--- linux-2.6.18.3-vs2.1.1.2.3/drivers/block/loop.c	2006-11-26 20:58:00 +0100
+++ linux-2.6.18.3-vs2.1.1.2.3/drivers/block/loop.c	2006-11-26 20:58:00 +0100
@@ -1182,7 +1182,7 @@
 {
 	struct loop_device *lo = inode->i_bdev->bd_disk->private_data;
 
-	if (!vx_check(lo->lo_xid, VX_WATCH_P|VX_IDENT))
+	if (!vx_check(lo->lo_xid, VS_WATCH_P|VS_IDENT))
 		return -EACCES;
 
 	mutex_lock(&lo->lo_ctl_mutex);
--- linux-2.6.18.3-vs2.1.1.2.3/kernel/printk.c	2006-11-26 20:58:01 +0100
+++ linux-2.6.18.3-vs2.1.1.2.3/kernel/printk.c	2006-11-26 20:58:01 +0100
@@ -31,7 +31,7 @@
 #include <linux/security.h>
 #include <linux/bootmem.h>
 #include <linux/syscalls.h>
-#include <linux/vserver/cvirt.h>
+#include <linux/vs_cvirt.h>
 
 #include <asm/uaccess.h>
 
@@ -203,7 +203,7 @@
 			goto out;
 		}
 	}
-	if (!vx_check(0, VX_ADMIN|VX_WATCH))
+	if (!vx_check(0, VS_ADMIN|VS_WATCH))
 		return vx_do_syslog(type, buf, len);
 
 	switch (type) {
--- linux-2.6.18.3-vs2.1.1.2/arch/alpha/kernel/ptrace.c	2006-10-06 23:10:42 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/arch/alpha/kernel/ptrace.c	2006-11-27 02:05:39 +0100
@@ -15,6 +15,7 @@
 #include <linux/slab.h>
 #include <linux/security.h>
 #include <linux/signal.h>
+#include <linux/vs_base.h>
 
 #include <asm/uaccess.h>
 #include <asm/pgtable.h>
@@ -283,7 +284,7 @@ do_sys_ptrace(long request, long pid, lo
 		goto out_notsk;
 	}
 
-	if (!vx_check(vx_task_xid(child), VX_WATCH_P|VX_IDENT)) {
+	if (!vx_check(vx_task_xid(child), VS_WATCH_P|VS_IDENT)) {
 		ret = -EPERM;
 		goto out;
 	}
--- linux-2.6.18.3-vs2.1.1.2/arch/i386/kernel/traps.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/arch/i386/kernel/traps.c	2006-11-26 23:36:47 +0100
@@ -53,7 +53,7 @@
 #include <asm/kdebug.h>
 
 #include <linux/module.h>
-#include <linux/vserver/debug.h>
+#include <linux/vs_context.h>
 #include <linux/vserver/history.h>
 
 #include "mach_traps.h"
--- linux-2.6.18.3-vs2.1.1.2/arch/ia64/kernel/ptrace.c	2006-10-07 04:29:47 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/arch/ia64/kernel/ptrace.c	2006-11-27 02:05:39 +0100
@@ -17,6 +17,7 @@
 #include <linux/security.h>
 #include <linux/audit.h>
 #include <linux/signal.h>
+#include <linux/vs_base.h>
 
 #include <asm/pgtable.h>
 #include <asm/processor.h>
@@ -1442,7 +1443,7 @@ sys_ptrace (long request, pid_t pid, uns
 	read_unlock(&tasklist_lock);
 	if (!child)
 		goto out;
-	if (!vx_check(vx_task_xid(child), VX_WATCH_P|VX_IDENT))
+	if (!vx_check(vx_task_xid(child), VS_WATCH_P|VS_IDENT))
 		goto out_tsk;
 
 	ret = -EPERM;
--- linux-2.6.18.3-vs2.1.1.2/arch/m68k/kernel/ptrace.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/arch/m68k/kernel/ptrace.c	2006-11-27 02:05:39 +0100
@@ -19,6 +19,7 @@
 #include <linux/ptrace.h>
 #include <linux/user.h>
 #include <linux/signal.h>
+#include <linux/vs_base.h>
 
 #include <asm/uaccess.h>
 #include <asm/page.h>
@@ -279,7 +280,7 @@ long arch_ptrace(struct task_struct *chi
 		ret = ptrace_request(child, request, addr, data);
 		break;
 	}
-	if (!vx_check(vx_task_xid(child), VX_WATCH_P|VX_IDENT))
+	if (!vx_check(vx_task_xid(child), VS_WATCH_P|VS_IDENT))
 		goto out_tsk;
 
 	return ret;
--- linux-2.6.18.3-vs2.1.1.2/arch/mips/kernel/ptrace.c	2006-10-28 21:04:21 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/arch/mips/kernel/ptrace.c	2006-11-27 02:05:39 +0100
@@ -26,6 +26,7 @@
 #include <linux/user.h>
 #include <linux/security.h>
 #include <linux/signal.h>
+#include <linux/vs_base.h>
 
 #include <asm/byteorder.h>
 #include <asm/cpu.h>
@@ -171,7 +172,7 @@ long arch_ptrace(struct task_struct *chi
 {
 	int ret;
 
-	if (!vx_check(vx_task_xid(child), VX_WATCH_P|VX_IDENT))
+	if (!vx_check(vx_task_xid(child), VS_WATCH_P|VS_IDENT))
 		goto out;
 
 	switch (request) {
--- linux-2.6.18.3-vs2.1.1.2/arch/s390/kernel/ptrace.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/arch/s390/kernel/ptrace.c	2006-11-27 02:05:39 +0100
@@ -33,6 +33,7 @@
 #include <linux/security.h>
 #include <linux/audit.h>
 #include <linux/signal.h>
+#include <linux/vs_base.h>
 
 #include <asm/segment.h>
 #include <asm/page.h>
@@ -723,7 +724,7 @@ sys_ptrace(long request, long pid, long 
 		goto out;
 	}
 
-	if (!vx_check(vx_task_xid(child), VX_WATCH_P|VX_IDENT)) {
+	if (!vx_check(vx_task_xid(child), VS_WATCH_P|VS_IDENT)) {
 		ret = -EPERM;
 		goto out_tsk;
 	}
--- linux-2.6.18.3-vs2.1.1.2/arch/sparc/kernel/ptrace.c	2006-10-06 23:10:42 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/arch/sparc/kernel/ptrace.c	2006-11-27 02:05:39 +0100
@@ -19,6 +19,7 @@
 #include <linux/smp_lock.h>
 #include <linux/security.h>
 #include <linux/signal.h>
+#include <linux/vs_base.h>
 
 #include <asm/pgtable.h>
 #include <asm/system.h>
@@ -299,7 +300,7 @@ asmlinkage void do_ptrace(struct pt_regs
 		pt_error_return(regs, -ret);
 		goto out;
 	}
-	if (!vx_check(vx_task_xid(child), VX_WATCH_P|VX_IDENT)) {
+	if (!vx_check(vx_task_xid(child), VS_WATCH_P|VS_IDENT)) {
 		pt_error_return(regs, ESRCH);
 		goto out_tsk;
 	}
--- linux-2.6.18.3-vs2.1.1.2/arch/sparc64/kernel/ptrace.c	2006-10-06 23:10:42 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/arch/sparc64/kernel/ptrace.c	2006-11-27 02:05:39 +0100
@@ -22,6 +22,7 @@
 #include <linux/seccomp.h>
 #include <linux/audit.h>
 #include <linux/signal.h>
+#include <linux/vs_base.h>
 
 #include <asm/asi.h>
 #include <asm/pgtable.h>
@@ -212,7 +213,7 @@ asmlinkage void do_ptrace(struct pt_regs
 		pt_error_return(regs, -ret);
 		goto out;
 	}
-	if (!vx_check(vx_task_xid(child), VX_WATCH_P|VX_IDENT)) {
+	if (!vx_check(vx_task_xid(child), VS_WATCH_P|VS_IDENT)) {
 		pt_error_return(regs, ESRCH);
 		goto out_tsk;
 	}
--- linux-2.6.18.3-vs2.1.1.2/arch/v850/kernel/ptrace.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/arch/v850/kernel/ptrace.c	2006-11-27 02:05:39 +0100
@@ -24,6 +24,7 @@
 #include <linux/smp_lock.h>
 #include <linux/ptrace.h>
 #include <linux/signal.h>
+#include <linux/vs_base.h>
 
 #include <asm/errno.h>
 #include <asm/ptrace.h>
@@ -117,7 +118,7 @@ long arch_ptrace(struct task_struct *chi
 {
 	int rval;
 
-	if (!vx_check(vx_task_xid(child), VX_WATCH_P|VX_IDENT))
+	if (!vx_check(vx_task_xid(child), VS_WATCH_P|VS_IDENT))
 		goto out;
 
 	switch (request) {
--- linux-2.6.18.3-vs2.1.1.2/drivers/block/vroot.c	2006-09-21 01:26:54 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/drivers/block/vroot.c	2006-11-27 02:05:39 +0100
@@ -19,6 +19,7 @@
 #include <linux/blkdev.h>
 
 #include <linux/vroot.h>
+#include <linux/vs_context.h>
 #include <linux/vserver/debug.h>
 
 
--- linux-2.6.18.3-vs2.1.1.2/drivers/md/dm-ioctl.c	2006-09-25 17:18:55 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/drivers/md/dm-ioctl.c	2006-11-26 23:40:59 +0100
@@ -15,6 +15,7 @@
 #include <linux/slab.h>
 #include <linux/dm-ioctl.h>
 #include <linux/hdreg.h>
+#include <linux/vs_context.h>
 
 #include <asm/uaccess.h>
 
@@ -100,7 +101,7 @@ static struct hash_cell *__get_name_cell
 	unsigned int h = hash_str(str);
 
 	list_for_each_entry (hc, _name_buckets + h, name_list)
-		if (vx_check(dm_get_xid(hc->md), VX_WATCH_P|VX_IDENT) &&
+		if (vx_check(dm_get_xid(hc->md), VS_WATCH_P|VS_IDENT) &&
 			!strcmp(hc->name, str)) {
 			dm_get(hc->md);
 			return hc;
@@ -115,7 +116,7 @@ static struct hash_cell *__get_uuid_cell
 	unsigned int h = hash_str(str);
 
 	list_for_each_entry (hc, _uuid_buckets + h, uuid_list)
-		if (vx_check(dm_get_xid(hc->md), VX_WATCH_P|VX_IDENT) &&
+		if (vx_check(dm_get_xid(hc->md), VS_WATCH_P|VS_IDENT) &&
 			!strcmp(hc->uuid, str)) {
 			dm_get(hc->md);
 			return hc;
@@ -351,7 +352,7 @@ typedef int (*ioctl_fn)(struct dm_ioctl 
 
 static int remove_all(struct dm_ioctl *param, size_t param_size)
 {
-	if (!vx_check(0, VX_ADMIN))
+	if (!vx_check(0, VS_ADMIN))
 		return -EPERM;
 
 	dm_hash_remove_all(1);
@@ -401,7 +402,7 @@ static int list_devices(struct dm_ioctl 
 	 */
 	for (i = 0; i < NUM_BUCKETS; i++) {
 		list_for_each_entry (hc, _name_buckets + i, name_list) {
-			if (!vx_check(dm_get_xid(hc->md), VX_WATCH_P|VX_IDENT))
+			if (!vx_check(dm_get_xid(hc->md), VS_WATCH_P|VS_IDENT))
 				continue;
 			needed += sizeof(struct dm_name_list);
 			needed += strlen(hc->name) + 1;
@@ -426,7 +427,7 @@ static int list_devices(struct dm_ioctl 
 	 */
 	for (i = 0; i < NUM_BUCKETS; i++) {
 		list_for_each_entry (hc, _name_buckets + i, name_list) {
-			if (!vx_check(dm_get_xid(hc->md), VX_WATCH_P|VX_IDENT))
+			if (!vx_check(dm_get_xid(hc->md), VS_WATCH_P|VS_IDENT))
 				continue;
 			if (old_nl)
 				old_nl->next = (uint32_t) ((void *) nl -
@@ -616,7 +617,7 @@ static struct hash_cell *__find_device_h
 
 	md = dm_get_md(huge_decode_dev(param->dev));
 	if (md) {
-		if (vx_check(dm_get_xid(md), VX_WATCH_P|VX_IDENT))
+		if (vx_check(dm_get_xid(md), VS_WATCH_P|VS_IDENT))
 			mdptr = dm_get_mdptr(md);
 		else
 			dm_put(md);
--- linux-2.6.18.3-vs2.1.1.2/drivers/md/dm.c	2006-09-25 17:21:03 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/drivers/md/dm.c	2006-11-26 23:05:47 +0100
@@ -20,6 +20,7 @@
 #include <linux/idr.h>
 #include <linux/hdreg.h>
 #include <linux/blktrace_api.h>
+#include <linux/vs_base.h>
 
