diff -NurpP --minimal linux-2.6.18.2-vs2.1.1/include/linux/vserver/network.h linux-2.6.18.2-vs2.1.1.0.1/include/linux/vserver/network.h
--- linux-2.6.18.2-vs2.1.1/include/linux/vserver/network.h	2006-11-07 03:39:30 +0100
+++ linux-2.6.18.2-vs2.1.1.0.1/include/linux/vserver/network.h	2006-11-07 04:33:09 +0100
@@ -14,6 +14,7 @@
 /* network flags */
 
 #define NXF_INFO_LOCK		0x00000001
+#define NXF_INFO_PRIVATE	0x00000008
 
 #define NXF_STATE_SETUP		(1ULL<<32)
 #define NXF_STATE_ADMIN		(1ULL<<34)
diff -NurpP --minimal linux-2.6.18.2-vs2.1.1/kernel/vserver/context.c linux-2.6.18.2-vs2.1.1.0.1/kernel/vserver/context.c
--- linux-2.6.18.2-vs2.1.1/kernel/vserver/context.c	2006-11-07 03:39:30 +0100
+++ linux-2.6.18.2-vs2.1.1.0.1/kernel/vserver/context.c	2006-11-07 04:27:22 +0100
@@ -585,7 +585,7 @@ int vx_migrate_user(struct task_struct *
 	if (!p || !vxi)
 		BUG();
 
-	if (vx_info_flags(vxi, VXF_INFO_LOCK, 0))
+	if (vx_info_flags(vxi, VXF_INFO_PRIVATE, 0))
 		return -EACCES;
 
 	new_user = alloc_uid(vxi->vx_id, p->uid);
@@ -650,13 +650,17 @@ int vx_migrate_task(struct task_struct *
 		"vx_migrate_task(%p,%p[#%d.%d])", p, vxi,
 		vxi->vx_id, atomic_read(&vxi->vx_usecnt));
 
-	if (vx_info_flags(vxi, VXF_INFO_LOCK, 0))
+	if (vx_info_flags(vxi, VXF_INFO_PRIVATE, 0))
 		return -EACCES;
 
 	old_vxi = task_get_vx_info(p);
 	if (old_vxi == vxi)
 		goto out;
 
+	ret =-EACCES;
+	if (vx_info_flags(old_vxi, VXF_INFO_LOCK, 0))
+		goto out;
+
 	if (!(ret = vx_migrate_user(p, vxi))) {
 		int openfd;
 
diff -NurpP --minimal linux-2.6.18.2-vs2.1.1/kernel/vserver/namespace.c linux-2.6.18.2-vs2.1.1.0.1/kernel/vserver/namespace.c
--- linux-2.6.18.2-vs2.1.1/kernel/vserver/namespace.c	2006-11-07 03:39:39 +0100
+++ linux-2.6.18.2-vs2.1.1.0.1/kernel/vserver/namespace.c	2006-11-07 04:27:54 +0100
@@ -33,7 +33,7 @@ int vx_enter_namespace(struct vx_info *v
 	struct fs_struct *old_fs, *fs;
 	struct namespace *old_ns;
 
-	if (vx_info_flags(vxi, VXF_INFO_LOCK, 0))
+	if (vx_info_flags(vxi, VXF_INFO_PRIVATE, 0))
 		return -EACCES;
 	if (!vxi->vx_namespace)
 		return -EINVAL;
diff -NurpP --minimal linux-2.6.18.2-vs2.1.1/kernel/vserver/network.c linux-2.6.18.2-vs2.1.1.0.1/kernel/vserver/network.c
--- linux-2.6.18.2-vs2.1.1/kernel/vserver/network.c	2006-11-07 03:39:30 +0100
+++ linux-2.6.18.2-vs2.1.1.0.1/kernel/vserver/network.c	2006-11-07 04:31:46 +0100
@@ -387,7 +387,7 @@ int nx_migrate_task(struct task_struct *
 		atomic_read(&nxi->nx_usecnt),
 		atomic_read(&nxi->nx_tasks));
 
-	if (nx_info_flags(nxi, NXF_INFO_LOCK, 0))
+	if (nx_info_flags(nxi, NXF_INFO_PRIVATE, 0))
 		return -EACCES;
 
 	/* maybe disallow this completely? */
@@ -395,6 +395,10 @@ int nx_migrate_task(struct task_struct *
 	if (old_nxi == nxi)
 		goto out;
 
+	ret =-EACCES;
+	if (nx_info_flags(old_nxi, NXF_INFO_LOCK, 0))
+		goto out;
+
 	task_lock(p);
 	if (old_nxi)
 		clr_nx_info(&p->nx_info);