Update vserver patch to 2.0.2-rc19.

* debian/changelog: Update. * debian/patches/series/1-extra, debian/patches/series/3-extra, debian/patches/series/5-extra, debian/patches/series/9-extra, debian/patches/series/11-extra: - Remove old vserver patches. - Remove xen patches. * debian/patches/series/13-extra - Enable vserver-vs2.0.2-rc19.patch. - Move xen patches. * debian/patches/vserver-vs2.0.2-rc13.patch, debian/patches/vserver-vs2.0.2-rc14-update.patch, debian/patches/vserver-vs2.0.2-rc15-update.patch, debian/patches/vserver-vs2.0.2-rc17-update.patch, debian/patches/vserver-vs2.0.2-rc18-update.patch: Remove. * debian/patches/vserver-vs2.0.2-rc19.patch: Add. svn path=/dists/sid/linux-2.6/; revision=6543
2006-05-09 12:38:57 +00:00 · 2006-05-09 12:38:57 +00:00 · 38370d93cf
parent 584f549816
commit 38370d93cf
11 changed files with 1461 additions and 3088 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -7,6 +7,7 @@ linux-2.6 (2.6.16-13) UNRELEASED; urgency=low
  [ Bastian Blank ]
  * Don't make headers packages depend on images. 
  * Bump abiname to 2.
+  * Update vserver patch to 2.0.2-rc19.

 -- Bastian Blank <waldi@debian.org>  Tue,  9 May 2006 11:25:13 +0200

--- a/debian/patches/series/1-extra
+++ b/debian/patches/series/1-extra
@ -1,6 +1,5 @@
 + maclist.patch arm armeb
 + arm-nslu2-maclist.patch arm armeb
 + vserver-version.patch *_vserver *_xen-vserver
-+ vserver-vs2.0.2-rc13.patch *_vserver *_xen-vserver
 + mips-tulip.patch mipsel
 + mips-tulip_dc21143.patch mipsel
--- a/debian/patches/series/13-extra
+++ b/debian/patches/series/13-extra
@ -1,4 +1,4 @@
-+ vserver-vs2.0.2-rc18-update.patch *_vserver *_xen-vserver
+ vserver-vs2.0.2-rc19.patch *_vserver *_xen-vserver
 + vserver-xen-clash.patch *_xen-vserver
 + xen-tree-3.0-testing-9659.patch *_xen *_xen-vserver
 + xen-tls.patch *_xen *_xen-vserver
--- a/debian/patches/series/3-extra
+++ b/debian/patches/series/3-extra
@ -1 +0,0 @@
-+ vserver-vs2.0.2-rc14-update.patch *_vserver *_xen-vserver
--- a/debian/patches/series/5-extra
+++ b/debian/patches/series/5-extra
@ -1 +0,0 @@
-+ vserver-vs2.0.2-rc15-update.patch *_vserver *_xen-vserver
--- a/debian/patches/series/9-extra
+++ b/debian/patches/series/9-extra
@ -1 +0,0 @@
-+ vserver-vs2.0.2-rc17-update.patch *_vserver *_xen-vserver
--- a/debian/patches/vserver-vs2.0.2-rc14-update.patch
+++ b/debian/patches/vserver-vs2.0.2-rc14-update.patch
@ -1,44 +0,0 @@
--- linux-2.6.16-vs2.0.2-rc13/fs/ioprio.c	2006-03-20 17:34:49 +0100
-+++ linux-2.6.16-vs2.0.2-rc14/fs/ioprio.c	2006-03-23 19:35:17 +0100
-@@ -96,7 +96,7 @@
- 			if (!who)
- 				user = current->user;
- 			else
-				user = find_user(who, vx_current_xid());
-+				user = find_user(vx_current_xid(), who);
- 
- 			if (!user)
- 				break;
-@@ -150,7 +150,7 @@
- 			if (!who)
- 				user = current->user;
- 			else
-				user = find_user(who, vx_current_xid());
-+				user = find_user(vx_current_xid(), who);
- 
- 			if (!user)
- 				break;
--- linux-2.6.16-vs2.0.2-rc13/fs/read_write.c	2006-03-20 17:34:49 +0100
-+++ linux-2.6.16/fs/read_write.c	2006-03-20 17:33:14 +0100
-@@ -667,8 +667,9 @@
- 		if (!(in_file->f_mode & FMODE_PREAD))
- 			goto fput_in;
- 	retval = rw_verify_area(READ, in_file, ppos, count);
-+	if (retval < 0)
-	if (retval)
- 		goto fput_in;
-+	count = retval;
- 
- 	retval = security_file_permission (in_file, MAY_READ);
- 	if (retval)
-@@ -688,8 +689,9 @@
- 		goto fput_out;
- 	out_inode = out_file->f_dentry->d_inode;
- 	retval = rw_verify_area(WRITE, out_file, &out_file->f_pos, count);
-+	if (retval < 0)
-	if (retval)
- 		goto fput_out;
-+	count = retval;
- 
- 	retval = security_file_permission (out_file, MAY_WRITE);
- 	if (retval)
--- a/debian/patches/vserver-vs2.0.2-rc15-update.patch
+++ b/debian/patches/vserver-vs2.0.2-rc15-update.patch
@ -1,679 +0,0 @@
-diff -u linux-2.6.16-vs2.0.2-rc14/drivers/block/vroot.c linux-2.6.16-vs2.0.2-rc15/drivers/block/vroot.c
--- linux-2.6.16-vs2.0.2-rc14/drivers/block/vroot.c	2006-03-20 17:34:49 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/drivers/block/vroot.c	2006-03-24 16:50:44 +0100
-@@ -12,7 +12,6 @@
-  *
-  */
- 
-#include <linux/config.h>
- #include <linux/module.h>
- #include <linux/moduleparam.h>
- #include <linux/file.h>
-diff -u linux-2.6.16-vs2.0.2-rc14/include/linux/vs_context.h linux-2.6.16-vs2.0.2-rc15/include/linux/vs_context.h
--- linux-2.6.16-vs2.0.2-rc14/include/linux/vs_context.h	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/include/linux/vs_context.h	2006-04-03 05:31:18 +0200
-@@ -170,7 +170,7 @@
- 		wake_up_interruptible(&vxi->vx_wait);
- }
- 
-extern void exit_vx_info(struct task_struct *);
-+extern void exit_vx_info(struct task_struct *, int);
- 
- static inline
- struct task_struct *vx_child_reaper(struct task_struct *p)
-diff -u linux-2.6.16-vs2.0.2-rc14/include/linux/vs_memory.h linux-2.6.16-vs2.0.2-rc15/include/linux/vs_memory.h
--- linux-2.6.16-vs2.0.2-rc14/include/linux/vs_memory.h	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/include/linux/vs_memory.h	2006-03-24 16:50:44 +0100
-@@ -1,7 +1,6 @@
- #ifndef _VX_VS_MEMORY_H
- #define _VX_VS_MEMORY_H
- 
-#include <linux/config.h>
- #include "vserver/limit.h"
- #include "vserver/debug.h"
- #include "vserver/limit_int.h"
-diff -u linux-2.6.16-vs2.0.2-rc14/include/linux/vs_sched.h linux-2.6.16-vs2.0.2-rc15/include/linux/vs_sched.h