 #define DM_MSG_PREFIX "core"
 
@@ -239,7 +240,7 @@ static int dm_blk_open(struct inode *ino
 		goto out;
 
 	ret = -EACCES;
-	if (!vx_check(md->xid, VX_IDENT))
+	if (!vx_check(md->xid, VS_IDENT))
 		goto out;
  
 	dm_get(md);
--- linux-2.6.18.3-vs2.1.1.2/fs/attr.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/attr.c	2006-11-26 22:38:54 +0100
@@ -17,6 +17,7 @@
 #include <linux/security.h>
 #include <linux/proc_fs.h>
 #include <linux/devpts_fs.h>
+#include <linux/vs_base.h>
 #include <linux/vserver/debug.h>
 
 /* Taken over from the old code... */
@@ -61,7 +62,7 @@ int inode_change_ok(struct inode *inode,
 	}
 
 	/* Check for evil vserver activity */
-	if (vx_check(0, VX_ADMIN))
+	if (vx_check(0, VS_ADMIN))
 		goto fine;
 
 	if (IS_BARRIER(inode)) {
@@ -77,7 +78,7 @@ int inode_change_ok(struct inode *inode,
 			goto error;
 		case DEVPTS_SUPER_MAGIC:
 			/* devpts is xid tagged */
-			if (vx_check((xid_t)inode->i_tag, VX_IDENT))
+			if (vx_check((xid_t)inode->i_tag, VS_IDENT))
 				goto fine;
 			vxwprintk(1, "xid=%d messing with the devpts.",
 				vx_current_xid());
--- linux-2.6.18.3-vs2.1.1.2/fs/devpts/inode.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/devpts/inode.c	2006-11-26 22:46:08 +0100
@@ -19,6 +19,7 @@
 #include <linux/tty.h>
 #include <linux/devpts_fs.h>
 #include <linux/parser.h>
+#include <linux/vs_base.h>
 
 
 static int devpts_permission(struct inode *inode, int mask, struct nameidata *nd)
@@ -26,7 +27,7 @@ static int devpts_permission(struct inod
 	int ret = -EACCES;
 
 	/* devpts is xid tagged */
-	if (vx_check((xid_t)inode->i_tag, VX_WATCH_P|VX_IDENT))
+	if (vx_check((xid_t)inode->i_tag, VS_WATCH_P|VS_IDENT))
 		ret = generic_permission(inode, mask, NULL);
 	return ret;
 }
@@ -107,7 +108,7 @@ static int devpts_remount(struct super_b
 static int devpts_filter(struct dentry *de)
 {
 	/* devpts is xid tagged */
-	return vx_check((xid_t)de->d_inode->i_tag, VX_WATCH_P|VX_IDENT);
+	return vx_check((xid_t)de->d_inode->i_tag, VS_WATCH_P|VS_IDENT);
 }
 
 static int devpts_readdir(struct file * filp, void * dirent, filldir_t filldir)
--- linux-2.6.18.3-vs2.1.1.2/fs/ext2/inode.c	2006-11-04 08:24:09 +0100
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/ext2/inode.c	2006-11-26 20:24:26 +0100
@@ -31,7 +31,7 @@
 #include <linux/writeback.h>
 #include <linux/buffer_head.h>
 #include <linux/mpage.h>
-#include <linux/vserver/tag.h>
+#include <linux/vs_tag.h>
 #include "ext2.h"
 #include "acl.h"
 #include "xip.h"
--- linux-2.6.18.3-vs2.1.1.2/fs/ext2/namei.c	2006-11-04 08:24:09 +0100
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/ext2/namei.c	2006-11-26 20:24:37 +0100
@@ -31,7 +31,7 @@
  */
 
 #include <linux/pagemap.h>
-#include <linux/vserver/tag.h>
+#include <linux/vs_tag.h>
 #include "ext2.h"
 #include "xattr.h"
 #include "acl.h"
--- linux-2.6.18.3-vs2.1.1.2/fs/ext3/inode.c	2006-11-04 08:15:22 +0100
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/ext3/inode.c	2006-11-26 20:24:46 +0100
@@ -36,7 +36,7 @@
 #include <linux/writeback.h>
 #include <linux/mpage.h>
 #include <linux/uio.h>
-#include <linux/vserver/tag.h>
+#include <linux/vs_tag.h>
 #include "xattr.h"
 #include "acl.h"
 
--- linux-2.6.18.3-vs2.1.1.2/fs/ext3/ioctl.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/ext3/ioctl.c	2006-11-26 20:24:54 +0100
@@ -14,7 +14,7 @@
 #include <linux/ext3_fs.h>
 #include <linux/ext3_jbd.h>
 #include <linux/time.h>
-#include <linux/vserver/tag.h>
+#include <linux/vs_tag.h>
 #include <asm/uaccess.h>
 
 
--- linux-2.6.18.3-vs2.1.1.2/fs/ext3/namei.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/ext3/namei.c	2006-11-26 20:25:04 +0100
@@ -36,7 +36,7 @@
 #include <linux/quotaops.h>
 #include <linux/buffer_head.h>
 #include <linux/smp_lock.h>
-#include <linux/vserver/tag.h>
+#include <linux/vs_tag.h>
 
 #include "namei.h"
 #include "xattr.h"
--- linux-2.6.18.3-vs2.1.1.2/fs/ioctl.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/ioctl.c	2006-11-26 20:25:12 +0100
@@ -14,7 +14,7 @@
 #include <linux/module.h>
 #include <linux/proc_fs.h>
 #include <linux/vserver/inode.h>
-#include <linux/vserver/tag.h>
+#include <linux/vs_tag.h>
 
 #include <asm/uaccess.h>
 #include <asm/ioctls.h>
--- linux-2.6.18.3-vs2.1.1.2/fs/ioprio.c	2006-10-07 04:29:47 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/ioprio.c	2006-11-26 22:45:06 +0100
@@ -25,6 +25,7 @@
 #include <linux/capability.h>
 #include <linux/syscalls.h>
 #include <linux/security.h>
+#include <linux/vs_base.h>
 
 static int set_task_ioprio(struct task_struct *task, int ioprio)
 {
--- linux-2.6.18.3-vs2.1.1.2/fs/jfs/jfs_imap.c	2006-11-04 19:12:54 +0100
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/jfs/jfs_imap.c	2006-11-26 20:25:20 +0100
@@ -45,7 +45,7 @@
 #include <linux/buffer_head.h>
 #include <linux/pagemap.h>
 #include <linux/quotaops.h>
-#include <linux/vserver/tag.h>
+#include <linux/vs_tag.h>
 
 #include "jfs_incore.h"
 #include "jfs_inode.h"
--- linux-2.6.18.3-vs2.1.1.2/fs/jfs/namei.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/jfs/namei.c	2006-11-26 20:25:29 +0100
@@ -20,7 +20,7 @@
 #include <linux/fs.h>
 #include <linux/ctype.h>
 #include <linux/quotaops.h>
-#include <linux/vserver/tag.h>
+#include <linux/vs_tag.h>
 #include "jfs_incore.h"
 #include "jfs_superblock.h"
 #include "jfs_inode.h"
--- linux-2.6.18.3-vs2.1.1.2/fs/locks.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/locks.c	2006-11-26 20:58:00 +0100
@@ -2161,7 +2161,7 @@ int get_locks_status(char *buffer, char 
 		struct list_head *btmp;
 		struct file_lock *fl = list_entry(tmp, struct file_lock, fl_link);
 
-		if (!vx_check(fl->fl_xid, VX_WATCH_P|VX_IDENT))
+		if (!vx_check(fl->fl_xid, VS_WATCH_P|VS_IDENT))
 			continue;
 
 		lock_get_status(q, fl, ++i, "");
--- linux-2.6.18.3-vs2.1.1.2/fs/namei.c	2006-11-21 10:50:38 +0100
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/namei.c	2006-11-26 22:37:42 +0100
@@ -34,6 +34,7 @@
 #include <linux/namei.h>
 #include <linux/proc_fs.h>
 #include <linux/vserver/inode.h>
+#include <linux/vs_base.h>
 #include <linux/vs_tag.h>
 #include <linux/vserver/debug.h>
 #include <linux/vs_cowbl.h>
@@ -232,7 +233,7 @@ int generic_permission(struct inode *ino
 
 static inline int dx_barrier(struct inode *inode)
 {
-	if (IS_BARRIER(inode) && !vx_check(0, VX_ADMIN|VX_WATCH)) {
+	if (IS_BARRIER(inode) && !vx_check(0, VS_ADMIN|VS_WATCH)) {
 		vxwprintk(1, "xid=%d did hit the barrier.",
 			vx_current_xid());
 		return 1;
--- linux-2.6.18.3-vs2.1.1.2/fs/namespace.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/namespace.c	2006-11-26 23:39:46 +0100
@@ -23,7 +23,8 @@
 #include <linux/security.h>
 #include <linux/mount.h>
 #include <linux/vserver/namespace.h>
-#include <linux/vserver/tag.h>
+#include <linux/vs_context.h>
+#include <linux/vs_tag.h>
 #include <asm/uaccess.h>
 #include <asm/unistd.h>
 #include "pnode.h"
@@ -414,10 +415,10 @@ static int show_vfsmnt(struct seq_file *
 
 	if (vx_flags(VXF_HIDE_MOUNT, 0))
 		return 0;
-	if (!mnt_is_reachable(mnt) && !vx_check(0, VX_WATCH_P))
+	if (!mnt_is_reachable(mnt) && !vx_check(0, VS_WATCH_P))
 		return 0;
 
-	if (!vx_check(0, VX_ADMIN|VX_WATCH) &&
+	if (!vx_check(0, VS_ADMIN|VS_WATCH) &&
 		mnt == current->fs->rootmnt) {
 		seq_puts(m, "/dev/root / ");
 	} else {
@@ -459,10 +460,10 @@ static int show_vfsstat(struct seq_file 
 
 	if (vx_flags(VXF_HIDE_MOUNT, 0))
 		return 0;
-	if (!mnt_is_reachable(mnt) && !vx_check(0, VX_WATCH_P))
+	if (!mnt_is_reachable(mnt) && !vx_check(0, VS_WATCH_P))
 		return 0;
 
-	if (!vx_check(0, VX_ADMIN|VX_WATCH) &&
+	if (!vx_check(0, VS_ADMIN|VS_WATCH) &&
 		mnt == current->fs->rootmnt) {
 		seq_puts(m, "device /dev/root mounted on / ");
 	} else {
--- linux-2.6.18.3-vs2.1.1.2/fs/nfs/dir.c	2006-11-04 19:12:54 +0100
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/nfs/dir.c	2006-11-26 20:25:48 +0100
@@ -32,7 +32,7 @@
 #include <linux/pagemap.h>
 #include <linux/smp_lock.h>
 #include <linux/namei.h>
-#include <linux/vserver/tag.h>
+#include <linux/vs_tag.h>
 
 #include "nfs4_fs.h"
 #include "delegation.h"
--- linux-2.6.18.3-vs2.1.1.2/fs/nfs/inode.c	2006-09-25 17:21:31 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/nfs/inode.c	2006-11-26 20:26:19 +0100
@@ -37,7 +37,7 @@
 #include <linux/vfs.h>
 #include <linux/inet.h>
 #include <linux/nfs_xdr.h>
-#include <linux/vserver/tag.h>
+#include <linux/vs_tag.h>
 
