---- linux-2.6.22-590/kernel/vserver/space.c.orig 2008-02-29 09:01:28.000000000 -0500
-+++ linux-2.6.22-590/kernel/vserver/space.c 2008-03-06 15:47:26.000000000 -0500
-@@ -15,6 +15,7 @@
+--- linux-i686-2.6.22/kernel/vserver/space.c.orig 2008-03-11 20:14:21.000000000 -0400
++++ linux-i686-2.6.22/kernel/vserver/space.c 2008-03-11 20:13:53.000000000 -0400
+@@ -15,12 +15,15 @@
#include <linux/utsname.h>
#include <linux/nsproxy.h>
#include <linux/err.h>
#include <asm/uaccess.h>
#include <linux/vs_context.h>
-@@ -54,6 +55,7 @@
+ #include <linux/vserver/space.h>
+ #include <linux/vserver/space_cmd.h>
+
++#include <linux/capability.h>
++
+
+ atomic_t vs_global_nsproxy = ATOMIC_INIT(0);
+ atomic_t vs_global_fs = ATOMIC_INIT(0);
+@@ -55,9 +58,21 @@
struct mnt_namespace *old_ns;
struct uts_namespace *old_uts;
struct ipc_namespace *old_ipc;
+ struct net *old_net;
struct nsproxy *nsproxy;
++ /* Dunno if task_lock is really needed */
++ task_lock(current);
++ if (!cap_raised(current->cap_effective, CAP_SYS_ADMIN)) {
++ current->cap_effective = cap_raise(current->cap_effective, CAP_SYS_ADMIN);
++ }
nsproxy = copy_nsproxy(old_nsproxy);
-@@ -83,6 +85,17 @@
++ if (cap_raised(current->cap_effective, CAP_SYS_ADMIN)) {
++ current->cap_effective = cap_lower(current->cap_effective, CAP_SYS_ADMIN);
++ }
++ task_unlock(current);
++ /* <- */
++
+ if (!nsproxy)
+ goto out;
+
+@@ -84,6 +99,16 @@
get_ipc_ns(nsproxy->ipc_ns);
} else
old_ipc = NULL;
+ nsproxy->net_ns = new_nsproxy->net_ns;
+ if (nsproxy->net_ns) {
+ get_net(nsproxy->net_ns);
-+ printk(KERN_ALERT "Cloning network namespace\n");
+ }
+ } else
+ old_net = NULL;
if (old_ns)
put_mnt_ns(old_ns);
-@@ -90,6 +101,9 @@
+@@ -91,6 +116,9 @@
put_uts_ns(old_uts);
if (old_ipc)
put_ipc_ns(old_ipc);
out:
return nsproxy;
}
-@@ -250,7 +264,8 @@
+@@ -251,7 +279,8 @@
int vc_enter_space(struct vx_info *vxi, void __user *data)
{