--- linux-2.6.18.2/fs/attr.c	2006-04-09 13:49:53 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/attr.c	2006-09-25 15:40:02 +0200
@@ -79,6 +106,8 @@ int inode_setattr(struct inode * inode, 
 		inode->i_uid = attr->ia_uid;
 	if (ia_valid & ATTR_GID)
 		inode->i_gid = attr->ia_gid;
+	if ((ia_valid & ATTR_TAG) && IS_TAGGED(inode))
+		inode->i_tag = attr->ia_tag;
 	if (ia_valid & ATTR_ATIME)
 		inode->i_atime = timespec_trunc(attr->ia_atime,
 						inode->i_sb->s_time_gran);
--- linux-2.6.18.2/fs/ext2/inode.c	2006-09-20 16:58:34 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/ext2/inode.c	2006-11-04 08:24:09 +0100
@@ -1174,8 +1225,8 @@ static int ext2_update_inode(struct inod
 	struct ext2_inode_info *ei = EXT2_I(inode);
 	struct super_block *sb = inode->i_sb;
 	ino_t ino = inode->i_ino;
-	uid_t uid = inode->i_uid;
-	gid_t gid = inode->i_gid;
+	uid_t uid = TAGINO_UID(DX_TAG(inode), inode->i_uid, inode->i_tag);
+	gid_t gid = TAGINO_GID(DX_TAG(inode), inode->i_gid, inode->i_tag);
 	struct buffer_head * bh;
 	struct ext2_inode * raw_inode = ext2_get_inode(sb, ino, &bh);
 	int n;
--- linux-2.6.18.2/fs/ext2/inode.c	2006-09-20 16:58:34 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/ext2/inode.c	2006-11-04 08:24:09 +0100
@@ -1296,7 +1350,8 @@ int ext2_setattr(struct dentry *dentry, 
 	if (error)
 		return error;
 	if ((iattr->ia_valid & ATTR_UID && iattr->ia_uid != inode->i_uid) ||
-	    (iattr->ia_valid & ATTR_GID && iattr->ia_gid != inode->i_gid)) {
+	    (iattr->ia_valid & ATTR_GID && iattr->ia_gid != inode->i_gid) ||
+	    (iattr->ia_valid & ATTR_TAG && iattr->ia_tag != inode->i_tag)) {
 		error = DQUOT_TRANSFER(inode, iattr) ? -EDQUOT : 0;
 		if (error)
 			return error;
--- linux-2.6.18.2/fs/ext3/inode.c	2006-09-20 16:58:34 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/ext3/inode.c	2006-11-04 08:15:22 +0100
@@ -2915,7 +2986,8 @@ int ext3_setattr(struct dentry *dentry, 
 		return error;
 
 	if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
-		(ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) {
+		(ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid) ||
+		(ia_valid & ATTR_TAG && attr->ia_tag != inode->i_tag)) {
 		handle_t *handle;
 
 		/* (user+group)*(old+new) structure, inode write (sb,
--- linux-2.6.18.2/fs/ext3/inode.c	2006-09-20 16:58:34 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/ext3/inode.c	2006-11-04 08:15:22 +0100
@@ -2937,6 +3009,8 @@ int ext3_setattr(struct dentry *dentry, 
 			inode->i_uid = attr->ia_uid;
 		if (attr->ia_valid & ATTR_GID)
 			inode->i_gid = attr->ia_gid;
+		if ((attr->ia_valid & ATTR_TAG) && IS_TAGGED(inode))
+			inode->i_tag = attr->ia_tag;
 		error = ext3_mark_inode_dirty(handle, inode);
 		ext3_journal_stop(handle);
 	}
--- linux-2.6.18.2/fs/inode.c	2006-09-20 16:58:35 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/inode.c	2006-10-29 02:50:41 +0100
@@ -115,6 +115,9 @@ static struct inode *alloc_inode(struct 
 		struct address_space * const mapping = &inode->i_data;
 
 		inode->i_sb = sb;
+
+		/* essential because of inode slab reuse */
+		inode->i_tag = 0;
 		inode->i_blkbits = sb->s_blocksize_bits;
 		inode->i_flags = 0;
 		atomic_set(&inode->i_count, 1);
--- linux-2.6.18.2/fs/jfs/acl.c	2006-06-18 04:54:36 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/jfs/acl.c	2006-09-25 15:40:02 +0200
@@ -232,7 +232,8 @@ int jfs_setattr(struct dentry *dentry, s
 		return rc;
 
 	if ((iattr->ia_valid & ATTR_UID && iattr->ia_uid != inode->i_uid) ||
-	    (iattr->ia_valid & ATTR_GID && iattr->ia_gid != inode->i_gid)) {
+	    (iattr->ia_valid & ATTR_GID && iattr->ia_gid != inode->i_gid) ||
+	    (iattr->ia_valid & ATTR_TAG && iattr->ia_tag != inode->i_tag)) {
 		if (DQUOT_TRANSFER(inode, iattr))
 			return -EDQUOT;
 	}
--- linux-2.6.18.2/fs/jfs/jfs_filsys.h	2005-10-28 20:49:44 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/jfs/jfs_filsys.h	2006-09-25 15:40:02 +0200
@@ -84,6 +84,7 @@
 #define JFS_DIR_INDEX		0x00200000	/* Persistant index for */
 						/* directory entries    */
 
