--- linux-2.6.14/fs/ext3/ioctl.c	2005-06-22 02:38:36 +0200
+++ linux-2.6.14-vs2.0.1-pre3/fs/ext3/ioctl.c	2005-10-30 04:29:36 +0100
@@ -236,6 +239,38 @@ flags_err:
 		return err;
 	}
 
+#if defined(CONFIG_VSERVER_LEGACY) && !defined(CONFIG_INOXID_NONE)
+	case EXT3_IOC_SETXID: {
+		handle_t *handle;
+		struct ext3_iloc iloc;
+		int xid;
+		int err;
+
+		/* fixme: if stealth, return -ENOTTY */
+		if (!capable(CAP_CONTEXT))
+			return -EPERM;
+		if (IS_RDONLY(inode))
+			return -EROFS;
+		if (!(inode->i_sb->s_flags & MS_TAGXID))
+			return -ENOSYS;
+		if (get_user(xid, (int *) arg))
+			return -EFAULT;
+
+		handle = ext3_journal_start(inode, 1);
+		if (IS_ERR(handle))
+			return PTR_ERR(handle);
+		err = ext3_reserve_inode_write(handle, inode, &iloc);
+		if (err)
+			return err;
+
+		inode->i_xid = (xid & 0xFFFF);
+		inode->i_ctime = CURRENT_TIME;
+
+		err = ext3_mark_iloc_dirty(handle, inode, &iloc);
+		ext3_journal_stop(handle);
+		return err;
+	}
+#endif
 
 	default:
 		return -ENOTTY;
--- linux-2.6.14/fs/ioctl.c	2005-03-02 12:38:44 +0100
+++ linux-2.6.14-vs2.0.1-pre3/fs/ioctl.c	2005-10-29 03:19:03 +0200
@@ -12,10 +12,19 @@
 #include <linux/fs.h>
 #include <linux/security.h>
 #include <linux/module.h>
+#include <linux/proc_fs.h>
+#include <linux/vserver/inode.h>
+#include <linux/vserver/xid.h>
 
 #include <asm/uaccess.h>
 #include <asm/ioctls.h>
 
+
+#ifdef	CONFIG_VSERVER_LEGACY
+extern int vx_proc_ioctl(struct inode *, struct file *,
+	unsigned int, unsigned long);
+#endif
+
 static long do_ioctl(struct file *filp, unsigned int cmd,
 		unsigned long arg)
 {
--- linux-2.6.14/fs/ioctl.c	2005-03-02 12:38:44 +0100
+++ linux-2.6.14-vs2.0.1-pre3/fs/ioctl.c	2005-10-29 03:19:03 +0200
@@ -146,6 +155,48 @@ int vfs_ioctl(struct file *filp, unsigne
 			else
 				error = -ENOTTY;
 			break;
+#ifdef	CONFIG_VSERVER_LEGACY
+#ifndef CONFIG_INOXID_NONE
+		case FIOC_GETXID: {
+			struct inode *inode = filp->f_dentry->d_inode;
+
+			/* fixme: if stealth, return -ENOTTY */
+			error = -EPERM;
+			if (capable(CAP_CONTEXT))
+				error = put_user(inode->i_xid, (int *) arg);
+			break;
+		}
+		case FIOC_SETXID: {
+			struct inode *inode = filp->f_dentry->d_inode;
+			int xid;
+
+			/* fixme: if stealth, return -ENOTTY */
+			error = -EPERM;
+			if (!capable(CAP_CONTEXT))
+				break;
+			error = -EROFS;
+			if (IS_RDONLY(inode))
+				break;
+			error = -ENOSYS;
+			if (!(inode->i_sb->s_flags & MS_TAGXID))
+				break;
+			error = -EFAULT;
+			if (get_user(xid, (int *) arg))
+				break;
+			error = 0;
+			inode->i_xid = (xid & 0xFFFF);
+			inode->i_ctime = CURRENT_TIME;
+			mark_inode_dirty(inode);
+			break;
+		}
+#endif
+		case FIOC_GETXFLG:
+		case FIOC_SETXFLG:
+			error = -ENOTTY;
+			if (filp->f_dentry->d_inode->i_sb->s_magic == PROC_SUPER_MAGIC)
+				error = vx_proc_ioctl(filp->f_dentry->d_inode, filp, cmd, arg);