 #include <asm/system.h>
 #include <asm/uaccess.h>
--- linux-2.6.18.3-vs2.1.1.2/fs/nfs/nfs3xdr.c	2006-09-25 17:24:34 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/nfs/nfs3xdr.c	2006-11-26 20:26:26 +0100
@@ -22,7 +22,7 @@
 #include <linux/nfs3.h>
 #include <linux/nfs_fs.h>
 #include <linux/nfsacl.h>
-#include <linux/vserver/tag.h>
+#include <linux/vs_tag.h>
 #include "internal.h"
 
 #define NFSDBG_FACILITY		NFSDBG_XDR
--- linux-2.6.18.3-vs2.1.1.2/fs/nfs/super.c	2006-09-25 19:20:51 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/nfs/super.c	2006-11-26 20:26:32 +0100
@@ -40,7 +40,7 @@
 #include <linux/vfs.h>
 #include <linux/inet.h>
 #include <linux/nfs_xdr.h>
-#include <linux/vserver/tag.h>
+#include <linux/vs_tag.h>
 
 #include <asm/system.h>
 #include <asm/uaccess.h>
--- linux-2.6.18.3-vs2.1.1.2/fs/nfsd/auth.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/nfsd/auth.c	2006-11-26 20:26:39 +0100
@@ -9,7 +9,7 @@
 #include <linux/sunrpc/svc.h>
 #include <linux/sunrpc/svcauth.h>
 #include <linux/nfsd/nfsd.h>
-#include <linux/vserver/tag.h>
+#include <linux/vs_tag.h>
 
 #define	CAP_NFSD_MASK (CAP_FS_MASK|CAP_TO_MASK(CAP_SYS_RESOURCE))
 
--- linux-2.6.18.3-vs2.1.1.2/fs/nfsd/nfs3xdr.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/nfsd/nfs3xdr.c	2006-11-26 20:26:46 +0100
@@ -21,7 +21,7 @@
 #include <linux/sunrpc/svc.h>
 #include <linux/nfsd/nfsd.h>
 #include <linux/nfsd/xdr3.h>
-#include <linux/vserver/tag.h>
+#include <linux/vs_tag.h>
 
 #define NFSDDBG_FACILITY		NFSDDBG_XDR
 
--- linux-2.6.18.3-vs2.1.1.2/fs/nfsd/nfs4xdr.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/nfsd/nfs4xdr.c	2006-11-26 20:26:53 +0100
@@ -57,7 +57,7 @@
 #include <linux/nfsd_idmap.h>
 #include <linux/nfs4.h>
 #include <linux/nfs4_acl.h>
-#include <linux/vserver/tag.h>
+#include <linux/vs_tag.h>
 
 #define NFSDDBG_FACILITY		NFSDDBG_XDR
 
--- linux-2.6.18.3-vs2.1.1.2/fs/nfsd/nfsxdr.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/nfsd/nfsxdr.c	2006-11-26 20:27:17 +0100
@@ -15,7 +15,7 @@
 #include <linux/nfsd/nfsd.h>
 #include <linux/nfsd/xdr.h>
 #include <linux/mm.h>
-#include <linux/vserver/tag.h>
+#include <linux/vs_tag.h>
 
 #define NFSDDBG_FACILITY		NFSDDBG_XDR
 
--- linux-2.6.18.3-vs2.1.1.2/fs/open.c	2006-11-04 08:24:09 +0100
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/open.c	2006-11-26 20:58:01 +0100
@@ -30,7 +30,7 @@
 #include <linux/audit.h>
 #include <linux/vs_limit.h>
 #include <linux/vs_dlimit.h>
-#include <linux/vserver/tag.h>
+#include <linux/vs_tag.h>
 #include <linux/vs_cowbl.h>
 
 #include <asm/unistd.h>
@@ -52,7 +52,7 @@ int vfs_statfs(struct dentry *dentry, st
 			if (retval == 0 && buf->f_frsize == 0)
 				buf->f_frsize = buf->f_bsize;
 		}
-		if (!vx_check(0, VX_ADMIN|VX_WATCH))
+		if (!vx_check(0, VS_ADMIN|VS_WATCH))
 			vx_vsi_statfs(sb, buf);
 	}
 	return retval;
--- linux-2.6.18.3-vs2.1.1.2/fs/quota.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/quota.c	2006-11-27 02:05:39 +0100
@@ -19,6 +19,7 @@
 #include <linux/quotaops.h>
 #include <linux/major.h>
 #include <linux/blkdev.h>
+#include <linux/vs_context.h>
 #include <linux/vserver/debug.h>
 
 
--- linux-2.6.18.3-vs2.1.1.2/fs/reiserfs/inode.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/reiserfs/inode.c	2006-11-26 20:27:36 +0100
@@ -17,7 +17,7 @@
 #include <linux/writeback.h>
 #include <linux/quotaops.h>
 #include <linux/vs_dlimit.h>
-#include <linux/vserver/tag.h>
+#include <linux/vs_tag.h>
 
 extern int reiserfs_default_io_size;	/* default io size devuned in super.c */
 
--- linux-2.6.18.3-vs2.1.1.2/fs/super.c	2006-11-03 18:28:44 +0100
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/super.c	2006-11-26 23:39:05 +0100
@@ -39,6 +39,7 @@
 #include <linux/mutex.h>
 #include <linux/devpts_fs.h>
 #include <linux/proc_fs.h>
+#include <linux/vs_context.h>
 #include <asm/uaccess.h>
 
 
--- linux-2.6.18.3-vs2.1.1.2/fs/xfs/linux-2.6/xfs_iops.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/xfs/linux-2.6/xfs_iops.c	2006-11-26 20:27:44 +0100
@@ -53,7 +53,7 @@
 #include <linux/xattr.h>
 #include <linux/namei.h>
 #include <linux/security.h>
-#include <linux/vserver/tag.h>
+#include <linux/vs_tag.h>
 
 /*
  * Get a XFS inode from a given vnode.
--- linux-2.6.18.3-vs2.1.1.2/fs/xfs/quota/xfs_qm_syscalls.c	2006-09-20 17:01:44 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/fs/xfs/quota/xfs_qm_syscalls.c	2006-11-27 02:05:39 +0100
@@ -17,6 +17,7 @@
  */
 
 #include <linux/capability.h>
+#include <linux/vs_context.h>
 
 #include "xfs.h"
 #include "xfs_fs.h"
--- linux-2.6.18.3-vs2.1.1.2/include/linux/sched.h	2006-10-06 23:09:03 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/include/linux/sched.h	2006-11-26 19:43:50 +0100
@@ -53,7 +53,6 @@ struct sched_param {
 #include <linux/cpumask.h>
 #include <linux/errno.h>
 #include <linux/nodemask.h>
-#include <linux/vs_base.h>
 
 #include <asm/system.h>
 #include <asm/semaphore.h>
--- linux-2.6.18.3-vs2.1.1.2/include/linux/vs_base.h	2006-11-21 02:43:52 +0100
+++ linux-2.6.18.3-vs2.1.1.2.3/include/linux/vs_base.h	2006-11-26 23:36:22 +0100
@@ -1,131 +1,8 @@
-#ifndef _VX_VS_BASE_H
-#define _VX_VS_BASE_H
-
-#include "vserver/context.h"
-
-
-#define vx_task_xid(t)	((t)->xid)
-
-#define vx_current_xid() vx_task_xid(current)
-
-#define current_vx_info() (current->vx_info)
-
-
-#define vx_check(c,m)	__vx_check(vx_current_xid(),c,m)
-
-#define vx_weak_check(c,m)	((m) ? vx_check(c,m) : 1)
-
-
-/*
- * check current context for ADMIN/WATCH and
- * optionally against supplied argument
- */
-static inline int __vx_check(xid_t cid, xid_t id, unsigned int mode)
-{
-	if (mode & VX_ARG_MASK) {
-		if ((mode & VX_IDENT) &&
-			(id == cid))
-			return 1;
-	}
-	if (mode & VX_ATR_MASK) {
-		if ((mode & VX_DYNAMIC) &&
-			(id >= MIN_D_CONTEXT) &&
-			(id <= MAX_S_CONTEXT))
-			return 1;
-		if ((mode & VX_STATIC) &&
-			(id > 1) && (id < MIN_D_CONTEXT))
-			return 1;
-	}
-	return (((mode & VX_ADMIN) && (cid == 0)) ||
-		((mode & VX_WATCH) && (cid == 1)) ||
-		((mode & VX_HOSTID) && (id == 0)));
-}
-
-
-#define __vx_state(v)	((v) ? ((v)->vx_state) : 0)
-
-#define vx_info_state(v,m)	(__vx_state(v) & (m))
-
-
-/* generic flag merging */
-
-#define vx_check_flags(v,m,f)	(((v) & (m)) ^ (f))
-
-#define vx_mask_flags(v,f,m)	(((v) & ~(m)) | ((f) & (m)))
-
-#define vx_mask_mask(v,f,m)	(((v) & ~(m)) | ((v) & (f) & (m)))
-
-#define vx_check_bit(v,n)	((v) & (1LL << (n)))
-
-
-/* context flags */
-
-#define __vx_flags(v)	((v) ? (v)->vx_flags : 0)
-
-#define vx_current_flags()	__vx_flags(current->vx_info)
-
-#define vx_info_flags(v,m,f) \
-	vx_check_flags(__vx_flags(v),(m),(f))
-
-#define task_vx_flags(t,m,f) \
-	((t) && vx_info_flags((t)->vx_info, (m), (f)))
-
-#define vx_flags(m,f)	vx_info_flags(current->vx_info,(m),(f))
-
-
-/* context caps */
-
-#define __vx_ccaps(v)	((v) ? (v)->vx_ccaps : 0)
-
-#define vx_current_ccaps()	__vx_ccaps(current->vx_info)
-
-#define vx_info_ccaps(v,c)	(__vx_ccaps(v) & (c))
-
-#define vx_ccaps(c)	vx_info_ccaps(current->vx_info,(c))
-
-
-#define __vx_mcaps(v)	((v) ? (v)->vx_ccaps >> 32UL : ~0 )
-
-#define vx_info_mcaps(v,c)	(__vx_mcaps(v) & (c))
-
-#define vx_mcaps(c)	vx_info_mcaps(current->vx_info,(c))
-
-
-/* context bcap mask */
-
-#define __vx_bcaps(v)	((v) ? (v)->vx_bcaps : ~0 )
-
-#define vx_current_bcaps()	__vx_bcaps(current->vx_info)
-
-#define vx_info_bcaps(v,c)	(__vx_bcaps(v) & (c))
-
-#define vx_bcaps(c)	vx_info_bcaps(current->vx_info,(c))
-
-
-#define vx_info_cap_bset(v)	((v) ? (v)->vx_cap_bset : cap_bset)
-
-#define vx_current_cap_bset()	vx_info_cap_bset(current->vx_info)
-
-
-#define __vx_info_mbcap(v,b) \
-	(!vx_info_flags(v, VXF_STATE_SETUP, 0) ? \
-	vx_info_bcaps(v, b) : (b))
-
-#define vx_info_mbcap(v,b)	__vx_info_mbcap(v,cap_t(b))
-
-#define task_vx_mbcap(t,b) \
-	vx_info_mbcap((t)->vx_info, (t)->b)
-
-#define vx_mbcap(b)	task_vx_mbcap(current,b)
-
-#define vx_cap_raised(v,c,f)	(vx_info_mbcap(v,c) & CAP_TO_MASK(f))
-
-#define vx_capable(b,c) (capable(b) || \
-	(cap_raised(current->cap_effective,b) && vx_ccaps(c)))
-
+#ifndef _VS_BASE_H
+#define _VS_BASE_H
 
-#define vx_current_initpid(n) \
-	(current->vx_info && \
-	(current->vx_info->vx_initpid == (n)))
+#include "vserver/base.h"
 
+#else
+#warning duplicate inclusion
 #endif
--- linux-2.6.18.3-vs2.1.1.2/include/linux/vs_context.h	2006-10-20 03:18:45 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/include/linux/vs_context.h	2006-11-26 21:23:33 +0100
@@ -1,9 +1,10 @@
-#ifndef _VX_VS_CONTEXT_H
-#define _VX_VS_CONTEXT_H
+#ifndef _VS_CONTEXT_H
+#define _VS_CONTEXT_H
 
