--- linux-2.6.11-rc4-vs1.9.4.4/fs/super.c	2005-02-16 05:38:46 +0100
+++ linux-2.6.11-rc4-vs1.9.4.4.1/fs/super.c	2005-02-16 19:30:50 +0100
@@ -799,7 +799,7 @@ struct vfsmount *
 do_kern_mount(const char *fstype, int flags, const char *name, void *data)
 {
 	struct file_system_type *type = get_fs_type(fstype);
-	struct super_block *sb = ERR_PTR(-ENOMEM);
+	struct super_block *sb;
 	struct vfsmount *mnt;
 	int error;
 	char *secdata = NULL;
@@ -807,6 +807,12 @@ do_kern_mount(const char *fstype, int fl
 	if (!type)
 		return ERR_PTR(-ENODEV);
 
+	sb = ERR_PTR(-EPERM);
+	if ((type->fs_flags & FS_BINARY_MOUNTDATA) &&
+		!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_BINARY_MOUNT))
+		goto out;
+
+	sb = ERR_PTR(-ENOMEM);
 	mnt = alloc_vfsmnt(name);
 	if (!mnt)
 		goto out;
diff -NurpP --minimal linux-2.6.11-rc4-vs1.9.4.4/include/linux/vserver/context.h linux-2.6.11-rc4-vs1.9.4.4.1/include/linux/vserver/context.h
--- linux-2.6.11-rc4-vs1.9.4.4/include/linux/vserver/context.h	2005-02-16 05:40:24 +0100
+++ linux-2.6.11-rc4-vs1.9.4.4.1/include/linux/vserver/context.h	2005-02-16 19:32:05 +0100
@@ -55,6 +55,7 @@
 
 #define VXC_SECURE_MOUNT	0x00010000
 #define VXC_SECURE_REMOUNT	0x00020000
+#define VXC_BINARY_MOUNT	0x00040000
 
 
 /* vshelper sync commands */