+			break;
+#endif
 		default:
 			if (S_ISREG(filp->f_dentry->d_inode->i_mode))
 				error = file_ioctl(filp, cmd, arg);
--- linux-2.6.14/fs/proc/array.c	2005-10-28 20:49:45 +0200
+++ linux-2.6.14-vs2.0.1-pre3/fs/proc/array.c	2005-10-29 04:15:18 +0200
@@ -296,6 +305,12 @@ static inline char *task_cap(struct task
 int proc_pid_status(struct task_struct *task, char * buffer)
 {
 	char * orig = buffer;
+#ifdef	CONFIG_VSERVER_LEGACY
+	struct vx_info *vxi;
+#endif
+#ifdef	CONFIG_VSERVER_LEGACYNET
+	struct nx_info *nxi;
+#endif
 	struct mm_struct *mm = get_task_mm(task);
 
 	buffer = task_name(task, buffer);
--- linux-2.6.14/fs/proc/array.c	2005-10-28 20:49:45 +0200
+++ linux-2.6.14-vs2.0.1-pre3/fs/proc/array.c	2005-10-29 04:15:18 +0200
@@ -308,6 +323,46 @@ int proc_pid_status(struct task_struct *
 	buffer = task_sig(task, buffer);
 	buffer = task_cap(task, buffer);
 	buffer = cpuset_task_status_allowed(task, buffer);
+
+	if (task_vx_flags(task, VXF_INFO_HIDE, 0))
+		goto skip;
+#ifdef	CONFIG_VSERVER_LEGACY
+	buffer += sprintf (buffer,"s_context: %d\n", vx_task_xid(task));
+	vxi = task_get_vx_info(task);
+	if (vxi) {
+		buffer += sprintf (buffer,"ctxflags: %08llx\n"
+			,(unsigned long long)vxi->vx_flags);
+		buffer += sprintf (buffer,"initpid: %d\n"
+			,vxi->vx_initpid);
+	} else {
+		buffer += sprintf (buffer,"ctxflags: none\n");
+		buffer += sprintf (buffer,"initpid: none\n");
+	}
+	put_vx_info(vxi);
+#else
+	buffer += sprintf (buffer,"VxID: %d\n", vx_task_xid(task));
+#endif
+#ifdef	CONFIG_VSERVER_LEGACYNET
+	nxi = task_get_nx_info(task);
+	if (nxi) {
+		int i;
+
+		buffer += sprintf (buffer,"ipv4root:");
+		for (i=0; i<nxi->nbipv4; i++){
+			buffer += sprintf (buffer," %08x/%08x"
+				,nxi->ipv4[i]
+				,nxi->mask[i]);
+		}
+		*buffer++ = '\n';
+		buffer += sprintf (buffer,"ipv4root_bcast: %08x\n"
+			,nxi->v4_bcast);
+	} else {
+		buffer += sprintf (buffer,"ipv4root: 0\n");
+		buffer += sprintf (buffer,"ipv4root_bcast: 0\n");
+	}
+	put_nx_info(nxi);
+#endif
+skip:
 #if defined(CONFIG_ARCH_S390)
 	buffer = task_show_regs(task, buffer);
 #endif
--- linux-2.6.14/include/linux/vserver/legacy.h	1970-01-01 01:00:00 +0100
+++ linux-2.6.14-vs2.0.1-pre3/include/linux/vserver/legacy.h	2005-10-29 03:19:03 +0200
@@ -0,0 +1,48 @@
+#ifndef _VX_LEGACY_H
+#define _VX_LEGACY_H
+
+#include "switch.h"
+
+/*  compatibiliy vserver commands */
+
+#define VCMD_new_s_context	VC_CMD(COMPAT, 1, 1)
+#define VCMD_set_ipv4root	VC_CMD(COMPAT, 2, 3)
+
+#define VCMD_create_context	VC_CMD(VSETUP, 1, 0)
+
+/*  compatibiliy vserver arguments */
+
+struct	vcmd_new_s_context_v1 {
+	uint32_t remove_cap;
+	uint32_t flags;
+};
+
+struct	vcmd_set_ipv4root_v3 {
+	/* number of pairs in id */
+	uint32_t broadcast;
+	struct {
+		uint32_t ip;
+		uint32_t mask;
+	} nx_mask_pair[NB_IPV4ROOT];
+};
+
+
+#define VX_INFO_LOCK		1	/* Can't request a new vx_id */