-#include <linux/kernel.h>
-#include "vserver/debug.h"
+#include "vserver/base.h"
+#include "vserver/context.h"
 #include "vserver/history.h"
+#include "vserver/debug.h"
 
 
 #define get_vx_info(i)	__get_vx_info(i,__FILE__,__LINE__,__HERE__)
--- linux-2.6.18.3-vs2.1.1.2/include/linux/vs_cowbl.h	2006-11-04 05:16:09 +0100
+++ linux-2.6.18.3-vs2.1.1.2.3/include/linux/vs_cowbl.h	2006-11-26 21:23:33 +0100
@@ -1,5 +1,5 @@
-#ifndef _VX_VS_COWBL_H
-#define _VX_VS_COWBL_H
+#ifndef _VS_COWBL_H
+#define _VS_COWBL_H
 
 #include <linux/fs.h>
 #include <linux/dcache.h>
--- linux-2.6.18.3-vs2.1.1.2/include/linux/vs_cvirt.h	2006-11-19 19:52:27 +0100
+++ linux-2.6.18.3-vs2.1.1.2.3/include/linux/vs_cvirt.h	2006-11-26 21:23:33 +0100
@@ -1,7 +1,9 @@
-#ifndef _VX_VS_CVIRT_H
-#define _VX_VS_CVIRT_H
+#ifndef _VS_CVIRT_H
+#define _VS_CVIRT_H
 
 #include "vserver/cvirt.h"
+#include "vserver/context.h"
+#include "vserver/base.h"
 #include "vserver/debug.h"
 
 
--- linux-2.6.18.3-vs2.1.1.2/include/linux/vs_dlimit.h	2006-10-18 01:55:44 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/include/linux/vs_dlimit.h	2006-11-26 21:23:33 +0100
@@ -1,7 +1,8 @@
-#ifndef _VX_VS_DLIMIT_H
-#define _VX_VS_DLIMIT_H
+#ifndef _VS_DLIMIT_H
+#define _VS_DLIMIT_H
 
 #include "vserver/dlimit.h"
+#include "vserver/base.h"
 #include "vserver/debug.h"
 
 
--- linux-2.6.18.3-vs2.1.1.2/include/linux/vs_limit.h	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/include/linux/vs_limit.h	2006-11-26 21:23:33 +0100
@@ -1,7 +1,9 @@
-#ifndef _VX_VS_LIMIT_H
-#define _VX_VS_LIMIT_H
+#ifndef _VS_LIMIT_H
+#define _VS_LIMIT_H
 
 #include "vserver/limit.h"
+#include "vserver/base.h"
+#include "vserver/context.h"
 #include "vserver/debug.h"
 #include "vserver/limit_int.h"
 
--- linux-2.6.18.3-vs2.1.1.2/include/linux/vs_memory.h	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/include/linux/vs_memory.h	2006-11-27 03:08:42 +0100
@@ -1,7 +1,9 @@
-#ifndef _VX_VS_MEMORY_H
-#define _VX_VS_MEMORY_H
+#ifndef _VS_MEMORY_H
+#define _VS_MEMORY_H
 
 #include "vserver/limit.h"
+#include "vserver/base.h"
+#include "vserver/context.h"
 #include "vserver/debug.h"
 #include "vserver/limit_int.h"
 
--- linux-2.6.18.3-vs2.1.1.2/include/linux/vs_network.h	2006-10-28 18:31:23 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/include/linux/vs_network.h	2006-11-26 21:23:33 +0100
@@ -2,6 +2,7 @@
 #define _NX_VS_NETWORK_H
 
 #include "vserver/network.h"
+#include "vserver/base.h"
 #include "vserver/debug.h"
 
 
@@ -150,72 +151,6 @@ static __inline__ struct nx_info *__task
 }
 
 
-#define nx_task_nid(t)	((t)->nid)
-
-#define nx_current_nid() nx_task_nid(current)
-
-#define current_nx_info() (current->nx_info)
-
-
-#define nx_check(c,m)	__nx_check(nx_current_nid(),c,m)
-
-#define nx_weak_check(c,m)	((m) ? nx_check(c,m) : 1)
-
-
-/*
- * check current context for ADMIN/WATCH and
- * optionally against supplied argument
- */
-static inline int __nx_check(nid_t cid, nid_t id, unsigned int mode)
-{
-	if (mode & NX_ARG_MASK) {
-		if ((mode & NX_IDENT) &&
-			(id == cid))
-			return 1;
-	}
-	if (mode & NX_ATR_MASK) {
-		if ((mode & NX_DYNAMIC) &&
-			(id >= MIN_D_CONTEXT) &&
-			(id <= MAX_S_CONTEXT))
-			return 1;
-		if ((mode & NX_STATIC) &&
-			(id > 1) && (id < MIN_D_CONTEXT))
-			return 1;
-	}
-	return (((mode & NX_ADMIN) && (cid == 0)) ||
-		((mode & NX_WATCH) && (cid == 1)) ||
-		((mode & NX_BLEND) && (id == 1)) ||
-		((mode & NX_HOSTID) && (id == 0)));
-}
-
-
-#define __nx_state(v)	((v) ? ((v)->nx_state) : 0)
-
-#define nx_info_state(v,m)	(__nx_state(v) & (m))
-
-
-#define __nx_flags(v)	((v) ? (v)->nx_flags : 0)
-
-#define nx_current_flags()	__nx_flags(current->nx_info)
-
-#define nx_info_flags(v,m,f) \
-	vx_check_flags(__nx_flags(v),(m),(f))
-
-#define task_nx_flags(t,m,f) \
-	((t) && nx_info_flags((t)->nx_info, (m), (f)))
-
-#define nx_flags(m,f)	nx_info_flags(current->nx_info,(m),(f))
-
-
-/* context caps */
-
-#define __nx_ncaps(v)	((v) ? (v)->nx_ncaps : 0)
-
-#define nx_current_ncaps()	__nx_ncaps(current->nx_info)
-
-#define nx_info_ncaps(v,c)	(__nx_ncaps(v) & (c))
-
-#define nx_ncaps(c)	nx_info_ncaps(current->nx_info,(c))
 
 
 static inline int addr_in_nx_info(struct nx_info *nxi, uint32_t addr)
--- linux-2.6.18.3-vs2.1.1.2/include/linux/vs_pid.h	2006-11-01 07:29:16 +0100
+++ linux-2.6.18.3-vs2.1.1.2.3/include/linux/vs_pid.h	2006-11-26 22:05:05 +0100
@@ -1,6 +1,8 @@
-#ifndef _VX_VS_PID_H
-#define _VX_VS_PID_H
+#ifndef _VS_PID_H
+#define _VS_PID_H
 
+#include "vserver/base.h"
+#include "vserver/context.h"
 #include "vserver/debug.h"
 
 
@@ -62,7 +64,7 @@ int proc_pid_visible(struct task_struct 
 		!vx_flags(VXF_FAKE_INIT, VXF_FAKE_INIT))
 		/* show a blend through init */
 		goto visible;
-	if (vx_check(vx_task_xid(task), VX_WATCH|VX_IDENT))
+	if (vx_check(vx_task_xid(task), VS_WATCH|VS_IDENT))
 		goto visible;
 	return 0;
 visible:
--- linux-2.6.18.3-vs2.1.1.2/include/linux/vs_sched.h	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/include/linux/vs_sched.h	2006-11-26 21:23:33 +0100
@@ -1,6 +1,8 @@
-#ifndef _VX_VS_SCHED_H
-#define _VX_VS_SCHED_H
+#ifndef _VS_SCHED_H
+#define _VS_SCHED_H
 
+#include "vserver/base.h"
+#include "vserver/context.h"
 #include "vserver/sched.h"
 
 
--- linux-2.6.18.3-vs2.1.1.2/include/linux/vs_socket.h	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/include/linux/vs_socket.h	2006-11-26 23:09:25 +0100
@@ -1,7 +1,10 @@
-#ifndef _VX_VS_SOCKET_H
-#define _VX_VS_SOCKET_H
+#ifndef _VS_SOCKET_H
+#define _VS_SOCKET_H
 
 #include "vserver/debug.h"
+#include "vserver/base.h"
+#include "vserver/cacct.h"
+#include "vserver/context.h"
 
 
 /* socket accounting */
--- linux-2.6.18.3-vs2.1.1.2/include/linux/vs_tag.h	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/include/linux/vs_tag.h	2006-11-26 21:23:33 +0100
@@ -1,7 +1,6 @@
-#ifndef _VX_VS_TAG_H
-#define _VX_VS_TAG_H
+#ifndef _VS_TAG_H
+#define _VS_TAG_H
 
-#include <linux/kernel.h>
 #include <linux/vserver/tag.h>
 
 /* check conditions */
--- linux-2.6.18.3-vs2.1.1.2/include/linux/vs_time.h	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/include/linux/vs_time.h	2006-11-26 21:23:33 +0100
@@ -1,5 +1,5 @@
-#ifndef _VX_VS_TIME_H
-#define _VX_VS_TIME_H
+#ifndef _VS_TIME_H
+#define _VS_TIME_H
 