--- linux-2.6.16-vs2.0.2-rc14/include/linux/vs_sched.h	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/include/linux/vs_sched.h	2006-03-24 16:50:44 +0100
-@@ -1,7 +1,6 @@
- #ifndef _VX_VS_SCHED_H
- #define _VX_VS_SCHED_H
- 
-#include <linux/config.h>
- #include "vserver/sched.h"
- 
- 
-diff -u linux-2.6.16-vs2.0.2-rc14/include/linux/vserver/context.h linux-2.6.16-vs2.0.2-rc15/include/linux/vserver/context.h
--- linux-2.6.16-vs2.0.2-rc14/include/linux/vserver/context.h	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/include/linux/vserver/context.h	2006-04-03 05:31:18 +0200
-@@ -1,7 +1,6 @@
- #ifndef _VX_CONTEXT_H
- #define _VX_CONTEXT_H
- 
-#include <linux/config.h>
- #include <linux/types.h>
- 
- 
-@@ -111,13 +110,15 @@
- 	struct task_struct *vx_reaper;		/* guest reaper process */
- 	pid_t vx_initpid;			/* PID of guest init */
- 
-	wait_queue_head_t vx_wait;		/* context exit waitqueue */
-
- 	struct _vx_limit limit;			/* vserver limits */
- 	struct _vx_sched sched;			/* vserver scheduler */
- 	struct _vx_cvirt cvirt;			/* virtual/bias stuff */
- 	struct _vx_cacct cacct;			/* context accounting */
- 
-+	wait_queue_head_t vx_wait;		/* context exit waitqueue */
-+	int reboot_cmd;				/* last sys_reboot() cmd */
-+	int exit_code;				/* last process exit code */
-+
- 	char vx_name[65];			/* vserver name */
- };
- 
-@@ -128,6 +129,7 @@
- #define VXS_PAUSED	0x0010
- #define VXS_ONHOLD	0x0020
- #define VXS_SHUTDOWN	0x0100
-+#define VXS_HELPER	0x1000
- #define VXS_RELEASED	0x8000
- 
- /* check conditions */
-diff -u linux-2.6.16-vs2.0.2-rc14/include/linux/vserver/cvirt_def.h linux-2.6.16-vs2.0.2-rc15/include/linux/vserver/cvirt_def.h
--- linux-2.6.16-vs2.0.2-rc14/include/linux/vserver/cvirt_def.h	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/include/linux/vserver/cvirt_def.h	2006-03-24 16:50:44 +0100
-@@ -1,7 +1,6 @@
- #ifndef _VX_CVIRT_DEF_H
- #define _VX_CVIRT_DEF_H
- 
-#include <linux/config.h>
- #include <linux/jiffies.h>
- #include <linux/utsname.h>
- #include <linux/spinlock.h>
-diff -u linux-2.6.16-vs2.0.2-rc14/include/linux/vserver/debug.h linux-2.6.16-vs2.0.2-rc15/include/linux/vserver/debug.h
--- linux-2.6.16-vs2.0.2-rc14/include/linux/vserver/debug.h	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/include/linux/vserver/debug.h	2006-03-24 16:50:44 +0100
-@@ -1,8 +1,6 @@
- #ifndef _VX_DEBUG_H
- #define _VX_DEBUG_H
- 
-#include <linux/config.h>
-
- 
- #define VXD_CBIT(n,m)	(vx_debug_ ## n & (1 << (m)))
- #define VXD_CMIN(n,m)	(vx_debug_ ## n > (m))
-diff -u linux-2.6.16-vs2.0.2-rc14/include/linux/vserver/dlimit_cmd.h linux-2.6.16-vs2.0.2-rc15/include/linux/vserver/dlimit_cmd.h
--- linux-2.6.16-vs2.0.2-rc14/include/linux/vserver/dlimit_cmd.h	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/include/linux/vserver/dlimit_cmd.h	2006-03-24 16:50:44 +0100
-@@ -1,8 +1,6 @@
- #ifndef _VX_DLIMIT_CMD_H
- #define _VX_DLIMIT_CMD_H
- 
-#include <linux/config.h>
-
- 
- /*  dlimit vserver commands */
- 
-diff -u linux-2.6.16-vs2.0.2-rc14/include/linux/vserver/inode.h linux-2.6.16-vs2.0.2-rc15/include/linux/vserver/inode.h
--- linux-2.6.16-vs2.0.2-rc14/include/linux/vserver/inode.h	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/include/linux/vserver/inode.h	2006-03-24 16:50:44 +0100
-@@ -15,8 +15,6 @@
- 
- #ifdef	__KERNEL__
- 
-#include <linux/config.h>
-
- 
- #ifdef	CONFIG_VSERVER_PROC_SECURE
- #define IATTR_PROC_DEFAULT	( IATTR_ADMIN | IATTR_HIDE )
-diff -u linux-2.6.16-vs2.0.2-rc14/include/linux/vserver/inode_cmd.h linux-2.6.16-vs2.0.2-rc15/include/linux/vserver/inode_cmd.h
--- linux-2.6.16-vs2.0.2-rc14/include/linux/vserver/inode_cmd.h	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/include/linux/vserver/inode_cmd.h	2006-03-24 16:50:44 +0100
-@@ -28,8 +28,6 @@
- 
- #ifdef	__KERNEL__
- 
-#include <linux/config.h>
-
- 
- #ifdef	CONFIG_COMPAT
- 
-diff -u linux-2.6.16-vs2.0.2-rc14/include/linux/vserver/limit_cmd.h linux-2.6.16-vs2.0.2-rc15/include/linux/vserver/limit_cmd.h
--- linux-2.6.16-vs2.0.2-rc14/include/linux/vserver/limit_cmd.h	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/include/linux/vserver/limit_cmd.h	2006-04-03 02:37:59 +0200
-@@ -28,10 +28,28 @@
- #ifdef	__KERNEL__
- 
-+#ifdef	CONFIG_IA32_EMULATION
-+
-+struct	vcmd_ctx_rlimit_v0_x32 {
-+	uint32_t id;
-+	uint64_t minimum;
-+	uint64_t softlimit;
-+	uint64_t maximum;
-+} __attribute__ ((aligned (4)));
-+
-+#endif	/* CONFIG_IA32_EMULATION */
-+
- #include <linux/compiler.h>
- 
- extern int vc_get_rlimit(uint32_t, void __user *);
- extern int vc_set_rlimit(uint32_t, void __user *);
- extern int vc_get_rlimit_mask(uint32_t, void __user *);
- 
-+#ifdef	CONFIG_IA32_EMULATION
-+
-+extern int vc_get_rlimit_x32(uint32_t, void __user *);
-+extern int vc_set_rlimit_x32(uint32_t, void __user *);
-+
-+#endif	/* CONFIG_IA32_EMULATION */
-+
- #endif	/* __KERNEL__ */
- #endif	/* _VX_LIMIT_CMD_H */
-diff -u linux-2.6.16-vs2.0.2-rc14/include/linux/vserver/limit_def.h linux-2.6.16-vs2.0.2-rc15/include/linux/vserver/limit_def.h
--- linux-2.6.16-vs2.0.2-rc14/include/linux/vserver/limit_def.h	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/include/linux/vserver/limit_def.h	2006-03-24 16:50:44 +0100
-@@ -1,7 +1,6 @@
- #ifndef _VX_LIMIT_DEF_H
- #define _VX_LIMIT_DEF_H
- 
-#include <linux/config.h>
- #include <asm/atomic.h>
- #include <asm/resource.h>
- 
-diff -u linux-2.6.16-vs2.0.2-rc14/include/linux/vserver/sched_def.h linux-2.6.16-vs2.0.2-rc15/include/linux/vserver/sched_def.h
