
+
+#include <linux/config.h>
+#include <linux/linkage.h>
+#include <asm/errno.h>
+
+#include <linux/vserver/switch.h>
+
+
+static inline int
+vc_get_version(uint32_t id)
+{
+	return VCI_VERSION;
+}
+
+
+#include <linux/vserver/legacy.h>
+#include <linux/vserver/context.h>
+#include <linux/vserver/network.h>
+#include <linux/vserver/limit.h>
+#include <linux/vserver/inode.h>
+#include <linux/vserver/signal.h>
+
+extern asmlinkage int
+sys_vserver(uint32_t cmd, uint32_t id, void *data)
+{
+	int ret = -ENOTSUP;
+
+	switch (cmd) {
+	case VCMD_get_version:
+		ret = vc_get_version(id);
+		break;
+		
+	case VCMD_new_s_context:
+		ret = vc_new_s_context(id, data);
+		break;
+	case VCMD_set_ipv4root:
+		ret = vc_set_ipv4root(id, data);
+		break;
+
+	case VCMD_get_rlimit:
+		ret = vc_get_rlimit(id, data);
+		break;
+	case VCMD_set_rlimit:
+		ret = vc_set_rlimit(id, data);
+		break;
+	case VCMD_get_rlimit_mask:
+		ret = vc_get_rlimit_mask(id, data);
+		break;
+		
+	case VCMD_ctx_kill:
+		ret = vc_ctx_kill(id, data);
+		break;
+
+	case VCMD_get_iattr:
+		ret = vc_get_iattr(id, data);
+		break;
+	case VCMD_set_iattr:
+		ret = vc_set_iattr(id, data);
+		break;
+
+	case VCMD_task_xid:
+		ret = vc_task_xid(id, data);
+		break;
+	case VCMD_vx_info:
+		ret = vc_vx_info(id, data);
+		break;
+	}
+	return ret;
+}
+
+
diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/af_inet.c linux-2.6.2-rc1-vs0.05.1/net/ipv4/af_inet.c
--- linux-2.6.2-rc1/net/ipv4/af_inet.c	Sat Jan 24 03:18:20 2004
+++ linux-2.6.2-rc1-vs0.05.1/net/ipv4/af_inet.c	Sat Jan 24 05:46:08 2004
@@ -158,6 +158,10 @@ void inet_sock_destruct(struct sock *sk)
 
 	if (inet->opt)
 		kfree(inet->opt);
+	
+	/* reordering required? */
+	put_ip_info(sk->sk_ip_info);
+	sk->sk_ip_info = NULL;
 	dst_release(sk->sk_dst_cache);
 #ifdef INET_REFCNT_DEBUG
 	atomic_dec(&inet_sock_nr);
@@ -397,6 +401,9 @@ static int inet_create(struct socket *so
 	sk->sk_family	   = PF_INET;
 	sk->sk_protocol	   = protocol;
 	sk->sk_backlog_rcv = sk->sk_prot->backlog_rcv;
+	
+	sk->sk_xid = vx_current_xid();
+	sk->sk_ip_info = NULL;
 
 	inet->uc_ttl	= -1;
 	inet->mc_loop	= 1;
@@ -476,6 +483,10 @@ int inet_bind(struct socket *sock, struc
 	unsigned short snum;
 	int chk_addr_ret;
 	int err;
+	__u32 s_addr;	/* Address used for validation */
+	__u32 s_addr1;
+	__u32 s_addr2 = 0xffffffffl;	/* Optional address of the socket */
+	struct ip_info *ip_info;
 
 	/* If the socket has its own bind function then use it. (RAW) */
 	if (sk->sk_prot->bind) {
@@ -486,7 +497,37 @@ int inet_bind(struct socket *sock, struc
 	if (addr_len < sizeof(struct sockaddr_in))
 		goto out;
 
