diff -NurpP linux-3.0-rc3-vs2.3.1-pre1.4/drivers/infiniband/core/addr.c linux-3.0-rc3-dhozac/drivers/infiniband/core/addr.c
--- linux-3.0-rc3-vs2.3.1-pre1.4/drivers/infiniband/core/addr.c	2011-06-10 22:11:24.000000000 +0200
+++ linux-3.0-rc3-dhozac/drivers/infiniband/core/addr.c	2011-06-15 04:19:51.000000000 +0200
@@ -252,7 +252,7 @@ static int addr6_resolve(struct sockaddr
 
 	if (ipv6_addr_any(&fl6.saddr)) {
 		ret = ipv6_dev_get_saddr(&init_net, ip6_dst_idev(dst)->dev,
-					 &fl6.daddr, 0, &fl6.saddr);
+					 &fl6.daddr, 0, &fl6.saddr, NULL);
 		if (ret)
 			goto put;
 
diff -NurpP linux-3.0-rc3-vs2.3.1-pre1.4/include/linux/fs.h linux-3.0-rc3-dhozac/include/linux/fs.h
--- linux-3.0-rc3-vs2.3.1-pre1.4/include/linux/fs.h	2011-06-15 02:43:28.000000000 +0200
+++ linux-3.0-rc3-dhozac/include/linux/fs.h	2011-06-15 04:19:51.000000000 +0200
@@ -776,14 +776,15 @@ struct inode {
 	struct super_block	*i_sb;
 
 	spinlock_t		i_lock;	/* i_blocks, i_bytes, maybe i_size */
-	unsigned short		i_flags;
-	unsigned short		i_vflags;
+	unsigned int		i_flags;
+	unsigned int		i_vflags;
 	unsigned int		i_state;
 #ifdef CONFIG_SECURITY
 	void			*i_security;
 #endif
 	struct mutex		i_mutex;
 
+
 	unsigned long		dirtied_when;	/* jiffies of first dirtying */
 
 	struct hlist_node	i_hash;
diff -NurpP linux-3.0-rc3-vs2.3.1-pre1.4/include/net/ip6_route.h linux-3.0-rc3-dhozac/include/net/ip6_route.h
--- linux-3.0-rc3-vs2.3.1-pre1.4/include/net/ip6_route.h	2011-06-09 15:16:41.000000000 +0200
+++ linux-3.0-rc3-dhozac/include/net/ip6_route.h	2011-06-15 04:19:51.000000000 +0200
@@ -86,7 +86,8 @@ extern int			ip6_route_get_saddr(struct 
 						    struct rt6_info *rt,
 						    const struct in6_addr *daddr,
 						    unsigned int prefs,
-						    struct in6_addr *saddr);
+						    struct in6_addr *saddr,
+						    struct nx_info *nxi);
 
 extern struct rt6_info		*rt6_lookup(struct net *net,
 					    const struct in6_addr *daddr,
diff -NurpP linux-3.0-rc3-vs2.3.1-pre1.4/kernel/vserver/context.c linux-3.0-rc3-dhozac/kernel/vserver/context.c
--- linux-3.0-rc3-vs2.3.1-pre1.4/kernel/vserver/context.c	2011-06-13 14:43:00.000000000 +0200
+++ linux-3.0-rc3-dhozac/kernel/vserver/context.c	2011-06-15 04:19:51.000000000 +0200
@@ -115,7 +115,7 @@ static struct vx_info *__alloc_vx_info(x
 	}
 
 	new->vx_flags = VXF_INIT_SET;
-	new->vx_bcaps = __cap_init_eff_set;
+	new->vx_bcaps = CAP_FULL_SET;
 	new->vx_ccaps = 0;
 	new->vx_umask = 0;
 
diff -NurpP linux-3.0-rc3-vs2.3.1-pre1.4/net/ipv6/ip6_output.c linux-3.0-rc3-dhozac/net/ipv6/ip6_output.c
--- linux-3.0-rc3-vs2.3.1-pre1.4/net/ipv6/ip6_output.c	2011-06-10 22:11:24.000000000 +0200
+++ linux-3.0-rc3-dhozac/net/ipv6/ip6_output.c	2011-06-15 04:19:51.000000000 +0200
@@ -933,7 +933,8 @@ static int ip6_dst_lookup_tail(struct so
 		struct rt6_info *rt = (struct rt6_info *) *dst;
 		err = ip6_route_get_saddr(net, rt, &fl6->daddr,
 					  sk ? inet6_sk(sk)->srcprefs : 0,
-					  &fl6->saddr);
+					  &fl6->saddr,
+					  sk ? sk->sk_nx_info : NULL);
 		if (err)
 			goto out_err_release;
 	}
diff -NurpP linux-3.0-rc3-vs2.3.1-pre1.4/net/ipv6/route.c linux-3.0-rc3-dhozac/net/ipv6/route.c
--- linux-3.0-rc3-vs2.3.1-pre1.4/net/ipv6/route.c	2011-06-10 22:11:24.000000000 +0200
+++ linux-3.0-rc3-dhozac/net/ipv6/route.c	2011-06-15 04:19:51.000000000 +0200
@@ -54,6 +54,7 @@
 #include <net/xfrm.h>
 #include <net/netevent.h>
 #include <net/netlink.h>
+#include <linux/vs_inet6.h>
 