--- linux-2.6.16-vs2.0.2-rc14/include/linux/vserver/sched_def.h	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/include/linux/vserver/sched_def.h	2006-03-24 16:50:44 +0100
-@@ -1,7 +1,6 @@
- #ifndef _VX_SCHED_DEF_H
- #define _VX_SCHED_DEF_H
- 
-#include <linux/config.h>
- #include <linux/spinlock.h>
- #include <linux/jiffies.h>
- #include <linux/cpumask.h>
-diff -u linux-2.6.16-vs2.0.2-rc14/include/linux/vserver/signal_cmd.h linux-2.6.16-vs2.0.2-rc15/include/linux/vserver/signal_cmd.h
--- linux-2.6.16-vs2.0.2-rc14/include/linux/vserver/signal_cmd.h	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/include/linux/vserver/signal_cmd.h	2006-04-03 05:31:18 +0200
-@@ -13,8 +13,8 @@
- };
- 
- struct	vcmd_wait_exit_v0 {
-	int32_t a;
-	int32_t b;
-+	int32_t reboot_cmd;
-+	int32_t exit_code;
- };
- 
- #ifdef	__KERNEL__
-diff -u linux-2.6.16-vs2.0.2-rc14/kernel/exit.c linux-2.6.16-vs2.0.2-rc15/kernel/exit.c
--- linux-2.6.16-vs2.0.2-rc14/kernel/exit.c	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/kernel/exit.c	2006-04-03 05:31:18 +0200
-@@ -869,7 +869,7 @@
- 	__exit_files(tsk);
- 	__exit_fs(tsk);
- 	exit_namespace(tsk);
-	exit_vx_info(tsk);
-+	exit_vx_info(tsk, code);
- 	exit_nx_info(tsk);
- 	exit_thread();
- 	cpuset_exit(tsk);
-diff -u linux-2.6.16-vs2.0.2-rc14/kernel/vserver/Kconfig linux-2.6.16-vs2.0.2-rc15/kernel/vserver/Kconfig
--- linux-2.6.16-vs2.0.2-rc14/kernel/vserver/Kconfig	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/kernel/vserver/Kconfig	2006-03-24 16:50:44 +0100
-@@ -2,21 +2,6 @@
- # Linux VServer configuration
- #
- 
-config	VSERVER
-	bool
-	default y
-
-config	VSERVER_SECURITY
-	bool
-	depends on SECURITY
-	default y
-	select SECURITY_CAPABILITIES
-
-config	VSERVER_LEGACYNET
-	bool
-	depends on !VSERVER_NGNET
-	default y
-
- menu "Linux VServer"
- 
- config	VSERVER_LEGACY
-@@ -179,0 +165,16 @@
-+
-+config	VSERVER
-+	bool
-+	default y
-+
-+config	VSERVER_SECURITY
-+	bool
-+	depends on SECURITY
-+	default y
-+	select SECURITY_CAPABILITIES
-+
-+config	VSERVER_LEGACYNET
-+	bool
-+	depends on !VSERVER_NGNET
-+	default y
-+
-diff -u linux-2.6.16-vs2.0.2-rc14/kernel/vserver/context.c linux-2.6.16-vs2.0.2-rc15/kernel/vserver/context.c
--- linux-2.6.16-vs2.0.2-rc14/kernel/vserver/context.c	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/kernel/vserver/context.c	2006-04-03 05:31:18 +0200
-@@ -19,7 +19,6 @@
-  *
-  */
- 
-#include <linux/config.h>
- #include <linux/slab.h>
- #include <linux/types.h>
- #include <linux/namespace.h>
-@@ -82,6 +81,9 @@
- 	new->vx_bcaps = CAP_INIT_EFF_SET;
- 	new->vx_ccaps = 0;
- 
-+	new->reboot_cmd = 0;
-+	new->exit_code = 0;
-+
- 	vxdprintk(VXD_CBIT(xid, 0),
- 		"alloc_vx_info(%d) = %p", xid, new);
- 	vxh_alloc_vx_info(new);
-@@ -617,12 +619,13 @@
- 	return 0;
- }
- 
-void vx_exit_init(struct vx_info *vxi, struct task_struct *p)
-+void vx_exit_init(struct vx_info *vxi, struct task_struct *p, int code)
- {
- 	vxdprintk(VXD_CBIT(xid, 6),
- 		"vx_exit_init(%p[#%d],%p[#%d,%d,%d])",
- 		vxi, vxi->vx_id, p, p->xid, p->pid, p->tgid);
- 
-+	vxi->exit_code = code;
- 	vxi->vx_initpid = 0;
- }
- 
-@@ -643,7 +646,7 @@
- 
- /*	task must be current or locked		*/
- 
-void	exit_vx_info(struct task_struct *p)
-+void	exit_vx_info(struct task_struct *p, int code)
- {
- 	struct vx_info *vxi = p->vx_info;
- 
-@@ -651,8 +654,9 @@
- 		atomic_dec(&vxi->cvirt.nr_threads);
- 		vx_nproc_dec(p);
- 
-+		vxi->exit_code = code;
- 		if (vxi->vx_initpid == p->tgid)
-			vx_exit_init(vxi, p);
-+			vx_exit_init(vxi, p, code);
- 		if (vxi->vx_reaper == p)
- 			vx_set_reaper(vxi, child_reaper);
- 		release_vx_info(vxi, p);
-diff -u linux-2.6.16-vs2.0.2-rc14/kernel/vserver/cvirt_init.h linux-2.6.16-vs2.0.2-rc15/kernel/vserver/cvirt_init.h
--- linux-2.6.16-vs2.0.2-rc14/kernel/vserver/cvirt_init.h	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/kernel/vserver/cvirt_init.h	2006-03-24 16:50:48 +0100
-@@ -1,6 +1,4 @@
- 
-#include <linux/config.h>
-
- 
- #include <linux/config.h>
- 
-diff -u linux-2.6.16-vs2.0.2-rc14/kernel/vserver/dlimit.c linux-2.6.16-vs2.0.2-rc15/kernel/vserver/dlimit.c
--- linux-2.6.16-vs2.0.2-rc14/kernel/vserver/dlimit.c	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/kernel/vserver/dlimit.c	2006-03-24 16:50:48 +0100
-@@ -10,7 +10,6 @@
-  *
-  */
- 
-#include <linux/config.h>
- #include <linux/fs.h>
- #include <linux/namespace.h>
- #include <linux/namei.h>
-diff -u linux-2.6.16-vs2.0.2-rc14/kernel/vserver/helper.c linux-2.6.16-vs2.0.2-rc15/kernel/vserver/helper.c
--- linux-2.6.16-vs2.0.2-rc14/kernel/vserver/helper.c	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/kernel/vserver/helper.c	2006-04-03 05:30:52 +0200
-@@ -9,7 +9,6 @@
-  *
-  */
- 
-#include <linux/config.h>
- #include <linux/errno.h>
- #include <linux/kmod.h>
- #include <linux/sched.h>
-@@ -64,6 +63,10 @@
- 			"PATH=/sbin:/usr/sbin:/bin:/usr/bin",
- 			uid_buf, pid_buf, cmd_buf, 0};
- 
-+	if (vx_info_state(vxi, VXS_HELPER))
-+		return -EAGAIN;
-+	vxi->vx_state |= VXS_HELPER;
-+
- 	snprintf(id_buf, sizeof(id_buf)-1, "%d", vxi->vx_id);
- 
- 	snprintf(cmd_buf, sizeof(cmd_buf)-1, "VS_CMD=%08x", cmd);
-@@ -88,6 +91,7 @@
- 		break;
- 
- 	default:
-+		vxi->vx_state &= ~VXS_HELPER;
- 		return 0;
- 	}
- 
-@@ -96,6 +100,8 @@
- #else
- 	ret = do_vshelper(vshelper_path, argv, envp, 0);
- #endif
-+	vxi->vx_state &= ~VXS_HELPER;
-+	__wakeup_vx_info(vxi);