-	chk_addr_ret = inet_addr_type(addr->sin_addr.s_addr);
+	s_addr = s_addr1 = addr->sin_addr.s_addr;
+	ip_info = current->ip_info;
+	if (ip_info) {
+		__u32 v4_bcast = ip_info->v4_bcast;
+		__u32 ipv4root = ip_info->ipv4[0];
+		int nbipv4 = ip_info->nbipv4;
+		if (s_addr == 0) {
+			s_addr = ipv4root;
+			if (nbipv4 > 1)
+				s_addr1 = 0;
+			else {
+				s_addr1 = ipv4root;
+				ip_info = NULL;
+			}
+			s_addr2 = v4_bcast;
+		} else if (s_addr == 0x0100007f) {
+			s_addr = s_addr1 = ipv4root;
+			ip_info = NULL;
+		} else if (s_addr != v4_bcast
+			&& s_addr != ipv4root) {
+			int i;
+			for (i=0; i<nbipv4; i++) {
+				if (s_addr == ip_info->ipv4[i])
+					break;
+			}
+			if (i == nbipv4)
+				return -EADDRNOTAVAIL;
+			ip_info = NULL;
+		}
+	}
+	chk_addr_ret = inet_addr_type(s_addr);
 
 	/* Not specified by any standard per-se, however it breaks too
 	 * many applications when removed.  It is unfortunate since
@@ -498,7 +539,7 @@ int inet_bind(struct socket *sock, struc
 	err = -EADDRNOTAVAIL;
 	if (!sysctl_ip_nonlocal_bind &&
 	    !inet->freebind &&
-	    addr->sin_addr.s_addr != INADDR_ANY &&
+	    s_addr != INADDR_ANY &&
 	    chk_addr_ret != RTN_LOCAL &&
 	    chk_addr_ret != RTN_MULTICAST &&
 	    chk_addr_ret != RTN_BROADCAST)
@@ -523,13 +564,18 @@ int inet_bind(struct socket *sock, struc
 	if (sk->sk_state != TCP_CLOSE || inet->num)
 		goto out_release_sock;
 
-	inet->rcv_saddr = inet->saddr = addr->sin_addr.s_addr;
+	inet->rcv_saddr = inet->saddr = s_addr1;
+	inet->rcv_saddr2 = s_addr2;
+	sk->sk_ip_info = get_ip_info(ip_info);
+
 	if (chk_addr_ret == RTN_MULTICAST || chk_addr_ret == RTN_BROADCAST)
 		inet->saddr = 0;  /* Use device */
 
 	/* Make sure we are allowed to bind here. */
 	if (sk->sk_prot->get_port(sk, snum)) {
 		inet->saddr = inet->rcv_saddr = 0;
+		sk->sk_ip_info = NULL;
+		put_ip_info(ip_info);
 		err = -EADDRINUSE;
 		goto out_release_sock;
 	}
diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/devinet.c linux-2.6.2-rc1-vs0.05.1/net/ipv4/devinet.c
--- linux-2.6.2-rc1/net/ipv4/devinet.c	Sat Jan 24 03:18:20 2004
+++ linux-2.6.2-rc1-vs0.05.1/net/ipv4/devinet.c	Sat Jan 24 05:46:08 2004
@@ -487,6 +487,33 @@ static __inline__ int inet_abc_len(u32 a
   	return rc;
 }
 
+/*
+	Check that a device is not member of the ipv4root assigned to the process
+	Return true if this is the case
+
+	If the process is not bound to specific IP, then it returns 0 (all
+	interface are fine).
+*/
+static int devinet_notiproot (struct in_ifaddr *ifa)
+{
+	int ret = 0;
+	struct ip_info *info = current->ip_info;
+
+	if (info && !vx_check(0, VX_ADMIN)) {
+		int i;
+		int nbip = info->nbipv4;
+		__u32 addr = ifa->ifa_local;
+		ret = 1;
+		for (i=0; i<nbip; i++) {
+			if(info->ipv4[i] == addr) {
+				ret = 0;
+				break;
+			}
+		}
+	}
+	return ret;
+}
+
 