+#define VX_INFO_NPROC		4	/* Limit number of processes in a context */
+#define VX_INFO_PRIVATE		8	/* Noone can join this security context */
+#define VX_INFO_INIT		16	/* This process wants to become the */
+					/* logical process 1 of the security */
+					/* context */
+#define VX_INFO_HIDEINFO	32	/* Hide some information in /proc */
+#define VX_INFO_ULIMIT		64	/* Use ulimit of the current process */
+					/* to become the global limits */
+					/* of the context */
+#define VX_INFO_NAMESPACE	128	/* save private namespace */
+
+
+#ifdef	__KERNEL__
+extern int vc_new_s_context(uint32_t, void __user *);
+extern int vc_set_ipv4root(uint32_t, void __user *);
+
+#endif	/* __KERNEL__ */
+#endif	/* _VX_LEGACY_H */
--- linux-2.6.14/kernel/vserver/legacy.c	1970-01-01 01:00:00 +0100
+++ linux-2.6.14-vs2.0.1-pre3/kernel/vserver/legacy.c	2005-10-30 04:29:36 +0100
@@ -0,0 +1,109 @@
+/*
+ *  linux/kernel/vserver/legacy.c
+ *
+ *  Virtual Server: Legacy Funtions
+ *
+ *  Copyright (C) 2001-2003  Jacques Gelinas
+ *  Copyright (C) 2003-2005  Herbert Pötzl
+ *
+ *  V0.01  broken out from vcontext.c V0.05
+ *
+ */
+
+#include <linux/config.h>
+#include <linux/sched.h>
+#include <linux/vs_context.h>
+#include <linux/vs_network.h>
+#include <linux/vserver/legacy.h>
+#include <linux/vserver/namespace.h>
+#include <linux/namespace.h>
+
+#include <asm/errno.h>
+#include <asm/uaccess.h>
+
+
+
+static int vx_set_initpid(struct vx_info *vxi, int pid)
+{
+	if (vxi->vx_initpid)
+		return -EPERM;
+
+	vxi->vx_initpid = pid;
+	return 0;
+}
+
+int vc_new_s_context(uint32_t ctx, void __user *data)
+{
+	int ret = -ENOMEM;
+	struct vcmd_new_s_context_v1 vc_data;
+	struct vx_info *new_vxi;
+
+	if (copy_from_user(&vc_data, data, sizeof(vc_data)))
+		return -EFAULT;
+
+	/* legacy hack, will be removed soon */
+	if (ctx == -2) {
+		/* assign flags and initpid */
+		if (!current->vx_info)
+			return -EINVAL;
+		ret = 0;
+		if (vc_data.flags & VX_INFO_INIT)
+			ret = vx_set_initpid(current->vx_info, current->tgid);
+		if (ret == 0) {
+			/* We keep the same vx_id, but lower the capabilities */
+			current->vx_info->vx_bcaps &= (~vc_data.remove_cap);
+			ret = vx_current_xid();
+			current->vx_info->vx_flags |= vc_data.flags;
+		}
+		return ret;
+	}
+
+	if (!vx_check(0, VX_ADMIN) || !capable(CAP_SYS_ADMIN)
+		/* might make sense in the future, or not ... */
+		|| vx_flags(VX_INFO_LOCK, 0))
+		return -EPERM;
+
+	/* ugly hack for Spectator */
+	if (ctx == 1) {
+		current->xid = 1;
+		return 0;
+	}
+
+	if (((ctx > MAX_S_CONTEXT) && (ctx != VX_DYNAMIC_ID)) ||
+		(ctx == 0))
+		return -EINVAL;
+
+	if ((ctx == VX_DYNAMIC_ID) || (ctx < MIN_D_CONTEXT))
+		new_vxi = locate_or_create_vx_info(ctx);
+	else
+		new_vxi = locate_vx_info(ctx);
+
+	if (!new_vxi)
+		return -EINVAL;
+
+	ret = -EPERM;
+	if (!vx_info_flags(new_vxi, VXF_STATE_SETUP, 0) &&