- 	return (ret) ? -EPERM : 0;
- }
- 
-@@ -108,6 +114,12 @@
- 	vxdprintk(VXD_CBIT(misc, 5),
- 		"vs_reboot(%p[#%d],%d)",
- 		vxi, vxi?vxi->vx_id:0, cmd);
-+
-+	ret = vs_reboot_helper(vxi, cmd, arg);
-+	if (ret)
-+		return ret;
-+
-+	vxi->reboot_cmd = cmd;
- 	if (vx_info_flags(vxi, VXF_REBOOT_KILL, 0)) {
- 		switch (cmd) {
- 		case LINUX_REBOOT_CMD_RESTART:
-@@ -118,10 +130,8 @@
- 		default:
- 			break;
- 		}
-	} else {
-		ret = vs_reboot_helper(vxi, cmd, arg);
- 	}
-	return ret;
-+	return 0;
- }
- 
- 
-diff -u linux-2.6.16-vs2.0.2-rc14/kernel/vserver/history.c linux-2.6.16-vs2.0.2-rc15/kernel/vserver/history.c
--- linux-2.6.16-vs2.0.2-rc14/kernel/vserver/history.c	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/kernel/vserver/history.c	2006-03-24 16:50:48 +0100
-@@ -11,7 +11,6 @@
-  *
-  */
- 
-#include <linux/config.h>
- #include <linux/errno.h>
- #include <linux/module.h>
- #include <linux/types.h>
-diff -u linux-2.6.16-vs2.0.2-rc14/kernel/vserver/init.c linux-2.6.16-vs2.0.2-rc15/kernel/vserver/init.c
--- linux-2.6.16-vs2.0.2-rc14/kernel/vserver/init.c	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/kernel/vserver/init.c	2006-03-24 16:50:44 +0100
-@@ -9,7 +9,6 @@
-  *
-  */
- 
-#include <linux/config.h>
- #include <linux/errno.h>
- #include <linux/init.h>
- #include <linux/module.h>
-diff -u linux-2.6.16-vs2.0.2-rc14/kernel/vserver/inode.c linux-2.6.16-vs2.0.2-rc15/kernel/vserver/inode.c
--- linux-2.6.16-vs2.0.2-rc14/kernel/vserver/inode.c	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/kernel/vserver/inode.c	2006-03-24 16:50:48 +0100
-@@ -9,7 +9,6 @@
-  *
-  */
- 
-#include <linux/config.h>
- #include <linux/sched.h>
- #include <linux/vs_context.h>
- #include <linux/proc_fs.h>
-diff -u linux-2.6.16-vs2.0.2-rc14/kernel/vserver/limit.c linux-2.6.16-vs2.0.2-rc15/kernel/vserver/limit.c
--- linux-2.6.16-vs2.0.2-rc14/kernel/vserver/limit.c	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/kernel/vserver/limit.c	2006-04-03 01:43:40 +0200
-@@ -71,53 +71,114 @@
- 	return limit;
- }
- 
-int vc_get_rlimit(uint32_t id, void __user *data)
-+int do_get_rlimit(xid_t xid, uint32_t id,
-+	uint64_t *minimum, uint64_t *softlimit, uint64_t *maximum)
- {
- 	struct vx_info *vxi;
-	struct vcmd_ctx_rlimit_v0 vc_data;
- 
-	if (copy_from_user (&vc_data, data, sizeof(vc_data)))
-		return -EFAULT;
-	if (!is_valid_rlimit(vc_data.id))
-+	if (!is_valid_rlimit(id))
- 		return -EINVAL;
- 
-	vxi = lookup_vx_info(id);
-+	vxi = lookup_vx_info(xid);
- 	if (!vxi)
- 		return -ESRCH;
- 
-	vc_data.maximum = vc_get_rlim(vxi, vc_data.id);
-	vc_data.minimum = CRLIM_UNSET;
-	vc_data.softlimit = CRLIM_UNSET;
-+	if (minimum)
-+		*minimum = CRLIM_UNSET;
-+	if (softlimit)
-+		*softlimit = CRLIM_UNSET;
-+	if (maximum)
-+		*maximum = vc_get_rlim(vxi, id);
- 	put_vx_info(vxi);
-+	return 0;
-+}
-+
-+int vc_get_rlimit(uint32_t id, void __user *data)
-+{
-+	struct vcmd_ctx_rlimit_v0 vc_data;
-+	int ret;
-+
-+	if (copy_from_user (&vc_data, data, sizeof(vc_data)))
-+		return -EFAULT;
-+
-+	ret = do_get_rlimit(id, vc_data.id,
-+		&vc_data.minimum, &vc_data.softlimit, &vc_data.maximum);
-+	if (ret)
-+		return ret;
- 
- 	if (copy_to_user (data, &vc_data, sizeof(vc_data)))
- 		return -EFAULT;
- 	return 0;
- }
- 
-int vc_set_rlimit(uint32_t id, void __user *data)
-+int do_set_rlimit(xid_t xid, uint32_t id,
-+	uint64_t minimum, uint64_t softlimit, uint64_t maximum)
- {
- 	struct vx_info *vxi;
-+
-+	if (!is_valid_rlimit(id))
-+		return -EINVAL;
-+
-+	vxi = lookup_vx_info(xid);
-+	if (!vxi)
-+		return -ESRCH;
-+
-+	if (maximum != CRLIM_KEEP)
-+		vxi->limit.rlim[id] = maximum;
-+
-+	put_vx_info(vxi);
-+	return 0;
-+}
-+
-+int vc_set_rlimit(uint32_t id, void __user *data)
-+{
- 	struct vcmd_ctx_rlimit_v0 vc_data;
- 
- 	if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RESOURCE))
- 		return -EPERM;
- 	if (copy_from_user (&vc_data, data, sizeof(vc_data)))
- 		return -EFAULT;
-	if (!is_valid_rlimit(vc_data.id))
-		return -EINVAL;
- 
-	vxi = lookup_vx_info(id);
-	if (!vxi)
-		return -ESRCH;
-+	return do_set_rlimit(id, vc_data.id,
-+		vc_data.minimum, vc_data.softlimit, vc_data.maximum);
-+}
- 
-	if (vc_data.maximum != CRLIM_KEEP)
-		vxi->limit.rlim[vc_data.id] = vc_data.maximum;
-	put_vx_info(vxi);
-+#ifdef	CONFIG_IA32_EMULATION
-+
-+int vc_set_rlimit_x32(uint32_t id, void __user *data)
-+{
-+	struct vcmd_ctx_rlimit_v0_x32 vc_data;
-+
-+	if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RESOURCE))
-+		return -EPERM;
-+	if (copy_from_user (&vc_data, data, sizeof(vc_data)))
-+		return -EFAULT;
-+
-+	return do_set_rlimit(id, vc_data.id,
-+		vc_data.minimum, vc_data.softlimit, vc_data.maximum);
-+}
- 
-+int vc_get_rlimit_x32(uint32_t id, void __user *data)
-+{
-+	struct vcmd_ctx_rlimit_v0_x32 vc_data;
-+	int ret;
-+
-+	if (copy_from_user (&vc_data, data, sizeof(vc_data)))
-+		return -EFAULT;
-+
-+	ret = do_get_rlimit(id, vc_data.id,
-+		&vc_data.minimum, &vc_data.softlimit, &vc_data.maximum);
-+	if (ret)
-+		return ret;
-+
-+	if (copy_to_user (data, &vc_data, sizeof(vc_data)))
-+		return -EFAULT;
- 	return 0;
- }
- 
-+#endif	/* CONFIG_IA32_EMULATION */
-+
-+
- int vc_get_rlimit_mask(uint32_t id, void __user *data)
- {
- 	static struct vcmd_ctx_rlimit_mask_v0 mask = {
-diff -u linux-2.6.16-vs2.0.2-rc14/kernel/vserver/limit_init.h linux-2.6.16-vs2.0.2-rc15/kernel/vserver/limit_init.h