 int devinet_ioctl(unsigned int cmd, void *arg)
 {
@@ -594,6 +621,8 @@ int devinet_ioctl(unsigned int cmd, void
 	ret = -EADDRNOTAVAIL;
 	if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS)
 		goto done;
+	if (ifa != NULL && devinet_notiproot(ifa))
+		goto done;
 
 	switch(cmd) {
 	case SIOCGIFADDR:	/* Get interface address */
@@ -723,6 +752,8 @@ static int inet_gifconf(struct net_devic
 		goto out;
 
 	for (; ifa; ifa = ifa->ifa_next) {
+		if (devinet_notiproot(ifa))
+			continue;
 		if (!buf) {
 			done += sizeof(ifr);
 			continue;
@@ -980,6 +1011,8 @@ static int inet_dump_ifaddr(struct sk_bu
 		read_lock(&in_dev->lock);
 		for (ifa = in_dev->ifa_list, ip_idx = 0; ifa;
 		     ifa = ifa->ifa_next, ip_idx++) {
+			if (devinet_notiproot(ifa))
+				continue;
 			if (ip_idx < s_ip_idx)
 				continue;
 			if (inet_fill_ifaddr(skb, ifa, NETLINK_CB(cb->skb).pid,
diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/raw.c linux-2.6.2-rc1-vs0.05.1/net/ipv4/raw.c
--- linux-2.6.2-rc1/net/ipv4/raw.c	Sat Jan 24 03:18:20 2004
+++ linux-2.6.2-rc1-vs0.05.1/net/ipv4/raw.c	Sat Jan 24 05:46:08 2004
@@ -102,6 +102,38 @@ static void raw_v4_unhash(struct sock *s
 	write_unlock_bh(&raw_v4_lock);
 }
 
+
+/*
+	Check if an address is in the list
+*/
+static inline int raw_addr_in_list (
+	u32 rcv_saddr1,
+	u32 rcv_saddr2,
+	u32 loc_addr,
+	struct ip_info *ip_info)
+{
+	int ret = 0;
+	if (loc_addr != 0 &&
+		(rcv_saddr1 == loc_addr || rcv_saddr2 == loc_addr))
+		ret = 1;
+	else if (rcv_saddr1 == 0) {
+		/* Accept any address or only the one in the list */
+		if (ip_info == NULL)
+			ret = 1;
+		else {
+			int n = ip_info->nbipv4;
+			int i;
+			for (i=0; i<n; i++) {
+				if (ip_info->ipv4[i] == loc_addr) {
+					ret = 1;
+					break;
+				}
+			}
+		}
+	}
+	return ret;
+}
+
 struct sock *__raw_v4_lookup(struct sock *sk, unsigned short num,
 			     unsigned long raddr, unsigned long laddr,
 			     int dif)
@@ -113,7 +145,8 @@ struct sock *__raw_v4_lookup(struct sock
 
 		if (inet->num == num 					&&
 		    !(inet->daddr && inet->daddr != raddr) 		&&
-		    !(inet->rcv_saddr && inet->rcv_saddr != laddr)	&&
+		    raw_addr_in_list(inet->rcv_saddr, inet->rcv_saddr2,
+			laddr, sk->sk_ip_info) &&
 		    !(sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif))
 			goto found; /* gotcha */
 	}
@@ -687,7 +720,8 @@ static struct sock *raw_get_first(struct
 		struct hlist_node *node;
 
 		sk_for_each(sk, node, &raw_v4_htable[state->bucket])
-			if (sk->sk_family == PF_INET)
+			if (sk->sk_family == PF_INET &&
+				vx_check(sk->sk_xid, VX_WATCH|VX_IDENT))
 				goto found;
 	}
 	sk = NULL;
diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/tcp_ipv4.c linux-2.6.2-rc1-vs0.05.1/net/ipv4/tcp_ipv4.c
--- linux-2.6.2-rc1/net/ipv4/tcp_ipv4.c	Fri Jan  9 07:59:19 2004
+++ linux-2.6.2-rc1-vs0.05.1/net/ipv4/tcp_ipv4.c	Sat Jan 24 05:46:08 2004
@@ -179,9 +179,52 @@ void tcp_bind_hash(struct sock *sk, stru
 	tcp_sk(sk)->bind_hash = tb;
 }
 
