--- /dev/null
+diff -Nurb linux-2.6.22-594/arch/i386/kernel/syscall_table.S linux-2.6.22-595/arch/i386/kernel/syscall_table.S
+--- linux-2.6.22-594/arch/i386/kernel/syscall_table.S 2008-03-20 13:29:27.000000000 -0400
++++ linux-2.6.22-595/arch/i386/kernel/syscall_table.S 2008-03-20 13:32:56.000000000 -0400
+@@ -326,3 +326,4 @@
+ .long sys_revokeat
+ .long sys_frevoke /* 325 */
+ .long sys_fallocate
++ .long sys_set_space
+diff -Nurb linux-2.6.22-594/kernel/nsproxy.c linux-2.6.22-595/kernel/nsproxy.c
+--- linux-2.6.22-594/kernel/nsproxy.c 2008-03-20 13:29:30.000000000 -0400
++++ linux-2.6.22-595/kernel/nsproxy.c 2008-03-20 14:28:05.000000000 -0400
+@@ -23,11 +23,51 @@
+ #include <linux/pid_namespace.h>
+ #include <linux/vserver/global.h>
+ #include <linux/vserver/debug.h>
++#include <linux/sched.h>
++
++#include <net/net_namespace.h>
++
+
+ static struct kmem_cache *nsproxy_cachep;
+
+ struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy);
+
++asmlinkage long sys_set_space(int pid, int id, int toggle, unsigned long unshare_flags) {
++ struct task_struct *p;
++ int ret = 0;
++ if (unshare_flags & ~CLONE_NEWNET) {
++ printk(KERN_ALERT "sys_set_space currently only supports CLONE_NEWNET\n");
++ return -EINVAL;
++ }
++ else {
++ p = find_task_by_pid(pid);
++ if (p && (p->xid == id)) {
++ struct vx_info *vxi;
++ task_lock(p);
++ fs_cur = p->fs;
++ atomic_inc(&fs_cur->count);
++ proxy_cur = p->nsproxy;
++ get_nsproxy(proxy_cur);
++ task_unlock(p);
++ if (toggle) {
++ vxi = p->vx_info;
++ ret = vx_enter_space(p, vxi, unshare_flags);
++ }
++ else {
++ /* Major hack - use nsproxy not namespaces here */
++ if (unshare_flags & CLONE_NEWNET) {
++ struct net *old_net = proxy_cur->net_ns;
++ proxy_cur->net_ns = &init_net;
++ get_net(proxy_cur->net_ns);
++ }
++ }
++ atomic_dec(&fs_cur->count);
++ put_nsproxy(proxy_cur);
++ }
++ }
++ return ret;
++}
++
+ void get_task_namespaces(struct task_struct *tsk)
+ {
+ struct nsproxy *ns = tsk->nsproxy;
+diff -Nurb linux-2.6.22-594/kernel/vserver/space.c linux-2.6.22-595/kernel/vserver/space.c
+--- linux-2.6.22-594/kernel/vserver/space.c 2008-03-20 13:29:31.000000000 -0400
++++ linux-2.6.22-595/kernel/vserver/space.c 2008-03-20 14:01:00.000000000 -0400
+@@ -141,7 +141,7 @@
+ }
+
+
+-int vx_enter_space(struct vx_info *vxi, unsigned long mask)
++int vx_enter_space(struct task_struct *p, struct vx_info *vxi, unsigned long mask)
+ {
+ struct nsproxy *proxy, *proxy_cur, *proxy_new;
+ struct fs_struct *fs, *fs_cur, *fs_new;
+@@ -159,12 +159,12 @@
+ proxy = vxi->vx_nsproxy;
+ fs = vxi->vx_fs;
+
+- task_lock(current);
+- fs_cur = current->fs;
++ task_lock(p);
++ fs_cur = p->fs;
+ atomic_inc(&fs_cur->count);
+- proxy_cur = current->nsproxy;