--- linux-2.6.16-vs2.0.2-rc14/kernel/vserver/limit_init.h	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/kernel/vserver/limit_init.h	2006-03-24 16:50:48 +0100
-@@ -1,6 +1,4 @@
- 
-#include <linux/config.h>
-
- 
- #include <linux/config.h>
- 
-diff -u linux-2.6.16-vs2.0.2-rc14/kernel/vserver/network.c linux-2.6.16-vs2.0.2-rc15/kernel/vserver/network.c
--- linux-2.6.16-vs2.0.2-rc14/kernel/vserver/network.c	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/kernel/vserver/network.c	2006-03-24 16:50:48 +0100
-@@ -13,7 +13,6 @@
-  *
-  */
- 
-#include <linux/config.h>
- #include <linux/slab.h>
- #include <linux/vserver/network_cmd.h>
- #include <linux/rcupdate.h>
-diff -u linux-2.6.16-vs2.0.2-rc14/kernel/vserver/sched.c linux-2.6.16-vs2.0.2-rc15/kernel/vserver/sched.c
--- linux-2.6.16-vs2.0.2-rc14/kernel/vserver/sched.c	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/kernel/vserver/sched.c	2006-03-24 16:50:48 +0100
-@@ -10,7 +10,6 @@
-  *
-  */
- 
-#include <linux/config.h>
- #include <linux/sched.h>
- #include <linux/vs_context.h>
- #include <linux/vs_sched.h>
-diff -u linux-2.6.16-vs2.0.2-rc14/kernel/vserver/signal.c linux-2.6.16-vs2.0.2-rc15/kernel/vserver/signal.c
--- linux-2.6.16-vs2.0.2-rc14/kernel/vserver/signal.c	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/kernel/vserver/signal.c	2006-04-03 05:31:18 +0200
-@@ -99,7 +99,8 @@
- 	set_current_state(TASK_INTERRUPTIBLE);
- 
- wait:
-	if (vx_info_state(vxi, VXS_SHUTDOWN|VXS_HASHED) == VXS_SHUTDOWN)
-+	if (vx_info_state(vxi,
-+		VXS_SHUTDOWN|VXS_HASHED|VXS_HELPER) == VXS_SHUTDOWN)
- 		goto out;
- 	if (signal_pending(current)) {
- 		ret = -ERESTARTSYS;
-@@ -119,6 +120,7 @@
- int vc_wait_exit(uint32_t id, void __user *data)
- {
- 	struct vx_info *vxi;
-+	struct vcmd_wait_exit_v0 vc_data;
- 	int ret;
- 
- 	vxi = lookup_vx_info(id);
-@@ -126,7 +128,12 @@
- 		return -ESRCH;
- 
- 	ret = __wait_exit(vxi);
-+	vc_data.reboot_cmd = vxi->reboot_cmd;
-+	vc_data.exit_code = vxi->exit_code;
- 	put_vx_info(vxi);
-+
-+	if (copy_to_user (data, &vc_data, sizeof(vc_data)))
-+		ret = -EFAULT;
- 	return ret;
- }
- 
-diff -u linux-2.6.16-vs2.0.2-rc14/kernel/vserver/switch.c linux-2.6.16-vs2.0.2-rc15/kernel/vserver/switch.c
--- linux-2.6.16-vs2.0.2-rc14/kernel/vserver/switch.c	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/kernel/vserver/switch.c	2006-04-03 02:38:01 +0200
-@@ -14,7 +14,6 @@
-  *
-  */
- 
-#include <linux/config.h>
- #include <linux/linkage.h>
- #include <linux/sched.h>
- #include <linux/compat.h>
-@@ -131,10 +130,17 @@
- #endif
- 
- 	switch (cmd) {
-+#ifdef	CONFIG_IA32_EMULATION
-+	case VCMD_get_rlimit:
-+		return __COMPAT(vc_get_rlimit, id, data, compat);
-+	case VCMD_set_rlimit:
-+		return __COMPAT(vc_set_rlimit, id, data, compat);
-+#else
- 	case VCMD_get_rlimit:
- 		return vc_get_rlimit(id, data);
- 	case VCMD_set_rlimit:
- 		return vc_set_rlimit(id, data);
-+#endif
- 	case VCMD_get_rlimit_mask:
- 		return vc_get_rlimit_mask(id, data);
- 
-diff -u linux-2.6.16-vs2.0.2-rc14/kernel/vserver/vci_config.h linux-2.6.16-vs2.0.2-rc15/kernel/vserver/vci_config.h
--- linux-2.6.16-vs2.0.2-rc14/kernel/vserver/vci_config.h	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16-vs2.0.2-rc15/kernel/vserver/vci_config.h	2006-03-24 16:50:44 +0100
-@@ -1,7 +1,4 @@
- 
-#include <linux/config.h>
-
-
- enum {
- 	VCI_KCBIT_LEGACY = 1,
- 	VCI_KCBIT_LEGACYNET,
--- a/debian/patches/vserver-vs2.0.2-rc17-update.patch
+++ b/debian/patches/vserver-vs2.0.2-rc17-update.patch
@ -1,75 +0,0 @@
-diff -urN linux-2.6-2.6.16-vs2.0.2-rc16/fs/namei.c linux-2.6-2.6.16-vs2.0.2-rc17/fs/namei.c
--- linux-2.6-2.6.16-vs2.0.2-rc16/fs/namei.c	2006-04-19 14:47:38.000000000 +0200
-+++ linux-2.6-2.6.16-vs2.0.2-rc17/fs/namei.c	2006-04-19 14:48:36.000000000 +0200
-@@ -242,7 +242,7 @@
- 
- 	vxwprintk(1, "xid=%d denied access to %p[#%d,%lu] »%s«.",
- 		vx_current_xid(), inode, inode->i_xid, inode->i_ino,
-		vxd_path(nd->dentry, nd->mnt));
-+		vxd_cond_path(nd));
- 	return -EACCES;
- }
- 
-diff -urN linux-2.6-2.6.16-vs2.0.2-rc16/include/linux/vserver/debug.h linux-2.6-2.6.16-vs2.0.2-rc17/include/linux/vserver/debug.h
--- linux-2.6-2.6.16-vs2.0.2-rc16/include/linux/vserver/debug.h	2006-04-19 14:47:39.000000000 +0200
-+++ linux-2.6-2.6.16-vs2.0.2-rc17/include/linux/vserver/debug.h	2006-04-19 14:48:36.000000000 +0200
-@@ -60,11 +60,13 @@
- 			printk(VX_WARNLEVEL f "\n" , ##x);	\
- 	} while (0)
- 
-
- #define vxd_path(d,m)						\
- 	({ static char _buffer[PATH_MAX];			\
- 	   d_path((d), (m), _buffer, sizeof(_buffer)); })
- 
-+#define vxd_cond_path(n)					\
-+	((n) ? vxd_path((n)->dentry, (n)->mnt) : "<null>" )
-+
- #else	/* CONFIG_VSERVER_DEBUG */
- 
- #define vx_debug_switch 0
-@@ -82,6 +84,7 @@
- #define vxwprintk(x...) do { } while (0)
- 
- #define vxd_path	"<none>"
-+#define vxd_cond_path	vxd_path
- 
- #endif	/* CONFIG_VSERVER_DEBUG */
- 
-diff -urN linux-2.6-2.6.16-vs2.0.2-rc16/net/ipv4/devinet.c linux-2.6-2.6.16-vs2.0.2-rc17/net/ipv4/devinet.c
--- linux-2.6-2.6.16-vs2.0.2-rc16/net/ipv4/devinet.c	2006-04-19 14:47:39.000000000 +0200
-+++ linux-2.6-2.6.16-vs2.0.2-rc17/net/ipv4/devinet.c	2006-04-19 14:48:37.000000000 +0200
-@@ -529,33 +529,6 @@
-   	return rc;
- }
- 
-/*
-	Check that a device is not member of the ipv4root assigned to the process
-	Return true if this is the case
-
-	If the process is not bound to specific IP, then it returns 0 (all
-	interface are fine).