+/*
+	Return 1 if addr match the socket IP list
+	or the socket is INADDR_ANY
+*/
+static inline int tcp_in_list (struct sock *sk, u32 addr)
+{
+	struct ip_info *ip_info = sk->sk_ip_info;
+
+	if (ip_info) {
+		int n = ip_info->nbipv4;
+		int i;
+
+		for (i=0; i<n; i++)
+			if (ip_info->ipv4[i] == addr)
+				return 1;
+	}
+	else if (!tcp_v4_rcv_saddr(sk) || tcp_v4_rcv_saddr(sk) == addr)
+		return 1;
+	return 0;
+}
+	
+/*
+	Check if the addresses in sk1 conflict with those in sk2
+*/
+int tcp_ipv4_addr_conflict (struct sock *sk1, struct sock *sk2)
+{
+	if (tcp_v4_rcv_saddr(sk1)) {
+		/* Bind to one address only */
+		return tcp_in_list (sk2, tcp_v4_rcv_saddr(sk1));
+	} else if (sk1->sk_ip_info) {
+		/* A restricted bind(any) */
+		struct ip_info *ip_info = sk1->sk_ip_info;
+		int n = ip_info->nbipv4;
+		int i;
+
+		for (i=0; i<n; i++)
+			if (tcp_in_list (sk2, ip_info->ipv4[i]))
+				return 1;
+	} else	/* A bind(any) do not allow other bind on the same port */
+		return 1;
+	return 0;
+}
+
 static inline int tcp_bind_conflict(struct sock *sk, struct tcp_bind_bucket *tb)
 {
-	const u32 sk_rcv_saddr = tcp_v4_rcv_saddr(sk);
+//	const u32 sk_rcv_saddr = tcp_v4_rcv_saddr(sk);
 	struct sock *sk2;
 	struct hlist_node *node;
 	int reuse = sk->sk_reuse;
@@ -194,9 +237,8 @@ static inline int tcp_bind_conflict(stru
 		     sk->sk_bound_dev_if == sk2->sk_bound_dev_if)) {
 			if (!reuse || !sk2->sk_reuse ||
 			    sk2->sk_state == TCP_LISTEN) {
-				const u32 sk2_rcv_saddr = tcp_v4_rcv_saddr(sk2);
-				if (!sk2_rcv_saddr || !sk_rcv_saddr ||
-				    sk2_rcv_saddr == sk_rcv_saddr)
+//				const u32 sk2_rcv_saddr = tcp_v4_rcv_saddr(sk2);
+				if (tcp_ipv4_addr_conflict(sk, sk2))
 					break;
 			}
 		}
@@ -405,6 +447,34 @@ void tcp_unhash(struct sock *sk)
 		wake_up(&tcp_lhash_wait);
 }
 
+/*
+	Check if an address is in the list
+*/
+static inline int tcp_addr_in_list (
+	u32 rcv_saddr,
+	u32 daddr,
+	struct ip_info *ip_info)
+{
+	if (rcv_saddr == daddr)
+		return 1;
+	else if (rcv_saddr == 0) {
+		/* Accept any address or check the list */
+		if (!ip_info)
+			return 1;
+		else {
+			int n = ip_info->nbipv4;
+			int i;
+
+			for (i=0; i<n; i++)
+				if (ip_info->ipv4[i] == daddr)
+					return 1;
+		}
+	}
+	return 0;
+}
+
+
+
 /* Don't inline this cruft.  Here are some nice properties to
  * exploit here.  The BSD API does not allow a listening TCP
  * to specify the remote port nor the remote address for the
@@ -426,11 +496,10 @@ static struct sock *__tcp_v4_lookup_list
 			__u32 rcv_saddr = inet->rcv_saddr;
 