+#define JFS_TAGGED		0x00800000	/* Context Tagging */
 
 /*
  *	buffer cache configuration
--- linux-2.6.18.2/fs/namei.c	2006-09-20 16:58:35 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/namei.c	2006-11-04 08:24:09 +0100
@@ -256,6 +286,8 @@ int permission(struct inode *inode, int 
 
 	/* Ordinary permission routines do not understand MAY_APPEND. */
 	submask = mask & ~MAY_APPEND;
+	if ((retval = dx_permission(inode, mask, nd)))
+		return retval;
 	if (inode->i_op && inode->i_op->permission)
 		retval = inode->i_op->permission(inode, submask, nd);
 	else
--- linux-2.6.18.2/fs/namei.c	2006-09-20 16:58:35 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/namei.c	2006-11-04 08:24:09 +0100
@@ -410,6 +442,8 @@ static int exec_permission_lite(struct i
 {
 	umode_t	mode = inode->i_mode;
 
+	if (dx_barrier(inode))
+		return -EACCES;
 	if (inode->i_op && inode->i_op->permission)
 		return -EAGAIN;
 
--- linux-2.6.18.2/fs/namei.c	2006-09-20 16:58:35 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/namei.c	2006-11-04 08:24:09 +0100
@@ -759,6 +806,12 @@ *****
 	path->dentry = dentry;
 	__follow_mount(path);
 	return 0;
+hidden:
+	vxwprintk(1, "xid=%d did lookup hidden %p[#%d,%lu] »%s«.",
+		vx_current_xid(), inode, inode->i_tag, inode->i_ino,
+		vxd_path(dentry, mnt));
+	dput(dentry);
+	return -ENOENT;
 
 need_lookup:
 	dentry = real_lookup(nd->dentry, name, nd);
--- linux-2.6.18.2/fs/open.c	2006-09-20 16:58:35 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/open.c	2006-11-04 08:24:09 +0100
@@ -715,7 +725,7 @@ static int chown_common(struct dentry * 
 	newattrs.ia_valid =  ATTR_CTIME;
 	if (user != (uid_t) -1) {
 		newattrs.ia_valid |= ATTR_UID;
-		newattrs.ia_uid = user;
+		newattrs.ia_uid = dx_map_uid(user);
 	}
 	if (group != (gid_t) -1) {
 		newattrs.ia_valid |= ATTR_GID;
--- linux-2.6.18.2/fs/open.c	2006-09-20 16:58:35 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/open.c	2006-11-04 08:24:09 +0100
@@ -719,7 +729,7 @@ *****
 	}
 	if (group != (gid_t) -1) {
 		newattrs.ia_valid |= ATTR_GID;
-		newattrs.ia_gid = group;
+		newattrs.ia_gid = dx_map_gid(group);
 	}
 	if (!S_ISDIR(inode->i_mode))
 		newattrs.ia_valid |= ATTR_KILL_SUID|ATTR_KILL_SGID;
--- linux-2.6.18.2/fs/reiserfs/inode.c	2006-09-20 16:58:35 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/reiserfs/inode.c	2006-09-25 15:40:02 +0200
@@ -2983,6 +3037,9 @@ int reiserfs_setattr(struct dentry *dent
 					inode->i_uid = attr->ia_uid;
 				if (attr->ia_valid & ATTR_GID)
 					inode->i_gid = attr->ia_gid;
+				if ((attr->ia_valid & ATTR_TAG) &&
+					IS_TAGGED(inode))
+					inode->i_tag = attr->ia_tag;
 				mark_inode_dirty(inode);
 				error =
 				    journal_end(&th, inode->i_sb, jbegin_count);
--- linux-2.6.18.2/fs/stat.c	2006-09-20 16:58:35 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/stat.c	2006-09-25 15:40:02 +0200
@@ -26,6 +26,7 @@ void generic_fillattr(struct inode *inod
 	stat->nlink = inode->i_nlink;
 	stat->uid = inode->i_uid;
 	stat->gid = inode->i_gid;
+	stat->tag = inode->i_tag;
 	stat->rdev = inode->i_rdev;
 	stat->atime = inode->i_atime;
 	stat->mtime = inode->i_mtime;
--- linux-2.6.18.2/fs/xfs/linux-2.6/xfs_iops.c	2006-09-20 16:58:39 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/xfs/linux-2.6/xfs_iops.c	2006-09-25 15:40:02 +0200
@@ -652,6 +658,10 @@ xfs_vn_setattr(
 		vattr.va_mask |= XFS_AT_GID;
 		vattr.va_gid = attr->ia_gid;
 	}
+	if ((ia_valid & ATTR_TAG) && IS_TAGGED(inode)) {
+		vattr.va_mask |= XFS_AT_TAG;
+		vattr.va_tag = attr->ia_tag;
+	}
 	if (ia_valid & ATTR_SIZE) {
 		vattr.va_mask |= XFS_AT_SIZE;
 		vattr.va_size = attr->ia_size;
--- linux-2.6.18.2/fs/xfs/linux-2.6/xfs_vnode.h	2006-09-20 16:58:40 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/xfs/linux-2.6/xfs_vnode.h	2006-09-25 15:40:02 +0200
@@ -400,6 +401,7 @@ typedef struct bhv_vattr {
 #define XFS_AT_PROJID		0x04000000
 #define XFS_AT_SIZE_NOPERM	0x08000000
 #define XFS_AT_GENCOUNT		0x10000000
+#define XFS_AT_TAG		0x20000000
 