 #include <asm/uaccess.h>
 
@@ -2057,15 +2058,17 @@ int ip6_route_get_saddr(struct net *net,
 			struct rt6_info *rt,
 			const struct in6_addr *daddr,
 			unsigned int prefs,
-			struct in6_addr *saddr)
+			struct in6_addr *saddr,
+			struct nx_info *nxi)
 {
 	struct inet6_dev *idev = ip6_dst_idev((struct dst_entry*)rt);
 	int err = 0;
-	if (rt->rt6i_prefsrc.plen)
+	if (rt->rt6i_prefsrc.plen && (!nxi ||
+	    v6_addr_in_nx_info(nxi, &rt->rt6i_prefsrc.addr, NXA_TYPE_ADDR)))
 		ipv6_addr_copy(saddr, &rt->rt6i_prefsrc.addr);
 	else
 		err = ipv6_dev_get_saddr(net, idev ? idev->dev : NULL,
-					 daddr, prefs, saddr);
+					 daddr, prefs, saddr, nxi);
 	return err;
 }
 
@@ -2394,7 +2397,8 @@ static int rt6_fill_node(struct net *net
 			NLA_PUT_U32(skb, RTA_IIF, iif);
 	} else if (dst) {
 		struct in6_addr saddr_buf;
-		if (ip6_route_get_saddr(net, rt, dst, 0, &saddr_buf) == 0)
+		if (ip6_route_get_saddr(net, rt, dst, 0, &saddr_buf,
+					(skb->sk ? skb->sk->sk_nx_info : NULL)) == 0)
 			NLA_PUT(skb, RTA_PREFSRC, 16, &saddr_buf);
 	}
 
diff -NurpP linux-3.0-rc3-vs2.3.1-pre1.4/net/socket.c linux-3.0-rc3-dhozac/net/socket.c
--- linux-3.0-rc3-vs2.3.1-pre1.4/net/socket.c	2011-06-13 19:52:01.000000000 +0200
+++ linux-3.0-rc3-dhozac/net/socket.c	2011-06-15 04:19:51.000000000 +0200
@@ -550,7 +550,7 @@ static inline int __sock_sendmsg_nosec(s
 				       struct msghdr *msg, size_t size)
 {
 	struct sock_iocb *si = kiocb_to_siocb(iocb);
-	int len;
+	size_t len;
 
 	sock_update_classid(sock->sk);
 
diff -NurpP linux-3.0-rc3-vs2.3.1-pre1.4/security/commoncap.c linux-3.0-rc3-dhozac/security/commoncap.c
--- linux-3.0-rc3-vs2.3.1-pre1.4/security/commoncap.c	2011-06-10 22:11:24.000000000 +0200
+++ linux-3.0-rc3-dhozac/security/commoncap.c	2011-06-15 04:19:51.000000000 +0200
@@ -84,14 +84,20 @@ EXPORT_SYMBOL(cap_netlink_recv);
 int cap_capable(struct task_struct *tsk, const struct cred *cred,
 		struct user_namespace *targ_ns, int cap, int audit)
 {
+	struct vx_info *vxi = tsk->vx_info;
+
 	for (;;) {
 		/* The creator of the user namespace has all caps. */
 		if (targ_ns != &init_user_ns && targ_ns->creator == cred->user)
 			return 0;
 
 		/* Do we have the necessary capabilities? */
-		if (targ_ns == cred->user->user_ns)
-			return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM;
+		if (targ_ns == cred->user->user_ns) {
+			if (vx_info_flags(vxi, VXF_STATE_SETUP, 0) &&
+			    cap_raised(cred->cap_effective, cap))
+				return 0;
+			return vx_cap_raised(vxi, cred->cap_effective, cap) ? 0 : -EPERM;
+		}
 
 		/* Have we tried all of the parent namespaces? */
 		if (targ_ns == &init_user_ns)