 
 /* time faking stuff */
--- linux-2.6.18.3-vs2.1.1.2/include/linux/vserver/base.h	1970-01-01 01:00:00 +0100
+++ linux-2.6.18.3-vs2.1.1.2.3/include/linux/vserver/base.h	2006-11-27 00:32:20 +0100
@@ -0,0 +1,222 @@
+#ifndef _VX_BASE_H
+#define _VX_BASE_H
+
+
+/* context state changes */
+
+enum {
+	VSC_STARTUP = 1,
+	VSC_SHUTDOWN,
+
+	VSC_NETUP,
+	VSC_NETDOWN,
+};
+
+
+#define MAX_S_CONTEXT	65535	/* Arbitrary limit */
+
+#ifdef	CONFIG_VSERVER_DYNAMIC_IDS
+#define MIN_D_CONTEXT	49152	/* dynamic contexts start here */
+#else
+#define MIN_D_CONTEXT	65536
+#endif
+
+/* check conditions */
+
+#define VS_ADMIN	0x0001
+#define VS_WATCH	0x0002
+#define VS_HIDE		0x0004
+#define VS_HOSTID	0x0008
+
+#define VS_IDENT	0x0010
+#define VS_EQUIV	0x0020
+#define VS_PARENT	0x0040
+#define VS_CHILD	0x0080
+
+#define VS_ARG_MASK	0x00F0
+
+#define VS_DYNAMIC	0x0100
+#define VS_STATIC	0x0200
+
+#define VS_ATR_MASK	0x0F00
+
+#ifdef	CONFIG_VSERVER_PRIVACY
+#define VS_ADMIN_P	(0)
+#define VS_WATCH_P	(0)
+#else
+#define VS_ADMIN_P	VS_ADMIN
+#define VS_WATCH_P	VS_WATCH
+#endif
+
+
+/*
+ * check current context for ADMIN/WATCH and
+ * optionally against supplied argument
+ */
+static inline int __vs_check(int cid, int id, unsigned int mode)
+{
+	if (mode & VS_ARG_MASK) {
+		if ((mode & VS_IDENT) &&
+			(id == cid))
+			return 1;
+	}
+	if (mode & VS_ATR_MASK) {
+		if ((mode & VS_DYNAMIC) &&
+			(id >= MIN_D_CONTEXT) &&
+			(id <= MAX_S_CONTEXT))
+			return 1;
+		if ((mode & VS_STATIC) &&
+			(id > 1) && (id < MIN_D_CONTEXT))
+			return 1;
+	}
+	return (((mode & VS_ADMIN) && (cid == 0)) ||
+		((mode & VS_WATCH) && (cid == 1)) ||
+		((mode & VS_HOSTID) && (id == 0)));
+}
+
+#define vx_task_xid(t)	((t)->xid)
+
+#define vx_current_xid() vx_task_xid(current)
+
+#define current_vx_info() (current->vx_info)
+
+
+#define vx_check(c,m)	__vs_check(vx_current_xid(),c,(m))
+
+#define vx_weak_check(c,m)	((m) ? vx_check(c,m) : 1)
+
+
+#define nx_task_nid(t)	((t)->nid)
+
+#define nx_current_nid() nx_task_nid(current)
+
+#define current_nx_info() (current->nx_info)
+
+
+#define nx_check(c,m)	__vs_check(nx_current_nid(),c,m)
+
+#define nx_weak_check(c,m)	((m) ? nx_check(c,m) : 1)
+
+
+
+/* generic flag merging */
+
+#define vs_check_flags(v,m,f)	(((v) & (m)) ^ (f))
+
+#define vs_mask_flags(v,f,m)	(((v) & ~(m)) | ((f) & (m)))
+
+#define vs_mask_mask(v,f,m)	(((v) & ~(m)) | ((v) & (f) & (m)))
+
+#define vs_check_bit(v,n)	((v) & (1LL << (n)))
+
+
+/* context flags */
+
+#define __vx_flags(v)	((v) ? (v)->vx_flags : 0)
+
+#define vx_current_flags()	__vx_flags(current->vx_info)
+
+#define vx_info_flags(v,m,f) \
+	vs_check_flags(__vx_flags(v),(m),(f))
+
+#define task_vx_flags(t,m,f) \
+	((t) && vx_info_flags((t)->vx_info, (m), (f)))
+
+#define vx_flags(m,f)	vx_info_flags(current->vx_info,(m),(f))
+
+
+/* context caps */
+
+#define __vx_ccaps(v)	((v) ? (v)->vx_ccaps : 0)
+
+#define vx_current_ccaps()	__vx_ccaps(current->vx_info)
+
+#define vx_info_ccaps(v,c)	(__vx_ccaps(v) & (c))
+
+#define vx_ccaps(c)	vx_info_ccaps(current->vx_info,(c))
+
+
+
+/* network flags */
+
+#define __nx_flags(v)	((v) ? (v)->nx_flags : 0)
+
+#define nx_current_flags()	__nx_flags(current->nx_info)
+
+#define nx_info_flags(v,m,f) \
+	vs_check_flags(__nx_flags(v),(m),(f))
+
+#define task_nx_flags(t,m,f) \
+	((t) && nx_info_flags((t)->nx_info, (m), (f)))
+
+#define nx_flags(m,f)	nx_info_flags(current->nx_info,(m),(f))
+
+
+/* network caps */
+
+#define __nx_ncaps(v)	((v) ? (v)->nx_ncaps : 0)
+
+#define nx_current_ncaps()	__nx_ncaps(current->nx_info)
+
+#define nx_info_ncaps(v,c)	(__nx_ncaps(v) & (c))
+
+#define nx_ncaps(c)	nx_info_ncaps(current->nx_info,(c))
+
+
+/* context mask capabilities */
+
+#define __vx_mcaps(v)	((v) ? (v)->vx_ccaps >> 32UL : ~0 )
+
+#define vx_info_mcaps(v,c)	(__vx_mcaps(v) & (c))
+
+#define vx_mcaps(c)	vx_info_mcaps(current->vx_info,(c))
+
+
+/* context bcap mask */
+
+#define __vx_bcaps(v)	((v) ? (v)->vx_bcaps : ~0 )
+
+#define vx_current_bcaps()	__vx_bcaps(current->vx_info)
+
+#define vx_info_bcaps(v,c)	(__vx_bcaps(v) & (c))
+
+#define vx_bcaps(c)	vx_info_bcaps(current->vx_info,(c))
+
+
+#define vx_info_cap_bset(v)	((v) ? (v)->vx_cap_bset : cap_bset)
+
+#define vx_current_cap_bset()	vx_info_cap_bset(current->vx_info)
+
+
+#define __vx_info_mbcap(v,b) \
+	(!vx_info_flags(v, VXF_STATE_SETUP, 0) ? \
+	vx_info_bcaps(v, b) : (b))
+
+#define vx_info_mbcap(v,b)	__vx_info_mbcap(v,cap_t(b))
+
+#define task_vx_mbcap(t,b) \
+	vx_info_mbcap((t)->vx_info, (t)->b)
+
+#define vx_mbcap(b)	task_vx_mbcap(current,b)
+
+#define vx_cap_raised(v,c,f)	(vx_info_mbcap(v,c) & CAP_TO_MASK(f))
+
+#define vx_capable(b,c) (capable(b) || \
+	(cap_raised(current->cap_effective,b) && vx_ccaps(c)))
+
+
+#define vx_current_initpid(n) \
+	(current->vx_info && \
+	(current->vx_info->vx_initpid == (n)))
+
+
+#define __vx_state(v)	((v) ? ((v)->vx_state) : 0)
+
+#define vx_info_state(v,m)	(__vx_state(v) & (m))
+
+
+#define __nx_state(v)	((v) ? ((v)->nx_state) : 0)
+
+#define nx_info_state(v,m)	(__nx_state(v) & (m))
+
+#endif
--- linux-2.6.18.3-vs2.1.1.2/include/linux/vserver/context.h	2006-11-23 02:29:17 +0100
+++ linux-2.6.18.3-vs2.1.1.2.3/include/linux/vserver/context.h	2006-11-26 23:31:54 +0100
@@ -5,14 +5,6 @@
 #include <linux/capability.h>
 
 
-#define MAX_S_CONTEXT	65535	/* Arbitrary limit */
-
-#ifdef	CONFIG_VSERVER_DYNAMIC_IDS
-#define MIN_D_CONTEXT	49152	/* dynamic contexts start here */
-#else
-#define MIN_D_CONTEXT	65536
-#endif
-
 #define VX_DYNAMIC_ID	((uint32_t)-1)		/* id for dynamic context */
 
 /* context flags */
@@ -82,17 +74,6 @@
 #define VXC_ADMIN_CLOOP		0x00400000
 
 
-/* context state changes */
-
-enum {
-	VSC_STARTUP = 1,
-	VSC_SHUTDOWN,
-
-	VSC_NETUP,
-	VSC_NETDOWN,
-};
-
-
 #ifdef	__KERNEL__
 
 #include <linux/list.h>
@@ -170,33 +151,6 @@ struct vx_info_save {
 #define VXS_HELPER	0x1000
 #define VXS_RELEASED	0x8000
 
-/* check conditions */
-
-#define VX_ADMIN	0x0001
-#define VX_WATCH	0x0002
-#define VX_HIDE		0x0004
-#define VX_HOSTID	0x0008
-
-#define VX_IDENT	0x0010
-#define VX_EQUIV	0x0020
-#define VX_PARENT	0x0040
-#define VX_CHILD	0x0080
-
-#define VX_ARG_MASK	0x00F0
-
-#define VX_DYNAMIC	0x0100
-#define VX_STATIC	0x0200
-
-#define VX_ATR_MASK	0x0F00
-
-
-#ifdef	CONFIG_VSERVER_PRIVACY
-#define VX_ADMIN_P	(0)
-#define VX_WATCH_P	(0)
-#else
-#define VX_ADMIN_P	VX_ADMIN
-#define VX_WATCH_P	VX_WATCH
-#endif
 
 extern void claim_vx_info(struct vx_info *, struct task_struct *);
 extern void release_vx_info(struct vx_info *, struct task_struct *);
@@ -213,6 +167,4 @@ extern long vs_state_change(struct vx_in
 
 
 #endif	/* __KERNEL__ */
-#else	/* _VX_CONTEXT_H */
-#warning duplicate inclusion
 #endif	/* _VX_CONTEXT_H */
--- linux-2.6.18.3-vs2.1.1.2/include/net/af_unix.h	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/include/net/af_unix.h	2006-11-26 23:13:00 +0100
@@ -4,6 +4,7 @@
 #include <linux/socket.h>
 #include <linux/un.h>
 #include <linux/mutex.h>
+#include <linux/vs_base.h>
 #include <net/sock.h>
 
 extern void unix_inflight(struct file *fp);
@@ -33,7 +34,7 @@ static inline struct sock *next_unix_soc
 			s = sk_next(s);
 		if (!s)
 			s = next_unix_socket_table(i);
-	} while (s && !vx_check(s->sk_xid, VX_WATCH_P|VX_IDENT));
+	} while (s && !vx_check(s->sk_xid, VS_WATCH_P|VS_IDENT));
 	return s;
 }
 
--- linux-2.6.18.3-vs2.1.1.2/include/net/route.h	2006-10-18 04:06:32 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/include/net/route.h	2006-11-26 20:58:01 +0100
@@ -226,10 +226,10 @@ static inline int ip_route_connect(struc
 		err = ip_find_src(nx_info, rp, &fl);
 		if (err)
 			return err;
-		if (fl.fl4_dst == IPI_LOOPBACK && !vx_check(0, VX_ADMIN))
+		if (fl.fl4_dst == IPI_LOOPBACK && !vx_check(0, VS_ADMIN))
 			fl.fl4_dst = nx_info->ipv4[0];
 #ifdef CONFIG_VSERVER_REMAP_SADDR
-		if (fl.fl4_src == IPI_LOOPBACK && !vx_check(0, VX_ADMIN))
+		if (fl.fl4_src == IPI_LOOPBACK && !vx_check(0, VS_ADMIN))
 			fl.fl4_src = nx_info->ipv4[0];
 #endif
 	}
--- linux-2.6.18.3-vs2.1.1.2/ipc/msg.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/ipc/msg.c	2006-11-26 23:00:59 +0100
@@ -31,6 +31,7 @@
 #include <linux/audit.h>
 #include <linux/seq_file.h>
 #include <linux/mutex.h>
+#include <linux/vs_base.h>
 
 #include <asm/current.h>
 #include <asm/uaccess.h>
@@ -848,7 +849,7 @@ static int sysvipc_msg_proc_show(struct 
 {
 	struct msg_queue *msq = it;
 
-	if (!vx_check(msq->q_perm.xid, VX_WATCH_P|VX_IDENT))
+	if (!vx_check(msq->q_perm.xid, VS_WATCH_P|VS_IDENT))
 		return 0;
 
 	return seq_printf(s,
--- linux-2.6.18.3-vs2.1.1.2/ipc/sem.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/ipc/sem.c	2006-11-26 20:58:01 +0100
@@ -1352,7 +1352,7 @@ static int sysvipc_sem_proc_show(struct 
 {
 	struct sem_array *sma = it;
 
-	if (!vx_check(sma->sem_perm.xid, VX_WATCH_P|VX_IDENT))
+	if (!vx_check(sma->sem_perm.xid, VS_WATCH_P|VS_IDENT))
 		return 0;
 
 	return seq_printf(s,
--- linux-2.6.18.3-vs2.1.1.2/ipc/shm.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/ipc/shm.c	2006-11-26 23:02:01 +0100
@@ -922,7 +922,7 @@ static int sysvipc_shm_proc_show(struct 
 #define SMALL_STRING "%10d %10d  %4o %10u %5u %5u  %5d %5u %5u %5u %5u %10lu %10lu %10lu\n"
 #define BIG_STRING   "%10d %10d  %4o %21u %5u %5u  %5d %5u %5u %5u %5u %10lu %10lu %10lu\n"
 
-	if (!vx_check(shp->shm_perm.xid, VX_WATCH_P|VX_IDENT))
+	if (!vx_check(shp->shm_perm.xid, VS_WATCH_P|VS_IDENT))
 		return 0;
 
 	if (sizeof(size_t) <= sizeof(int))
--- linux-2.6.18.3-vs2.1.1.2/ipc/util.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/ipc/util.c	2006-11-26 22:57:49 +0100
@@ -29,6 +29,7 @@
 #include <linux/seq_file.h>
 #include <linux/proc_fs.h>
 #include <linux/audit.h>
+#include <linux/vs_base.h>
 
 #include <asm/unistd.h>
 
@@ -159,7 +160,7 @@ int ipc_findkey(struct ipc_ids* ids, key
 		p = ids->entries->p[id];
 		if (p==NULL)
 			continue;
-		if (!vx_check(p->xid, VX_WATCH_P|VX_IDENT))
+		if (!vx_check(p->xid, VS_WATCH_P|VS_IDENT))
 			continue;
 		if (key == p->key)
 			return id;
@@ -473,7 +474,7 @@ int ipcperms (struct kern_ipc_perm *ipcp
 	if (unlikely((err = audit_ipc_obj(ipcp))))
 		return err;
 