-*/
-static inline int devinet_notiproot (struct in_ifaddr *ifa)
-{
-	int ret = 0;
-	struct nx_info *nxi;
-
-	if ((nxi = current->nx_info)) {
-		int i;
-		int nbip = nxi->nbipv4;
-		__u32 addr = ifa->ifa_local;
-		ret = 1;
-		for (i=0; i<nbip; i++) {
-			if(nxi->ipv4[i] == addr) {
-				ret = 0;
-				break;
-			}
-		}
-	}
-	return ret;
-}
-
- 
- int devinet_ioctl(unsigned int cmd, void __user *arg)
- {
--- a/debian/patches/vserver-vs2.0.2-rc18-update.patch
+++ b/debian/patches/vserver-vs2.0.2-rc18-update.patch
@ -1,349 +0,0 @@
-diff -u linux-2.6.16.8-vs2.0.2-rc17/fs/namespace.c linux-2.6.16.11-vs2.0.2-rc18/fs/namespace.c
--- linux-2.6.16.8-vs2.0.2-rc17/fs/namespace.c	2006-03-20 17:34:49 +0100
-+++ linux-2.6.16.11-vs2.0.2-rc18/fs/namespace.c	2006-04-28 01:59:36 +0200
-@@ -676,7 +676,7 @@
- 		goto dput_and_out;
- 
- 	retval = -EPERM;
-	if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SECURE_MOUNT))
-+	if (!vx_capable(CAP_SYS_ADMIN, VXC_SECURE_MOUNT))
- 		goto dput_and_out;
- 
- 	retval = do_umount(nd.mnt, flags);
-@@ -700,9 +700,7 @@
- 
- static int mount_is_safe(struct nameidata *nd)
- {
-	if (capable(CAP_SYS_ADMIN))
-		return 0;
-	if (vx_ccaps(VXC_SECURE_MOUNT))
-+	if (vx_capable(CAP_SYS_ADMIN, VXC_SECURE_MOUNT))
- 		return 0;
- 	return -EPERM;
- #ifdef notyet
-@@ -996,7 +994,7 @@
- 	int err;
- 	struct super_block *sb = nd->mnt->mnt_sb;
- 
-	if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SECURE_REMOUNT))
-+	if (!vx_capable(CAP_SYS_ADMIN, VXC_SECURE_REMOUNT))
- 		return -EPERM;
- 
- 	if (!check_mnt(nd->mnt))
-@@ -1030,7 +1028,7 @@
- 	struct nameidata old_nd, parent_nd;
- 	struct vfsmount *p;
- 	int err = 0;
-	if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SECURE_MOUNT))
-+	if (!vx_capable(CAP_SYS_ADMIN, VXC_SECURE_MOUNT))
- 		return -EPERM;
- 	if (!old_name || !*old_name)
- 		return -EINVAL;
-@@ -1110,7 +1108,7 @@
- 		return -EINVAL;
- 
- 	/* we need capabilities... */
-	if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SECURE_MOUNT))
-+	if (!vx_capable(CAP_SYS_ADMIN, VXC_SECURE_MOUNT))
- 		return -EPERM;
- 
- 	mnt = do_kern_mount(type, flags, name, data);
-@@ -1502,7 +1500,7 @@
- 	if (!(flags & CLONE_NEWNS))
- 		return 0;
- 
-	if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SECURE_MOUNT)) {
-+	if (!vx_capable(CAP_SYS_ADMIN, VXC_SECURE_MOUNT)) {
- 		err = -EPERM;
- 		goto out;
- 	}
-diff -u linux-2.6.16.8-vs2.0.2-rc17/fs/quota.c linux-2.6.16.11-vs2.0.2-rc18/fs/quota.c
--- linux-2.6.16.8-vs2.0.2-rc17/fs/quota.c	2006-03-20 17:34:49 +0100
-+++ linux-2.6.16.11-vs2.0.2-rc18/fs/quota.c	2006-04-28 01:59:36 +0200
-@@ -84,11 +84,11 @@
- 	if (cmd == Q_GETQUOTA) {
- 		if (((type == USRQUOTA && current->euid != id) ||
- 		     (type == GRPQUOTA && !in_egroup_p(id))) &&
-		    !capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_QUOTA_CTL))
-+		    !vx_capable(CAP_SYS_ADMIN, VXC_QUOTA_CTL))
- 			return -EPERM;
- 	}
- 	else if (cmd != Q_GETFMT && cmd != Q_SYNC && cmd != Q_GETINFO)
-		if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_QUOTA_CTL))
-+		if (!vx_capable(CAP_SYS_ADMIN, VXC_QUOTA_CTL))
- 			return -EPERM;
- 
- 	return 0;
-@@ -135,10 +135,10 @@
- 	if (cmd == Q_XGETQUOTA) {
- 		if (((type == XQM_USRQUOTA && current->euid != id) ||
- 		     (type == XQM_GRPQUOTA && !in_egroup_p(id))) &&
-		     !capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_QUOTA_CTL))
-+		     !vx_capable(CAP_SYS_ADMIN, VXC_QUOTA_CTL))
- 			return -EPERM;
- 	} else if (cmd != Q_XGETQSTAT && cmd != Q_XQUOTASYNC) {
-		if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_QUOTA_CTL))
-+		if (!vx_capable(CAP_SYS_ADMIN, VXC_QUOTA_CTL))
- 			return -EPERM;
- 	}
- 
-diff -u linux-2.6.16.8-vs2.0.2-rc17/fs/super.c linux-2.6.16.11-vs2.0.2-rc18/fs/super.c
--- linux-2.6.16.8-vs2.0.2-rc17/fs/super.c	2006-03-20 17:34:49 +0100
-+++ linux-2.6.16.11-vs2.0.2-rc18/fs/super.c	2006-04-28 01:59:36 +0200
-@@ -815,7 +815,7 @@
- 
- 	sb = ERR_PTR(-EPERM);
- 	if ((type->fs_flags & FS_BINARY_MOUNTDATA) &&
-		!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_BINARY_MOUNT))
-+		!vx_capable(CAP_SYS_ADMIN, VXC_BINARY_MOUNT))
- 		goto out;
- 
- 	sb = ERR_PTR(-ENOMEM);
-diff -u linux-2.6.16.8-vs2.0.2-rc17/fs/xfs/quota/xfs_qm_syscalls.c linux-2.6.16.11-vs2.0.2-rc18/fs/xfs/quota/xfs_qm_syscalls.c
--- linux-2.6.16.8-vs2.0.2-rc17/fs/xfs/quota/xfs_qm_syscalls.c	2006-03-20 17:34:49 +0100
-+++ linux-2.6.16.11-vs2.0.2-rc18/fs/xfs/quota/xfs_qm_syscalls.c	2006-04-28 01:59:36 +0200
-@@ -215,7 +215,7 @@
- 	xfs_qoff_logitem_t	*qoffstart;
- 	int			nculprits;
- 
-	if (!force && !capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_QUOTA_CTL))
-+	if (!force && !vx_capable(CAP_SYS_ADMIN, VXC_QUOTA_CTL))
- 		return XFS_ERROR(EPERM);
- 	/*
- 	 * No file system can have quotas enabled on disk but not in core.