++ proxy_cur = p->nsproxy;
+ get_nsproxy(proxy_cur);
+- task_unlock(current);
++ task_unlock(p);
+
+ fs_new = __vs_merge_fs(fs_cur, fs, mask);
+ if (IS_ERR(fs_new)) {
+@@ -178,8 +178,8 @@
+ goto out_put_fs;
+ }
+
+- fs_new = xchg(¤t->fs, fs_new);
+- proxy_new = xchg(¤t->nsproxy, proxy_new);
++ fs_new = xchg(&p->fs, fs_new);
++ proxy_new = xchg(&p->nsproxy, proxy_new);
+ ret = 0;
+
+ if (proxy_new)
+@@ -256,7 +256,7 @@
+ if (data && copy_from_user(&vc_data, data, sizeof(vc_data)))
+ return -EFAULT;
+
+- return vx_enter_space(vxi, vc_data.mask);
++ return vx_enter_space(current, vxi, vc_data.mask);
+ }
+
+ int vc_set_space(struct vx_info *vxi, void __user *data)
+diff -Nurb linux-2.6.22-594/net/core/dev.c linux-2.6.22-595/net/core/dev.c
+--- linux-2.6.22-594/net/core/dev.c 2008-03-20 13:29:32.000000000 -0400
++++ linux-2.6.22-595/net/core/dev.c 2008-03-20 14:27:05.000000000 -0400
+@@ -2207,7 +2207,7 @@
+
+ total = 0;
+ for_each_netdev(net, dev) {
+- if (!nx_dev_visible(current->nx_info, dev))
++ if (net==&init_net && !nx_dev_visible(current->nx_info, dev))
+ continue;
+ for (i = 0; i < NPROTO; i++) {
+ if (gifconf_list[i]) {
+@@ -2274,8 +2274,9 @@
+ static void dev_seq_printf_stats(struct seq_file *seq, struct net_device *dev)
+ {
+ struct net_device_stats *stats = dev->get_stats(dev);
++ struct net *net = seq->private;
+
+- if (!nx_dev_visible(current->nx_info, dev))
++ if (net==&init_net && !nx_dev_visible(current->nx_info, dev))
+ return;
+
+ seq_printf(seq, "%6s:%8lu %7lu %4lu %4lu %4lu %5lu %10lu %9lu "
+diff -Nurb linux-2.6.22-594/net/core/net_namespace.c linux-2.6.22-595/net/core/net_namespace.c
+--- linux-2.6.22-594/net/core/net_namespace.c 2008-03-20 13:29:30.000000000 -0400
++++ linux-2.6.22-595/net/core/net_namespace.c 2008-03-20 14:27:05.000000000 -0400
+@@ -112,10 +112,12 @@
+ ops = list_entry(ptr, struct pernet_operations, list);
+ if (ops->init) {
+ error = ops->init(net);
+- if (error < 0)
++ if (error < 0) {
++ printk(KERN_ALERT "Error setting up netns: %x\n", ops->init);
+ goto out_undo;
+ }
+ }
++ }
+ out:
+ return error;
+ out_undo:
+diff -Nurb linux-2.6.22-594/net/socket.c linux-2.6.22-595/net/socket.c
+--- linux-2.6.22-594/net/socket.c 2008-03-20 13:29:30.000000000 -0400
++++ linux-2.6.22-595/net/socket.c 2008-03-20 14:27:05.000000000 -0400
+@@ -1122,12 +1122,17 @@
+ if (type < 0 || type >= SOCK_MAX)
+ return -EINVAL;
+
++ /*
++ * Hack no. 2 - Sapan
++ * Clean this up later
++ *
+ if (!nx_check(0, VS_ADMIN)) {
+ if (family == PF_INET && !current_nx_info_has_v4())
+ return -EAFNOSUPPORT;
+ if (family == PF_INET6 && !current_nx_info_has_v6())
+ return -EAFNOSUPPORT;
+ }
++ */
+
+ /* Compatibility.
+
git://git.onelab.eu / linux-2.6.git / commitdiff