+		vx_info_flags(new_vxi, VX_INFO_PRIVATE, 0))
+		goto out_put;
+
+	new_vxi->vx_flags &= ~(VXF_STATE_SETUP|VXF_STATE_INIT);
+
+	ret = vx_migrate_task(current, new_vxi);
+	if (ret == 0) {
+		current->vx_info->vx_bcaps &= (~vc_data.remove_cap);
+		new_vxi->vx_flags |= vc_data.flags;
+		if (vc_data.flags & VX_INFO_INIT)
+			vx_set_initpid(new_vxi, current->tgid);
+		if (vc_data.flags & VX_INFO_NAMESPACE)
+			vx_set_namespace(new_vxi,
+				current->namespace, current->fs);
+		if (vc_data.flags & VX_INFO_NPROC)
+			new_vxi->limit.rlim[RLIMIT_NPROC] =
+				current->signal->rlim[RLIMIT_NPROC].rlim_max;
+		ret = new_vxi->vx_id;
+	}
+out_put:
+	put_vx_info(new_vxi);
+	return ret;
+}
+
--- linux-2.6.14/kernel/vserver/legacynet.c	1970-01-01 01:00:00 +0100
+++ linux-2.6.14-vs2.0.1-pre3/kernel/vserver/legacynet.c	2005-10-29 03:19:03 +0200
@@ -0,0 +1,86 @@
+
+/*
+ *  linux/kernel/vserver/legacynet.c
+ *
+ *  Virtual Server: Legacy Network Funtions
+ *
+ *  Copyright (C) 2001-2003  Jacques Gelinas
+ *  Copyright (C) 2003-2005  Herbert Pötzl
+ *
+ *  V0.01  broken out from legacy.c
+ *
+ */
+
+#include <linux/config.h>
+#include <linux/sched.h>
+#include <linux/vs_context.h>
+#include <linux/vs_network.h>
+#include <linux/vserver/legacy.h>
+// #include <linux/vserver/namespace.h>
+#include <linux/namespace.h>
+#include <linux/err.h>
+
+#include <asm/errno.h>
+#include <asm/uaccess.h>
+
+
+extern struct nx_info *create_nx_info(void);
+
+/*  set ipv4 root (syscall) */
+
+int vc_set_ipv4root(uint32_t nbip, void __user *data)
+{
+	int i, err = -EPERM;
+	struct vcmd_set_ipv4root_v3 vc_data;
+	struct nx_info *new_nxi, *nxi = current->nx_info;
+
+	if (nbip < 0 || nbip > NB_IPV4ROOT)
+		return -EINVAL;
+	if (copy_from_user (&vc_data, data, sizeof(vc_data)))
+		return -EFAULT;
+
+	if (!nxi || nxi->ipv4[0] == 0 || capable(CAP_NET_ADMIN))
+		/* We are allowed to change everything */
+		err = 0;
+	else if (nxi) {
+		int found = 0;
+
+		/* We are allowed to select a subset of the currently
+		   installed IP numbers. No new one are allowed
+		   We can't change the broadcast address though */
+		for (i=0; i<nbip; i++) {
+			int j;
+			__u32 nxip = vc_data.nx_mask_pair[i].ip;
+			for (j=0; j<nxi->nbipv4; j++) {
+				if (nxip == nxi->ipv4[j]) {
+					found++;
+					break;
+				}
+			}
+		}
+		if ((found == nbip) &&
+			(vc_data.broadcast == nxi->v4_bcast))
+			err = 0;
+	}
+	if (err)
+		return err;
+
+	new_nxi = create_nx_info();
+	if (IS_ERR(new_nxi))
+		return -EINVAL;
+
+	new_nxi->nbipv4 = nbip;
+	for (i=0; i<nbip; i++) {
+		new_nxi->ipv4[i] = vc_data.nx_mask_pair[i].ip;
+		new_nxi->mask[i] = vc_data.nx_mask_pair[i].mask;
+	}
+	new_nxi->v4_bcast = vc_data.broadcast;
+	if (nxi)
+		printk("!!! switching nx_info %p->%p\n", nxi, new_nxi);
+
+	nx_migrate_task(current, new_nxi);
+	put_nx_info(new_nxi);
+	return 0;
+}
+
+