-	if (!vx_check(ipcp->xid, VX_WATCH_P|VX_IDENT)) /* maybe just VX_IDENT? */
+	if (!vx_check(ipcp->xid, VS_WATCH_P|VS_IDENT)) /* maybe just VS_IDENT? */
 		return -1;
 	requested_mode = (flag >> 6) | (flag >> 3) | flag;
 	granted_mode = ipcp->mode;
--- linux-2.6.18.3-vs2.1.1.2/kernel/capability.c	2006-10-07 04:29:47 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/kernel/capability.c	2006-11-26 23:37:13 +0100
@@ -12,6 +12,7 @@
 #include <linux/module.h>
 #include <linux/security.h>
 #include <linux/syscalls.h>
+#include <linux/vs_context.h>
 #include <asm/uaccess.h>
 
 unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */
@@ -244,10 +245,11 @@ int __capable(struct task_struct *t, int
 }
 EXPORT_SYMBOL(__capable);
 
+#include <linux/vserver/base.h>
 int capable(int cap)
 {
 	/* here for now so we don't require task locking */
-	if (vx_check_bit(VXC_CAP_MASK, cap) && !vx_mcaps(1L << cap))
+	if (vs_check_bit(VXC_CAP_MASK, cap) && !vx_mcaps(1L << cap))
 		return 0;
 	return __capable(current, cap);
 }
--- linux-2.6.18.3-vs2.1.1.2/kernel/fork.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/kernel/fork.c	2006-11-26 20:58:01 +0100
@@ -1398,7 +1398,7 @@ long do_fork(unsigned long clone_flags,
 		return -EAGAIN;
 
 	/* kernel threads are host only */
-	if ((clone_flags & CLONE_KTHREAD) && !vx_check(0, VX_ADMIN)) {
+	if ((clone_flags & CLONE_KTHREAD) && !vx_check(0, VS_ADMIN)) {
 		vxwprintk(1, "xid=%d tried to spawn a kernel thread.",
 			vx_current_xid());
 		free_pid(pid);
--- linux-2.6.18.3-vs2.1.1.2/kernel/pid.c	2006-10-29 20:12:58 +0100
+++ linux-2.6.18.3-vs2.1.1.2.3/kernel/pid.c	2006-11-26 20:58:01 +0100
@@ -262,7 +262,7 @@ struct task_struct * fastcall pid_task(s
 		if (first)
 			result = hlist_entry(first, struct task_struct, pids[(type)].node);
 		if (result && (pid->nr != 1) &&
-			!vx_check(vx_task_xid(result), VX_WATCH|VX_ADMIN|VX_IDENT)) {
+			!vx_check(vx_task_xid(result), VS_WATCH|VS_ADMIN|VS_IDENT)) {
 			vxwprintk((type == PIDTYPE_PID) && (current->xid),
 				"pid_task(%d,%d): task %p[#%u,%u] did lookup %p[#%u,%u]",
 				pid->nr, type, current, vx_current_xid(), current->pid,
--- linux-2.6.18.3-vs2.1.1.2/kernel/ptrace.c	2006-10-07 04:29:47 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/kernel/ptrace.c	2006-11-26 23:37:34 +0100
@@ -18,6 +18,7 @@
 #include <linux/ptrace.h>
 #include <linux/security.h>
 #include <linux/signal.h>
+#include <linux/vs_context.h>
 
 #include <asm/pgtable.h>
 #include <asm/uaccess.h>
@@ -144,9 +145,9 @@ static int may_attach(struct task_struct
 		dumpable = task->mm->dumpable;
 	if (!dumpable && !capable(CAP_SYS_PTRACE))
 		return -EPERM;
-	if (!vx_check(task->xid, VX_ADMIN_P|VX_IDENT))
+	if (!vx_check(task->xid, VS_ADMIN_P|VS_IDENT))
 		return -EPERM;
-	if (!vx_check(task->xid, VX_IDENT) &&
+	if (!vx_check(task->xid, VS_IDENT) &&
 		!task_vx_flags(task, VXF_STATE_ADMIN, 0))
 		return -EACCES;
 
@@ -527,7 +528,7 @@ asmlinkage long sys_ptrace(long request,
 	}
 
 	ret = -EPERM;
-	if (!vx_check(vx_task_xid(child), VX_WATCH_P|VX_IDENT))
+	if (!vx_check(vx_task_xid(child), VS_WATCH_P|VS_IDENT))
 		goto out_put_task_struct;
 
 	if (request == PTRACE_ATTACH) {
--- linux-2.6.18.3-vs2.1.1.2/kernel/sched.c	2006-10-28 19:04:30 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/kernel/sched.c	2006-11-26 21:15:16 +0100
@@ -55,9 +55,8 @@
 #include <asm/tlb.h>
 
 #include <asm/unistd.h>
-#include <linux/vs_context.h>
-#include <linux/vs_cvirt.h>
 #include <linux/vs_sched.h>
+#include <linux/vs_cvirt.h>
 
 /*
  * Convert user-nice values [ -20 ... 0 ... 19 ]
--- linux-2.6.18.3-vs2.1.1.2/kernel/sched_hard.h	2006-09-25 18:55:03 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/kernel/sched_hard.h	2006-11-26 21:38:21 +0100
@@ -232,9 +232,9 @@ int vx_schedule(struct task_struct *next
 
 	flags = vxi->vx_flags;
 
-	if (unlikely(vx_check_flags(flags , VXF_SCHED_PAUSE, 0)))
+	if (unlikely(vs_check_flags(flags , VXF_SCHED_PAUSE, 0)))
 		goto put_on_hold;
-	if (!vx_check_flags(flags , VXF_SCHED_HARD|VXF_SCHED_PRIO, 0))
+	if (!vs_check_flags(flags , VXF_SCHED_HARD|VXF_SCHED_PRIO, 0))
 		return 1;
 
 	sched_pc = &vx_per_cpu(vxi, sched_pc, cpu);
@@ -251,7 +251,7 @@ int vx_schedule(struct task_struct *next
 		&rq->norm_time, &rq->idle_time, delta_min);
 	vxm_tokens_recalc(sched_pc, rq, vxi, cpu);
 
-	if (!vx_check_flags(flags , VXF_SCHED_HARD, 0))
+	if (!vs_check_flags(flags , VXF_SCHED_HARD, 0))
 		return 1;
 
 	if (unlikely(ret < 0)) {
--- linux-2.6.18.3-vs2.1.1.2/kernel/signal.c	2006-10-25 03:39:09 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/kernel/signal.c	2006-11-26 23:37:56 +0100
@@ -23,6 +23,7 @@
 #include <linux/ptrace.h>
 #include <linux/signal.h>
 #include <linux/capability.h>
+#include <linux/vs_context.h>
 #include <linux/vserver/debug.h>
 #include <asm/param.h>
 #include <asm/uaccess.h>
@@ -590,7 +591,7 @@ static int check_kill_permission(int sig
 		return error;
 
 	error = -ESRCH;
-	if (!vx_check(vx_task_xid(t), VX_WATCH_P|VX_IDENT)) {
+	if (!vx_check(vx_task_xid(t), VS_WATCH_P|VS_IDENT)) {
 		vxwprintk(current->xid, 
 			"signal xid mismatch %p[#%u,%u] xid=#%u\n",
 			t, vx_task_xid(t), t->pid, current->xid);
@@ -1119,7 +1120,7 @@ kill_proc_info(int sig, struct siginfo *
 	}
 	p = find_task_by_pid(pid);
 	error = -ESRCH;
-	if (p && vx_check(vx_task_xid(p), VX_IDENT))
+	if (p && vx_check(vx_task_xid(p), VS_IDENT))
 		error = group_send_sig_info(sig, info, p);
 	if (unlikely(acquired_tasklist_lock))
 		read_unlock(&tasklist_lock);
@@ -1181,7 +1182,7 @@ static int kill_something_info(int sig, 
 
 		read_lock(&tasklist_lock);
 		for_each_process(p) {
-			if (vx_check(vx_task_xid(p), VX_ADMIN_P|VX_IDENT) &&
+			if (vx_check(vx_task_xid(p), VS_ADMIN_P|VS_IDENT) &&
 				p->pid > 1 && p->tgid != current->tgid) {
 				int err = group_send_sig_info(sig, info, p);
 				++count;
--- linux-2.6.18.3-vs2.1.1.2/kernel/sys.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/kernel/sys.c	2006-11-26 20:58:01 +0100
@@ -711,7 +711,7 @@ asmlinkage long sys_reboot(int magic1, i
 	if ((cmd == LINUX_REBOOT_CMD_POWER_OFF) && !pm_power_off)
 		cmd = LINUX_REBOOT_CMD_HALT;
 
-	if (!vx_check(0, VX_ADMIN|VX_WATCH))
+	if (!vx_check(0, VS_ADMIN|VS_WATCH))
 		return vs_reboot(cmd, arg);
 
 	lock_kernel();
--- linux-2.6.18.3-vs2.1.1.2/kernel/vserver/cacct.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/kernel/vserver/cacct.c	2006-11-26 23:38:43 +0100
@@ -10,7 +10,8 @@
  */
 
 #include <linux/types.h>
-#include <linux/vs_base.h>
+#include <linux/sched.h>
+#include <linux/vs_context.h>
 #include <linux/vserver/switch.h>
 #include <linux/vserver/cacct_cmd.h>
 #include <linux/vserver/cacct_int.h>
--- linux-2.6.18.3-vs2.1.1.2/kernel/vserver/context.c	2006-11-23 02:44:04 +0100
+++ linux-2.6.18.3-vs2.1.1.2.3/kernel/vserver/context.c	2006-11-26 22:07:52 +0100
@@ -29,6 +29,7 @@
 #include <linux/namespace.h>
 
 #include <linux/sched.h>
+#include <linux/vserver/context.h>
 #include <linux/vserver/network.h>
 #include <linux/vserver/legacy.h>
 #include <linux/vserver/limit.h>
@@ -530,7 +531,7 @@ int get_xid_list(int index, unsigned int
 	int hindex, nr_xids = 0;
 
 	/* only show current and children */
-	if (!vx_check(0, VX_ADMIN|VX_WATCH)) {
+	if (!vx_check(0, VS_ADMIN|VS_WATCH)) {
 		if (index > 0)
 			return 0;
 		xids[nr_xids] = vx_current_xid();
@@ -818,7 +819,7 @@ int vc_task_xid(uint32_t id, void __user
 	if (id) {
 		struct task_struct *tsk;
 
-		if (!vx_check(0, VX_ADMIN|VX_WATCH))
+		if (!vx_check(0, VS_ADMIN|VS_WATCH))
 			return -EPERM;
 
 		read_lock(&tasklist_lock);
@@ -930,7 +931,7 @@ int vc_get_cflags(struct vx_info *vxi, v
 	vc_data.flagword = vxi->vx_flags;
 
 	/* special STATE flag handling */
-	vc_data.mask = vx_mask_flags(~0UL, vxi->vx_flags, VXF_ONE_TIME);
+	vc_data.mask = vs_mask_flags(~0UL, vxi->vx_flags, VXF_ONE_TIME);
 
 	if (copy_to_user (data, &vc_data, sizeof(vc_data)))
 		return -EFAULT;
@@ -946,7 +947,7 @@ int vc_set_cflags(struct vx_info *vxi, v
 		return -EFAULT;
 
 	/* special STATE flag handling */
-	mask = vx_mask_mask(vc_data.mask, vxi->vx_flags, VXF_ONE_TIME);
+	mask = vs_mask_mask(vc_data.mask, vxi->vx_flags, VXF_ONE_TIME);
 	trigger = (mask & vxi->vx_flags) ^ (mask & vc_data.flagword);
 
 	if (vxi == current->vx_info) {
@@ -964,7 +965,7 @@ int vc_set_cflags(struct vx_info *vxi, v
 		}
 	}
 