 			score = (sk->sk_family == PF_INET ? 1 : 0);
-			if (rcv_saddr) {
-				if (rcv_saddr != daddr)
-					continue;
+			if (tcp_addr_in_list(rcv_saddr, daddr, sk->sk_ip_info))
 				score+=2;
-			}
+			else
+				continue;
 			if (sk->sk_bound_dev_if) {
 				if (sk->sk_bound_dev_if != dif)
 					continue;
@@ -460,8 +529,8 @@ inline struct sock *tcp_v4_lookup_listen
 		struct inet_opt *inet = inet_sk((sk = __sk_head(head)));
 
 		if (inet->num == hnum && !sk->sk_node.next &&
-		    (!inet->rcv_saddr || inet->rcv_saddr == daddr) &&
 		    (sk->sk_family == PF_INET || !ipv6_only_sock(sk)) &&
+		    tcp_addr_in_list(inet->rcv_saddr, daddr, sk->sk_ip_info) &&
 		    !sk->sk_bound_dev_if)
 			goto sherry_cache;
 		sk = __tcp_v4_lookup_listener(head, daddr, hnum, dif);
diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/tcp_minisocks.c linux-2.6.2-rc1-vs0.05.1/net/ipv4/tcp_minisocks.c
--- linux-2.6.2-rc1/net/ipv4/tcp_minisocks.c	Fri Jan  9 07:59:55 2004
+++ linux-2.6.2-rc1-vs0.05.1/net/ipv4/tcp_minisocks.c	Sat Jan 24 05:46:08 2004
@@ -362,6 +362,9 @@ void tcp_time_wait(struct sock *sk, int 
 		tw->tw_ts_recent_stamp	= tp->ts_recent_stamp;
 		tw_dead_node_init(tw);
 
+		tw->tw_xid		= sk->sk_xid;
+		tw->tw_ip_info		= NULL;
+		
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
 		if (tw->tw_family == PF_INET6) {
 			struct ipv6_pinfo *np = inet6_sk(sk);
@@ -686,6 +689,7 @@ struct sock *tcp_create_openreq_child(st
 		struct sk_filter *filter;
 
 		memcpy(newsk, sk, sizeof(struct tcp_sock));
+		newsk->sk_ip_info = get_ip_info(sk->sk_ip_info);
 		newsk->sk_state = TCP_SYN_RECV;
 
 		/* SANITY */
diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/udp.c linux-2.6.2-rc1-vs0.05.1/net/ipv4/udp.c
--- linux-2.6.2-rc1/net/ipv4/udp.c	Sat Jan 24 03:18:20 2004
+++ linux-2.6.2-rc1-vs0.05.1/net/ipv4/udp.c	Sat Jan 24 05:46:08 2004
@@ -120,6 +120,9 @@ rwlock_t udp_hash_lock = RW_LOCK_UNLOCKE
 /* Shared by v4/v6 udp. */
 int udp_port_rover;
 
+int tcp_ipv4_addr_conflict (struct sock *sk1, struct sock *sk2);
+
+
 static int udp_v4_get_port(struct sock *sk, unsigned short snum)
 {
 	struct hlist_node *node;
@@ -179,9 +182,7 @@ gotit:
 			    (!sk2->sk_bound_dev_if ||
 			     !sk->sk_bound_dev_if ||
 			     sk2->sk_bound_dev_if == sk->sk_bound_dev_if) &&
-			    (!inet2->rcv_saddr ||
-			     !inet->rcv_saddr ||
-			     inet2->rcv_saddr == inet->rcv_saddr) &&
+			    tcp_ipv4_addr_conflict(sk2, sk) &&
 			    (!sk2->sk_reuse || !sk->sk_reuse))
 				goto fail;
 		}
@@ -216,6 +217,17 @@ static void udp_v4_unhash(struct sock *s
 	write_unlock_bh(&udp_hash_lock);
 }
 