-@@ -384,7 +384,7 @@
- 	int		error;
- 	xfs_inode_t	*qip;
- 
-	if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_QUOTA_CTL))
-+	if (!vx_capable(CAP_SYS_ADMIN, VXC_QUOTA_CTL))
- 		return XFS_ERROR(EPERM);
- 	error = 0;
- 	if (!XFS_SB_VERSION_HASQUOTA(&mp->m_sb) || flags == 0) {
-@@ -429,7 +429,7 @@
- 	uint		accflags;
- 	__int64_t	sbflags;
- 
-	if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_QUOTA_CTL))
-+	if (!vx_capable(CAP_SYS_ADMIN, VXC_QUOTA_CTL))
- 		return XFS_ERROR(EPERM);
- 
- 	flags &= (XFS_ALL_QUOTA_ACCT | XFS_ALL_QUOTA_ENFD);
-@@ -600,7 +600,7 @@
- 	int			error;
- 	xfs_qcnt_t		hard, soft;
- 
-	if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_QUOTA_CTL))
-+	if (!vx_capable(CAP_SYS_ADMIN, VXC_QUOTA_CTL))
- 		return XFS_ERROR(EPERM);
- 
- 	if ((newlim->d_fieldmask &
-diff -u linux-2.6.16.8-vs2.0.2-rc17/include/linux/vs_base.h linux-2.6.16.11-vs2.0.2-rc18/include/linux/vs_base.h
--- linux-2.6.16.8-vs2.0.2-rc17/include/linux/vs_base.h	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16.11-vs2.0.2-rc18/include/linux/vs_base.h	2006-04-28 02:00:37 +0200
-@@ -97,6 +97,9 @@
- 	(current->vx_info && \
- 	(current->vx_info->vx_initpid == (n)))
- 
-+#define vx_capable(b,c) (capable(b) || \
-+	((current->euid == 0) && vx_ccaps(c)))
-+
- 
- #else
- #warning duplicate inclusion
-diff -u linux-2.6.16.8-vs2.0.2-rc17/include/net/route.h linux-2.6.16.11-vs2.0.2-rc18/include/net/route.h
--- linux-2.6.16.8-vs2.0.2-rc17/include/net/route.h	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16.11-vs2.0.2-rc18/include/net/route.h	2006-04-26 19:12:32 +0200
-@@ -229,6 +229,8 @@
- 			return err;
- 		if (fl.fl4_dst == IPI_LOOPBACK && !vx_check(0, VX_ADMIN))
- 			fl.fl4_dst = nx_info->ipv4[0];
-+		if (fl.fl4_src == IPI_LOOPBACK && !vx_check(0, VX_ADMIN))
-+			fl.fl4_src = nx_info->ipv4[0];
- 	}
- 	if (!fl.fl4_dst || !fl.fl4_src) {
- 		err = __ip_route_output_key(rp, &fl);
-diff -u linux-2.6.16.8-vs2.0.2-rc17/kernel/sys.c linux-2.6.16.11-vs2.0.2-rc18/kernel/sys.c
--- linux-2.6.16.8-vs2.0.2-rc17/kernel/sys.c	2006-04-18 02:12:08 +0200
-+++ linux-2.6.16.11-vs2.0.2-rc18/kernel/sys.c	2006-04-28 01:59:36 +0200
-@@ -1547,7 +1547,7 @@
- 	int errno;
- 	char tmp[__NEW_UTS_LEN];
- 
-	if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SET_UTSNAME))
-+	if (!vx_capable(CAP_SYS_ADMIN, VXC_SET_UTSNAME))
- 		return -EPERM;
- 	if (len < 0 || len > __NEW_UTS_LEN)
- 		return -EINVAL;
-@@ -1596,7 +1596,7 @@
- 	int errno;
- 	char tmp[__NEW_UTS_LEN];
- 
-	if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SET_UTSNAME))
-+	if (!vx_capable(CAP_SYS_ADMIN, VXC_SET_UTSNAME))
- 		return -EPERM;
- 	if (len < 0 || len > __NEW_UTS_LEN)
- 		return -EINVAL;
-@@ -1664,7 +1664,7 @@
-                return -EINVAL;
- 	old_rlim = current->signal->rlim + resource;
- 	if ((new_rlim.rlim_max > old_rlim->rlim_max) &&
-	    !capable(CAP_SYS_RESOURCE) && !vx_ccaps(VXC_SET_RLIMIT))
-+	    !vx_capable(CAP_SYS_RESOURCE, VXC_SET_RLIMIT))
- 		return -EPERM;
- 	if (resource == RLIMIT_NOFILE && new_rlim.rlim_max > NR_OPEN)
- 			return -EPERM;
-diff -u linux-2.6.16.8-vs2.0.2-rc17/kernel/vserver/legacy.c linux-2.6.16.11-vs2.0.2-rc18/kernel/vserver/legacy.c
--- linux-2.6.16.8-vs2.0.2-rc17/kernel/vserver/legacy.c	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16.11-vs2.0.2-rc18/kernel/vserver/legacy.c	2006-04-28 03:18:07 +0200
-@@ -31,6 +31,7 @@
- 	if (!init)
- 		return -ESRCH;
- 
-+	vxi->vx_flags &= ~VXF_STATE_INIT;
- 	return vx_set_init(vxi, init);
- }
- 
-@@ -88,7 +89,7 @@
- 		vx_info_flags(new_vxi, VX_INFO_PRIVATE, 0))
- 		goto out_put;
- 
-	new_vxi->vx_flags &= ~(VXF_STATE_SETUP|VXF_STATE_INIT);
-+	new_vxi->vx_flags &= ~VXF_STATE_SETUP;
- 
- 	ret = vx_migrate_task(current, new_vxi);
- 	if (ret == 0) {
-@@ -102,6 +103,9 @@
- 		if (vc_data.flags & VX_INFO_NPROC)
- 			new_vxi->limit.rlim[RLIMIT_NPROC] =
- 				current->signal->rlim[RLIMIT_NPROC].rlim_max;
-+
-+		/* tweak some defaults for legacy */
-+		new_vxi->vx_flags |= (VXF_HIDE_NETIF|VXF_INFO_INIT);
- 		ret = new_vxi->vx_id;
- 	}
- out_put:
-diff -u linux-2.6.16.8-vs2.0.2-rc17/kernel/vserver/sched.c linux-2.6.16.11-vs2.0.2-rc18/kernel/vserver/sched.c
--- linux-2.6.16.8-vs2.0.2-rc17/kernel/vserver/sched.c	2006-03-24 16:50:48 +0100