-	vxi->vx_flags = vx_mask_flags(vxi->vx_flags,
+	vxi->vx_flags = vs_mask_flags(vxi->vx_flags,
 		vc_data.flagword, mask);
 	if (trigger & VXF_PERSISTENT)
 		vx_update_persistent(vxi);
@@ -1015,8 +1016,8 @@ int vc_get_ccaps(struct vx_info *vxi, vo
 static int do_set_caps(struct vx_info *vxi,
 	uint64_t bcaps, uint64_t bmask, uint64_t ccaps, uint64_t cmask)
 {
-	vxi->vx_bcaps = vx_mask_flags(vxi->vx_bcaps, bcaps, bmask);
-	vxi->vx_ccaps = vx_mask_flags(vxi->vx_ccaps, ccaps, cmask);
+	vxi->vx_bcaps = vs_mask_flags(vxi->vx_bcaps, bcaps, bmask);
+	vxi->vx_ccaps = vs_mask_flags(vxi->vx_ccaps, ccaps, cmask);
 
 	return 0;
 }
--- linux-2.6.18.3-vs2.1.1.2/kernel/vserver/debug.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/kernel/vserver/debug.c	2006-11-26 22:29:03 +0100
@@ -11,10 +11,7 @@
 #include <linux/kernel.h>
 #include <linux/module.h>
 
-#include <linux/vserver/cvirt_def.h>
-#include <linux/vserver/cacct_def.h>
-#include <linux/vserver/limit_def.h>
-#include <linux/vserver/sched_def.h>
+#include <linux/vserver/context.h>
 
 
 void	dump_vx_info(struct vx_info *vxi, int level)
--- linux-2.6.18.3-vs2.1.1.2/kernel/vserver/history.c	2006-11-21 00:10:03 +0100
+++ linux-2.6.18.3-vs2.1.1.2.3/kernel/vserver/history.c	2006-11-26 22:30:28 +0100
@@ -20,6 +20,7 @@
 #include <asm/atomic.h>
 #include <asm/unistd.h>
 
+#include <linux/vserver/context.h>
 #include <linux/vserver/debug.h>
 #include <linux/vserver/debug_cmd.h>
 #include <linux/vserver/history.h>
--- linux-2.6.18.3-vs2.1.1.2/kernel/vserver/inode.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/kernel/vserver/inode.c	2006-11-27 02:05:39 +0100
@@ -10,7 +10,6 @@
  */
 
 #include <linux/sched.h>
-#include <linux/vs_context.h>
 #include <linux/proc_fs.h>
 #include <linux/devpts_fs.h>
 #include <linux/namei.h>
@@ -19,7 +18,9 @@
 #include <linux/compat.h>
 #include <linux/vserver/inode.h>
 #include <linux/vserver/inode_cmd.h>
-#include <linux/vserver/tag.h>
+#include <linux/vserver/debug.h>
+#include <linux/vs_tag.h>
+#include <linux/vs_base.h>
 
 #include <asm/errno.h>
 #include <asm/uaccess.h>
@@ -101,7 +102,7 @@ int vc_get_iattr_x32(uint32_t id, void _
 	struct vcmd_ctx_iattr_v1_x32 vc_data = { .xid = -1 };
 	int ret;
 
-	if (!vx_check(0, VX_ADMIN))
+	if (!vx_check(0, VS_ADMIN))
 		return -ENOSYS;
 	if (copy_from_user (&vc_data, data, sizeof(vc_data)))
 		return -EFAULT;
--- linux-2.6.18.3-vs2.1.1.2/kernel/vserver/legacy.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/kernel/vserver/legacy.c	2006-11-26 20:58:01 +0100
@@ -59,7 +59,7 @@ int vc_new_s_context(uint32_t ctx, void 
 		return ret;
 	}
 
-	if (!vx_check(0, VX_ADMIN) || !capable(CAP_SYS_ADMIN)
+	if (!vx_check(0, VS_ADMIN) || !capable(CAP_SYS_ADMIN)
 		/* might make sense in the future, or not ... */
 		|| vx_flags(VX_INFO_LOCK, 0))
 		return -EPERM;
--- linux-2.6.18.3-vs2.1.1.2/kernel/vserver/network.c	2006-11-23 02:34:31 +0100
+++ linux-2.6.18.3-vs2.1.1.2.3/kernel/vserver/network.c	2006-11-26 22:11:13 +0100
@@ -20,6 +20,7 @@
 #include <net/tcp.h>
 
 #include <asm/errno.h>
+#include <linux/vserver/base.h>
 #include <linux/vserver/network_cmd.h>
 
 
@@ -335,7 +336,7 @@ int get_nid_list(int index, unsigned int
 	int hindex, nr_nids = 0;
 
 	/* only show current and children */
-	if (!nx_check(0, VX_ADMIN|VX_WATCH)) {
+	if (!nx_check(0, VS_ADMIN|VS_WATCH)) {
 		if (index > 0)
 			return 0;
 		nids[nr_nids] = nx_current_nid();
@@ -552,7 +553,7 @@ int vc_task_nid(uint32_t id, void __user
 	if (id) {
 		struct task_struct *tsk;
 
-		if (!vx_check(0, VX_ADMIN|VX_WATCH))
+		if (!vx_check(0, VS_ADMIN|VS_WATCH))
 			return -EPERM;
 
 		read_lock(&tasklist_lock);
@@ -589,7 +590,7 @@ int vc_net_create(uint32_t nid, void __u
 	if (data && copy_from_user (&vc_data, data, sizeof(vc_data)))
 		return -EFAULT;
 
-	if ((nid > MAX_S_CONTEXT) && (nid != VX_DYNAMIC_ID))
+	if ((nid > MAX_S_CONTEXT) && (nid != NX_DYNAMIC_ID))
 		return -EINVAL;
 	if (nid < 2)
 		return -EINVAL;
@@ -695,7 +696,7 @@ int vc_get_nflags(struct nx_info *nxi, v
 	vc_data.flagword = nxi->nx_flags;
 
 	/* special STATE flag handling */
-	vc_data.mask = vx_mask_flags(~0UL, nxi->nx_flags, NXF_ONE_TIME);
+	vc_data.mask = vs_mask_flags(~0UL, nxi->nx_flags, NXF_ONE_TIME);
 
 	if (copy_to_user (data, &vc_data, sizeof(vc_data)))
 		return -EFAULT;
@@ -711,10 +712,10 @@ int vc_set_nflags(struct nx_info *nxi, v
 		return -EFAULT;
 
 	/* special STATE flag handling */
-	mask = vx_mask_mask(vc_data.mask, nxi->nx_flags, NXF_ONE_TIME);
+	mask = vs_mask_mask(vc_data.mask, nxi->nx_flags, NXF_ONE_TIME);
 	trigger = (mask & nxi->nx_flags) ^ (mask & vc_data.flagword);
 
-	nxi->nx_flags = vx_mask_flags(nxi->nx_flags,
+	nxi->nx_flags = vs_mask_flags(nxi->nx_flags,
 		vc_data.flagword, mask);
 	if (trigger & NXF_PERSISTENT)
 		nx_update_persistent(nxi);
@@ -741,7 +742,7 @@ int vc_set_ncaps(struct nx_info *nxi, vo
 	if (copy_from_user (&vc_data, data, sizeof(vc_data)))
 		return -EFAULT;
 
-	nxi->nx_ncaps = vx_mask_flags(nxi->nx_ncaps,
+	nxi->nx_ncaps = vs_mask_flags(nxi->nx_ncaps,
 		vc_data.ncaps, vc_data.cmask);
 	return 0;
 }
--- linux-2.6.18.3-vs2.1.1.2/kernel/vserver/proc.c	2006-11-21 00:10:16 +0100
+++ linux-2.6.18.3-vs2.1.1.2.3/kernel/vserver/proc.c	2006-11-26 20:58:01 +0100
@@ -599,7 +599,7 @@ struct dentry *proc_virtual_lookup(struc
 		goto out;
 
 	inode = NULL;
-	if (vx_check(xid, VX_ADMIN|VX_WATCH|VX_IDENT))
+	if (vx_check(xid, VS_ADMIN|VS_WATCH|VS_IDENT))
 		inode = proc_vid_make_inode(dir->i_sb,
 			vxi->vx_id, PROC_XID_INO);
 	if (!inode)
@@ -689,7 +689,7 @@ int proc_virtual_readdir(struct file * f
 	char buf[PROC_NUMBUF];
 	unsigned int nr = filp->f_pos-3;
 	unsigned int nr_xids, i;
-	int visible = vx_check(0, VX_ADMIN|VX_WATCH);
+	int visible = vx_check(0, VS_ADMIN|VS_WATCH);
 	ino_t ino;
 
 	switch ((long)filp->f_pos) {
@@ -759,7 +759,7 @@ int proc_vnet_readdir(struct file * filp
 	char buf[PROC_NUMBUF];
 	unsigned int nr = filp->f_pos-2;
 	unsigned int nr_nids, i;
-//	int visible = vx_check(0, VX_ADMIN|VX_WATCH);
+//	int visible = vx_check(0, VS_ADMIN|VS_WATCH);
 	ino_t ino;
 
 	switch ((long)filp->f_pos) {
--- linux-2.6.18.3-vs2.1.1.2/kernel/vserver/switch.c	2006-10-29 02:04:29 +0100
+++ linux-2.6.18.3-vs2.1.1.2.3/kernel/vserver/switch.c	2006-11-26 20:58:01 +0100
@@ -395,7 +395,7 @@ long do_vserver(uint32_t cmd, uint32_t i
 	case VCMD_set_cflags:
 	case VCMD_set_ccaps_v0:
 		ret = 0;
-		if (vx_check(0, VX_WATCH))
+		if (vx_check(0, VS_WATCH))
 			goto out;
 		break;
 
@@ -422,7 +422,7 @@ long do_vserver(uint32_t cmd, uint32_t i
 
 	/* admin type vcmds require admin ... */
 	if (flags & VCF_ADMIN)
-		permit = vx_check(0, VX_ADMIN) ? 1 : 0;
+		permit = vx_check(0, VS_ADMIN) ? 1 : 0;
 
 	/* ... but setup type vcmds override that */
 	if (!permit && (flags & VCF_SETUP))
--- linux-2.6.18.3-vs2.1.1.2/mm/slab_vs.h	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/mm/slab_vs.h	2006-11-26 22:33:18 +0100
@@ -1,4 +1,6 @@
 
+#include <linux/vs_context.h>
+
 static inline
 void vx_slab_alloc(struct kmem_cache *cachep, gfp_t flags)
 {
--- linux-2.6.18.3-vs2.1.1.2/net/core/dev.c	2006-10-18 01:14:31 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/net/core/dev.c	2006-11-26 23:10:52 +0100
@@ -117,6 +117,7 @@
 #include <linux/dmaengine.h>
 #include <linux/err.h>
 #include <linux/ctype.h>
+#include <linux/vs_context.h> /* remove with NXF_HIDE_NETIF */
 #include <linux/vs_network.h>
 
 /*
--- linux-2.6.18.3-vs2.1.1.2/net/core/rtnetlink.c	2006-09-20 17:01:45 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/net/core/rtnetlink.c	2006-11-26 23:12:00 +0100
@@ -35,6 +35,7 @@
 #include <linux/init.h>
 #include <linux/security.h>
 #include <linux/mutex.h>
+#include <linux/vs_context.h> /* remove with NXF_HIDE_NETIF */
 
 #include <asm/uaccess.h>
 #include <asm/system.h>
--- linux-2.6.18.3-vs2.1.1.2/net/ipv4/devinet.c	2006-09-20 17:01:45 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/net/ipv4/devinet.c	2006-11-27 02:05:39 +0100
@@ -57,6 +57,7 @@
 #include <linux/sysctl.h>
 #endif
 #include <linux/kmod.h>
+#include <linux/vs_context.h>
 
 #include <net/arp.h>
 #include <net/ip.h>
--- linux-2.6.18.3-vs2.1.1.2/net/ipv4/fib_hash.c	2006-09-20 17:01:45 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/net/ipv4/fib_hash.c	2006-11-27 02:05:39 +0100
@@ -35,6 +35,7 @@
 #include <linux/skbuff.h>
 #include <linux/netlink.h>
 #include <linux/init.h>
+#include <linux/vs_context.h>
 
 #include <net/ip.h>
 #include <net/protocol.h>
--- linux-2.6.18.3-vs2.1.1.2/net/ipv4/inet_diag.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/net/ipv4/inet_diag.c	2006-11-27 02:05:39 +0100
@@ -18,6 +18,7 @@
 #include <linux/cache.h>
 #include <linux/init.h>
 #include <linux/time.h>
+#include <linux/vs_base.h>
 
