diff -NurpP --minimal linux-2.6.22.6-vs2.3.0.22.1/include/linux/vserver/context.h linux-2.6.22.6-vs2.3.0.22.2/include/linux/vserver/context.h
--- linux-2.6.22.6-vs2.3.0.22.1/include/linux/vserver/context.h	2007-08-19 00:03:22 +0200
+++ linux-2.6.22.6-vs2.3.0.22.2/include/linux/vserver/context.h	2007-09-20 19:29:10 +0200
@@ -71,6 +71,8 @@
 #define VXC_ADMIN_MAPPER	0x00200000
 #define VXC_ADMIN_CLOOP		0x00400000
 
+#define VXC_KTHREAD		0x01000000
+
 
 #ifdef	__KERNEL__
 
diff -NurpP --minimal linux-2.6.22.6-vs2.3.0.22.1/kernel/fork.c linux-2.6.22.6-vs2.3.0.22.2/kernel/fork.c
--- linux-2.6.22.6-vs2.3.0.22.1/kernel/fork.c	2007-08-05 20:53:13 +0200
+++ linux-2.6.22.6-vs2.3.0.22.2/kernel/fork.c	2007-09-20 19:28:25 +0200
@@ -1420,7 +1420,8 @@ long do_fork(unsigned long clone_flags,
 		return -EAGAIN;
 
 	/* kernel threads are host only */
-	if ((clone_flags & CLONE_KTHREAD) && !vx_check(0, VS_ADMIN)) {
+	if ((clone_flags & CLONE_KTHREAD) &&
+		!vx_capable(CAP_SYS_ADMIN, VXC_KTHREAD)) {
 		vxwprintk(1, "xid=%d tried to spawn a kernel thread.",
 			vx_current_xid());
 		free_pid(pid);