+static int udp_in_list (struct ip_info *ip_info, u32 addr)
+{
+	int n = ip_info->nbipv4;
+	int i;
+
+	for (i=0; i<n; i++)
+		if (ip_info->ipv4[i] == addr)
+			return 1;
+	return 0;
+}
+
 /* UDP is nearly always wildcards out the wazoo, it makes no sense to try
  * harder than this. -DaveM
  */
@@ -235,6 +247,11 @@ struct sock *udp_v4_lookup_longway(u32 s
 				if (inet->rcv_saddr != daddr)
 					continue;
 				score+=2;
+			} else if (sk->sk_ip_info) {
+				if (udp_in_list(sk->sk_ip_info, daddr))
+					score+=2;
+				else
+					continue;
 			}
 			if (inet->daddr) {
 				if (inet->daddr != saddr)
@@ -290,7 +307,8 @@ static inline struct sock *udp_v4_mcast_
 		if (inet->num != hnum					||
 		    (inet->daddr && inet->daddr != rmt_addr)		||
 		    (inet->dport != rmt_port && inet->dport)		||
-		    (inet->rcv_saddr && inet->rcv_saddr != loc_addr)	||
+		    (inet->rcv_saddr && inet->rcv_saddr != loc_addr &&
+		     inet->rcv_saddr2 && inet->rcv_saddr2 != loc_addr)	||
 		    ipv6_only_sock(s)					||
 		    (s->sk_bound_dev_if && s->sk_bound_dev_if != dif))
 			continue;
@@ -599,6 +617,18 @@ int udp_sendmsg(struct kiocb *iocb, stru
 				    .uli_u = { .ports =
 					       { .sport = inet->sport,
 						 .dport = dport } } };
+               struct ip_info *ip_info = current->ip_info;
+
+               if (ip_info != NULL) {
+                       __u32 ipv4root = ip_info->ipv4[0];
+                       if (ipv4root) {
+                               if (daddr == 0x0100007f &&
+                                       !vx_check(0, VX_ADMIN))
+                                       daddr = ipv4root;
+                               if (fl.nl_u.ip4_u.saddr == 0)
+                                       fl.nl_u.ip4_u.saddr = ipv4root;
+                       }
+               }
 		err = ip_route_output_flow(&rt, &fl, sk, !(msg->msg_flags&MSG_DONTWAIT));
 		if (err)
 			goto out;
diff -NurpP --minimal linux-2.6.2-rc1/net/unix/af_unix.c linux-2.6.2-rc1-vs0.05.1/net/unix/af_unix.c
--- linux-2.6.2-rc1/net/unix/af_unix.c	Sat Jan 24 03:18:22 2004
+++ linux-2.6.2-rc1-vs0.05.1/net/unix/af_unix.c	Sat Jan 24 05:46:08 2004
@@ -120,6 +120,7 @@
 #include <linux/mount.h>
 #include <net/checksum.h>
 #include <linux/security.h>
+#include <linux/vinline.h>
 
 int sysctl_unix_max_dgram_qlen = 10;
 
@@ -480,6 +481,7 @@ static struct sock * unix_create1(struct
 	sock_init_data(sock,sk);
 	sk_set_owner(sk, THIS_MODULE);
 
+	sk->sk_xid = vx_current_xid();
 	sk->sk_write_space	= unix_write_space;
 	sk->sk_max_ack_backlog	= sysctl_unix_max_dgram_qlen;
 	sk->sk_destruct		= unix_sock_destructor;
diff -NurpP --minimal linux-2.6.2-rc1/security/commoncap.c linux-2.6.2-rc1-vs0.05.1/security/commoncap.c
--- linux-2.6.2-rc1/security/commoncap.c	Sat Jan 24 03:18:22 2004
+++ linux-2.6.2-rc1-vs0.05.1/security/commoncap.c	Sat Jan 24 07:15:57 2004
@@ -125,7 +125,7 @@ void cap_bprm_compute_creds (struct linu
 	/* Derived from fs/exec.c:compute_creds. */
 	kernel_cap_t new_permitted, working;
 
-	new_permitted = cap_intersect (bprm->cap_permitted, cap_bset);
+	new_permitted = cap_intersect (bprm->cap_permitted, current->cap_bset);
 	working = cap_intersect (bprm->cap_inheritable,
 				 current->cap_inheritable);
 	new_permitted = cap_combine (new_permitted, working);