 #include <net/icmp.h>
 #include <net/tcp.h>
@@ -693,7 +694,7 @@ static int inet_diag_dump(struct sk_buff
 			sk_for_each(sk, node, &hashinfo->listening_hash[i]) {
 				struct inet_sock *inet = inet_sk(sk);
 
-				if (!vx_check(sk->sk_xid, VX_WATCH_P|VX_IDENT))
+				if (!vx_check(sk->sk_xid, VS_WATCH_P|VS_IDENT))
 					continue;
 				if (num < s_num) {
 					num++;
@@ -755,7 +756,7 @@ skip_listen_ht:
 		sk_for_each(sk, node, &head->chain) {
 			struct inet_sock *inet = inet_sk(sk);
 
-			if (!vx_check(sk->sk_xid, VX_WATCH_P|VX_IDENT))
+			if (!vx_check(sk->sk_xid, VS_WATCH_P|VS_IDENT))
 				continue;
 			if (num < s_num)
 				goto next_normal;
@@ -781,7 +782,7 @@ next_normal:
 			inet_twsk_for_each(tw, node,
 				    &hashinfo->ehash[i + hashinfo->ehash_size].chain) {
 
-				if (!vx_check(tw->tw_xid, VX_WATCH_P|VX_IDENT))
+				if (!vx_check(tw->tw_xid, VS_WATCH_P|VS_IDENT))
 					continue;
 				if (num < s_num)
 					goto next_dying;
--- linux-2.6.18.3-vs2.1.1.2/net/ipv4/raw.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/net/ipv4/raw.c	2006-11-27 02:05:39 +0100
@@ -79,6 +79,7 @@
 #include <linux/seq_file.h>
 #include <linux/netfilter.h>
 #include <linux/netfilter_ipv4.h>
+#include <linux/vs_base.h>
 
 struct hlist_head raw_v4_htable[RAWV4_HTABLE_SIZE];
 DEFINE_RWLOCK(raw_v4_lock);
@@ -336,7 +337,7 @@ static int raw_send_hdrinc(struct sock *
 	}
 
 	err = -EPERM;
-	if (!vx_check(0, VX_ADMIN) && !capable(CAP_NET_RAW)
+	if (!vx_check(0, VS_ADMIN) && !capable(CAP_NET_RAW)
 		&& (!addr_in_nx_info(sk->sk_nx_info, iph->saddr)))
 		goto error_free;
 
@@ -823,7 +824,7 @@ static struct sock *raw_get_first(struct
 
 		sk_for_each(sk, node, &raw_v4_htable[state->bucket])
 			if (sk->sk_family == PF_INET &&
-				vx_check(sk->sk_xid, VX_WATCH_P|VX_IDENT))
+				vx_check(sk->sk_xid, VS_WATCH_P|VS_IDENT))
 				goto found;
 	}
 	sk = NULL;
@@ -840,7 +841,7 @@ static struct sock *raw_get_next(struct 
 try_again:
 		;
 	} while (sk && (sk->sk_family != PF_INET ||
-		!vx_check(sk->sk_xid, VX_WATCH_P|VX_IDENT)));
+		!vx_check(sk->sk_xid, VS_WATCH_P|VS_IDENT)));
 
 	if (!sk && ++state->bucket < RAWV4_HTABLE_SIZE) {
 		sk = sk_head(&raw_v4_htable[state->bucket]);
--- linux-2.6.18.3-vs2.1.1.2/net/ipv4/tcp_ipv4.c	2006-10-18 04:06:32 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/net/ipv4/tcp_ipv4.c	2006-11-27 02:05:39 +0100
@@ -78,6 +78,7 @@
 #include <linux/proc_fs.h>
 #include <linux/seq_file.h>
 #include <linux/vserver/debug.h>
+#include <linux/vs_base.h>
 
 int sysctl_tcp_tw_reuse;
 int sysctl_tcp_low_latency;
@@ -1393,7 +1394,7 @@ static void *listening_get_next(struct s
 					"sk,req: %p [#%d] (from %d)", req->sk,
 					(req->sk)?req->sk->sk_xid:0, vx_current_xid());
 				if (req->sk &&
-					!vx_check(req->sk->sk_xid, VX_WATCH_P|VX_IDENT))
+					!vx_check(req->sk->sk_xid, VS_WATCH_P|VS_IDENT))
 					continue;
 				if (req->rsk_ops->family == st->family) {
 					cur = req;
@@ -1421,7 +1422,7 @@ get_sk:
 	sk_for_each_from(sk, node) {
 		vxdprintk(VXD_CBIT(net, 6), "sk: %p [#%d] (from %d)",
 			sk, sk->sk_xid, vx_current_xid());
-		if (!vx_check(sk->sk_xid, VX_WATCH_P|VX_IDENT))
+		if (!vx_check(sk->sk_xid, VS_WATCH_P|VS_IDENT))
 			continue;
 		if (sk->sk_family == st->family) {
 			cur = sk;
@@ -1477,7 +1478,7 @@ static void *established_get_first(struc
 			vxdprintk(VXD_CBIT(net, 6),
 				"sk,egf: %p [#%d] (from %d)",
 				sk, sk->sk_xid, vx_current_xid());
-			if (!vx_check(sk->sk_xid, VX_WATCH_P|VX_IDENT))
+			if (!vx_check(sk->sk_xid, VS_WATCH_P|VS_IDENT))
 				continue;
 			if (sk->sk_family != st->family)
 				continue;
@@ -1490,7 +1491,7 @@ static void *established_get_first(struc
 			vxdprintk(VXD_CBIT(net, 6),
 				"tw: %p [#%d] (from %d)",
 				tw, tw->tw_xid, vx_current_xid());
-			if (!vx_check(tw->tw_xid, VX_WATCH_P|VX_IDENT))
+			if (!vx_check(tw->tw_xid, VS_WATCH_P|VS_IDENT))
 				continue;
 			if (tw->tw_family != st->family)
 				continue;
@@ -1518,7 +1519,7 @@ static void *established_get_next(struct
 		tw = tw_next(tw);
 get_tw:
 		while (tw && (tw->tw_family != st->family ||
-			!vx_check(tw->tw_xid, VX_WATCH_P|VX_IDENT))) {
+			!vx_check(tw->tw_xid, VS_WATCH_P|VS_IDENT))) {
 			tw = tw_next(tw);
 		}
 		if (tw) {
@@ -1545,7 +1546,7 @@ get_tw:
 		vxdprintk(VXD_CBIT(net, 6),
 			"sk,egn: %p [#%d] (from %d)",
 			sk, sk->sk_xid, vx_current_xid());
-		if (!vx_check(sk->sk_xid, VX_WATCH_P|VX_IDENT))
+		if (!vx_check(sk->sk_xid, VS_WATCH_P|VS_IDENT))
 			continue;
 		if (sk->sk_family == st->family)
 			goto found;
--- linux-2.6.18.3-vs2.1.1.2/net/ipv4/udp.c	2006-10-18 04:06:32 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/net/ipv4/udp.c	2006-11-27 02:05:39 +0100
@@ -108,6 +108,7 @@
 #include <net/inet_common.h>
 #include <net/checksum.h>
 #include <net/xfrm.h>
+#include <linux/vs_base.h>
 
 /*
  *	Snmp MIB for the UDP layer
@@ -613,10 +614,10 @@ int udp_sendmsg(struct kiocb *iocb, stru
 			err = ip_find_src(nxi, &rt, &fl);
 			if (err)
 				goto out;
-			if (daddr == IPI_LOOPBACK && !vx_check(0, VX_ADMIN))
+			if (daddr == IPI_LOOPBACK && !vx_check(0, VS_ADMIN))
 				daddr = fl.fl4_dst = nxi->ipv4[0];
 #ifdef CONFIG_VSERVER_REMAP_SADDR
-			if (saddr == IPI_LOOPBACK && !vx_check(0, VX_ADMIN))
+			if (saddr == IPI_LOOPBACK && !vx_check(0, VS_ADMIN))
 				saddr = fl.fl4_src = nxi->ipv4[0];
 #endif
 		}
@@ -1422,7 +1423,7 @@ static struct sock *udp_get_first(struct
 
 		sk_for_each(sk, node, &udp_hash[state->bucket]) {
 			if (sk->sk_family == state->family &&
-				vx_check(sk->sk_xid, VX_WATCH_P|VX_IDENT))
+				vx_check(sk->sk_xid, VS_WATCH_P|VS_IDENT))
 				goto found;
 		}
 	}
@@ -1440,7 +1441,7 @@ static struct sock *udp_get_next(struct 
 try_again:
 		;
 	} while (sk && (sk->sk_family != state->family ||
-		!vx_check(sk->sk_xid, VX_WATCH_P|VX_IDENT)));
+		!vx_check(sk->sk_xid, VS_WATCH_P|VS_IDENT)));
 
 	if (!sk && ++state->bucket < UDP_HTABLE_SIZE) {
 		sk = sk_head(&udp_hash[state->bucket]);
--- linux-2.6.18.3-vs2.1.1.2/net/ipv6/addrconf.c	2006-09-20 17:01:45 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/net/ipv6/addrconf.c	2006-11-27 02:05:39 +0100
@@ -83,6 +83,7 @@
 
 #include <linux/proc_fs.h>
 #include <linux/seq_file.h>
+#include <linux/vs_base.h>
 
 /* Set to 3 to get tracing... */
 #define ACONF_DEBUG 2
@@ -2700,7 +2701,7 @@ static int if6_seq_show(struct seq_file 
 	struct inet6_ifaddr *ifp = (struct inet6_ifaddr *)v;
 
 	/* no ipv6 inside a vserver for now */
-	if (vx_check(0, VX_ADMIN|VX_WATCH))
+	if (vx_check(0, VS_ADMIN|VS_WATCH))
 		seq_printf(seq,
 		   NIP6_SEQFMT " %02x %02x %02x %02x %8s\n",
 		   NIP6(ifp->addr),
--- linux-2.6.18.3-vs2.1.1.2/net/socket.c	2006-09-20 17:01:45 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/net/socket.c	2006-11-26 20:58:01 +0100
@@ -1160,7 +1160,7 @@ static int __sock_create(int family, int
 		return -EINVAL;
 
 	/* disable IPv6 inside vservers for now */
-	if (family == PF_INET6 && !vx_check(0, VX_ADMIN))
+	if (family == PF_INET6 && !vx_check(0, VS_ADMIN))
 		return -EAFNOSUPPORT;
 
 	/* Compatibility.
--- linux-2.6.18.3-vs2.1.1.2/net/unix/af_unix.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/net/unix/af_unix.c	2006-11-26 23:35:32 +0100
@@ -117,7 +117,6 @@
 #include <net/checksum.h>
 #include <linux/security.h>
 #include <linux/vs_context.h>
-#include <linux/vs_network.h>
 #include <linux/vs_limit.h>
 
 int sysctl_unix_max_dgram_qlen = 10;
@@ -255,7 +254,7 @@ static struct sock *__unix_find_socket_b
 	sk_for_each(s, node, &unix_socket_table[hash ^ type]) {
 		struct unix_sock *u = unix_sk(s);
 
-		if (!vx_check(s->sk_xid, VX_WATCH_P|VX_IDENT))
+		if (!vx_check(s->sk_xid, VS_WATCH_P|VS_IDENT))
 			continue;
 		if (u->addr->len == len &&
 		    !memcmp(u->addr->name, sunname, len))
--- linux-2.6.18.3-vs2.1.1.2/security/commoncap.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/security/commoncap.c	2006-11-26 23:40:38 +0100
@@ -23,6 +23,7 @@
 #include <linux/ptrace.h>
 #include <linux/xattr.h>
 #include <linux/hugetlb.h>
+#include <linux/vs_context.h>
 
 int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
 {
--- linux-2.6.18.3-vs2.1.1.2/security/dummy.c	2006-09-25 15:40:02 +0200
+++ linux-2.6.18.3-vs2.1.1.2.3/security/dummy.c	2006-11-26 23:40:14 +0100
@@ -28,6 +28,7 @@
 #include <linux/hugetlb.h>
 #include <linux/ptrace.h>
 #include <linux/file.h>
+#include <linux/vs_context.h>
 
 static int dummy_ptrace (struct task_struct *parent, struct task_struct *child)
 {