-+++ linux-2.6.16.11-vs2.0.2-rc18/kernel/vserver/sched.c	2006-04-28 01:39:59 +0200
-@@ -117,7 +117,7 @@
- 		vavavoom = 0;
- 
- 	vxi->sched.vavavoom = vavavoom;
-	return vavavoom;
-+	return vavavoom + vxi->sched.priority_bias;
- }
- 
- 
-diff -u linux-2.6.16.8-vs2.0.2-rc17/net/ipv4/devinet.c linux-2.6.16.11-vs2.0.2-rc18/net/ipv4/devinet.c
--- linux-2.6.16.8-vs2.0.2-rc17/net/ipv4/devinet.c	2006-04-17 20:56:32 +0200
-+++ linux-2.6.16.11-vs2.0.2-rc18/net/ipv4/devinet.c	2006-04-26 19:09:22 +0200
-@@ -607,6 +607,9 @@
- 		*colon = ':';
- 
- 	if ((in_dev = __in_dev_get_rtnl(dev)) != NULL) {
-+		struct nx_info *nxi = current->nx_info;
-+		int hide_netif = vx_flags(VXF_HIDE_NETIF, 0);
-+
- 		if (tryaddrmatch) {
- 			/* Matthias Andree */
- 			/* compare label and address (4.4BSD style) */
-@@ -615,6 +618,8 @@
- 			   This is checked above. */
- 			for (ifap = &in_dev->ifa_list; (ifa = *ifap) != NULL;
- 			     ifap = &ifa->ifa_next) {
-+				if (hide_netif && !ifa_in_nx_info(ifa, nxi))
-+					continue;
- 				if (!strcmp(ifr.ifr_name, ifa->ifa_label) &&
- 				    sin_orig.sin_addr.s_addr ==
- 							ifa->ifa_address) {
-@@ -627,18 +632,18 @@
- 		   comparing just the label */
- 		if (!ifa) {
- 			for (ifap = &in_dev->ifa_list; (ifa = *ifap) != NULL;
-			     ifap = &ifa->ifa_next)
-+			     ifap = &ifa->ifa_next) {
-+				if (hide_netif && !ifa_in_nx_info(ifa, nxi))
-+					continue;
- 				if (!strcmp(ifr.ifr_name, ifa->ifa_label))
- 					break;
-+			}
- 		}
- 	}
- 
- 	ret = -EADDRNOTAVAIL;
- 	if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS)
- 		goto done;
-	if (vx_flags(VXF_HIDE_NETIF, 0) &&
-		!ifa_in_nx_info(ifa, current->nx_info))
-		goto done;
- 
- 	switch(cmd) {
- 	case SIOCGIFADDR:	/* Get interface address */
-diff -u linux-2.6.16.8-vs2.0.2-rc17/net/ipv4/udp.c linux-2.6.16.11-vs2.0.2-rc18/net/ipv4/udp.c
--- linux-2.6.16.8-vs2.0.2-rc17/net/ipv4/udp.c	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16.11-vs2.0.2-rc18/net/ipv4/udp.c	2006-04-26 19:08:56 +0200
-@@ -216,16 +216,6 @@
- 	write_unlock_bh(&udp_hash_lock);
- }
- 
-static inline int udp_in_list(struct nx_info *nx_info, u32 addr)
-{
-	int n = nx_info->nbipv4;
-	int i;
-
-	for (i=0; i<n; i++)
-		if (nx_info->ipv4[i] == addr)
-			return 1;
-	return 0;
-}
- 
- /* UDP is nearly always wildcards out the wazoo, it makes no sense to try
-  * harder than this. -DaveM
-@@ -248,7 +238,7 @@
- 					continue;
- 				score+=2;
- 			} else if (sk->sk_nx_info) {
-				if (udp_in_list(sk->sk_nx_info, daddr))
-+				if (addr_in_nx_info(sk->sk_nx_info, daddr))
- 					score+=2;
- 				else
- 					continue;
-diff -u linux-2.6.16.8-vs2.0.2-rc17/security/commoncap.c linux-2.6.16.11-vs2.0.2-rc18/security/commoncap.c
--- linux-2.6.16.8-vs2.0.2-rc17/security/commoncap.c	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16.11-vs2.0.2-rc18/security/commoncap.c	2006-04-28 01:59:36 +0200
-@@ -313,7 +313,7 @@
- int cap_syslog (int type)
- {
- 	if ((type != 3 && type != 10) &&
-		!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SYSLOG))
-+		!vx_capable(CAP_SYS_ADMIN, VXC_SYSLOG))
- 		return -EPERM;
- 	return 0;
- }
-diff -u linux-2.6.16.8-vs2.0.2-rc17/security/security.c linux-2.6.16.11-vs2.0.2-rc18/security/security.c
--- linux-2.6.16.8-vs2.0.2-rc17/security/security.c	2006-03-20 17:34:50 +0100
-+++ linux-2.6.16.11-vs2.0.2-rc18/security/security.c	2006-04-28 01:59:36 +0200
-@@ -200,22 +200,8 @@
- 
-int vx_capable(int cap, int ccap)
-{
-	if (security_ops->capable(current, cap)) {
-		/* capability denied */
-		return 0;
-	}
-	if (!vx_ccaps(ccap))
-		return 0;
-
-	/* capability granted */
-	current->flags |= PF_SUPERPRIV;
-	return 1;
-}
- 
- EXPORT_SYMBOL_GPL(register_security);
- EXPORT_SYMBOL_GPL(unregister_security);
- EXPORT_SYMBOL_GPL(mod_reg_security);
- EXPORT_SYMBOL_GPL(mod_unreg_security);
- EXPORT_SYMBOL(capable);
-EXPORT_SYMBOL(vx_capable);
- EXPORT_SYMBOL(security_ops);
--- a/debian/patches/vserver-vs2.0.2-rc19.patch
+++ b/debian/patches/vserver-vs2.0.2-rc19.patch
				`@ -1 +0,0 @@`
				`+ vserver-vs2.0.2-rc14-update.patch _vserver _xen-vserver`
				`@ -1 +0,0 @@`
				`+ vserver-vs2.0.2-rc15-update.patch _vserver _xen-vserver`
				`@ -1 +0,0 @@`
				`+ vserver-vs2.0.2-rc17-update.patch _vserver _xen-vserver`