diff -NurpP linux-2.6.33-vs2.3.0.36.30.1/fs/xattr.c linux-2.6.33-vs2.3.0.36.30.2/fs/xattr.c
--- linux-2.6.33-vs2.3.0.36.30.1/fs/xattr.c	2010-02-25 12:02:16.000000000 +0100
+++ linux-2.6.33-vs2.3.0.36.30.2/fs/xattr.c	2010-03-05 19:55:41.000000000 +0100
@@ -50,7 +50,7 @@ xattr_permission(struct inode *inode, co
 	 * The trusted.* namespace can only be accessed by a privileged user.
 	 */
 	if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN))
-		return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM);
+		return (vx_capable(CAP_SYS_ADMIN, VXC_FS_TRUSTED) ? 0 : -EPERM);
 
 	/* In user.* namespace, only regular files and directories can have
 	 * extended attributes. For sticky directories, only the owner and
diff -NurpP linux-2.6.33-vs2.3.0.36.30.1/include/linux/vserver/context.h linux-2.6.33-vs2.3.0.36.30.2/include/linux/vserver/context.h
--- linux-2.6.33-vs2.3.0.36.30.1/include/linux/vserver/context.h	2010-02-25 12:02:16.000000000 +0100
+++ linux-2.6.33-vs2.3.0.36.30.2/include/linux/vserver/context.h	2010-03-05 19:53:00.000000000 +0100
@@ -60,6 +60,7 @@
 #define VXC_SET_UTSNAME		0x00000001
 #define VXC_SET_RLIMIT		0x00000002
 #define VXC_FS_SECURITY		0x00000004
+#define VXC_FS_TRUSTED		0x00000008
 #define VXC_TIOCSTI		0x00000010
 
 /* was	VXC_RAW_ICMP		0x00000100 */