 #define XFS_AT_ALL	(XFS_AT_TYPE|XFS_AT_MODE|XFS_AT_UID|XFS_AT_GID|\
 		XFS_AT_FSID|XFS_AT_NODEID|XFS_AT_NLINK|XFS_AT_SIZE|\
--- linux-2.6.18.2/fs/xfs/linux-2.6/xfs_vnode.h	2006-09-20 16:58:40 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/xfs/linux-2.6/xfs_vnode.h	2006-09-25 15:40:02 +0200
@@ -406,7 +408,8 @@ *****
 		XFS_AT_ATIME|XFS_AT_MTIME|XFS_AT_CTIME|XFS_AT_RDEV|\
 		XFS_AT_BLKSIZE|XFS_AT_NBLOCKS|XFS_AT_VCODE|XFS_AT_MAC|\
 		XFS_AT_ACL|XFS_AT_CAP|XFS_AT_INF|XFS_AT_XFLAGS|XFS_AT_EXTSIZE|\
-		XFS_AT_NEXTENTS|XFS_AT_ANEXTENTS|XFS_AT_PROJID|XFS_AT_GENCOUNT)
+		XFS_AT_NEXTENTS|XFS_AT_ANEXTENTS|XFS_AT_PROJID|XFS_AT_GENCOUNT\
+		XFS_AT_TAG)
 
 #define XFS_AT_STAT	(XFS_AT_TYPE|XFS_AT_MODE|XFS_AT_UID|XFS_AT_GID|\
 		XFS_AT_FSID|XFS_AT_NODEID|XFS_AT_NLINK|XFS_AT_SIZE|\
--- linux-2.6.18.2/fs/xfs/xfs_clnt.h	2006-06-18 04:54:50 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/xfs/xfs_clnt.h	2006-09-25 15:40:02 +0200
@@ -99,5 +99,7 @@ struct xfs_mount_args {
  */
 #define XFSMNT2_COMPAT_IOSIZE	0x00000001	/* don't report large preferred
 						 * I/O size in stat(2) */
+#define XFSMNT2_TAGGED		0x80000000	/* context tagging */
+
 
 #endif	/* __XFS_CLNT_H__ */
--- linux-2.6.18.2/fs/xfs/xfs_mount.h	2006-09-20 16:58:40 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/xfs/xfs_mount.h	2006-09-25 15:40:02 +0200
@@ -460,6 +460,7 @@ typedef struct xfs_mount {
 #define XFS_MOUNT_NO_PERCPU_SB	(1ULL << 23)	/* don't use per-cpu superblock
 						   counters */
 
+#define XFS_MOUNT_TAGGED	(1ULL << 31)	/* context tagging */
 
 /*
  * Default minimum read and write sizes.
--- linux-2.6.18.2/fs/xfs/xfs_vnodeops.c	2006-09-20 16:58:40 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/xfs/xfs_vnodeops.c	2006-09-25 15:40:02 +0200
@@ -160,6 +160,7 @@ xfs_getattr(
 	vap->va_mode = ip->i_d.di_mode;
 	vap->va_uid = ip->i_d.di_uid;
 	vap->va_gid = ip->i_d.di_gid;
+	vap->va_tag = ip->i_d.di_tag;
 	vap->va_projid = ip->i_d.di_projid;
 
 	/*
--- linux-2.6.18.2/fs/xfs/xfs_vnodeops.c	2006-09-20 16:58:40 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/xfs/xfs_vnodeops.c	2006-09-25 15:40:02 +0200
@@ -260,6 +261,7 @@ xfs_setattr(
 	uint			commit_flags=0;
 	uid_t			uid=0, iuid=0;
 	gid_t			gid=0, igid=0;
+	tag_t			tag=0, itag=0;
 	int			timeflags = 0;
 	bhv_vnode_t		*vp;
 	xfs_prid_t		projid=0, iprojid=0;
--- linux-2.6.18.2/fs/xfs/xfs_vnodeops.c	2006-09-20 16:58:40 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/xfs/xfs_vnodeops.c	2006-09-25 15:40:02 +0200
@@ -316,6 +318,7 @@ xfs_setattr(
 	    (mask & (XFS_AT_UID|XFS_AT_GID|XFS_AT_PROJID))) {
 		uint	qflags = 0;
 
+		/* FIXME: handle tagging? */
 		if ((mask & XFS_AT_UID) && XFS_IS_UQUOTA_ON(mp)) {
 			uid = vap->va_uid;
 			qflags |= XFS_QMOPT_UQUOTA;
--- linux-2.6.18.2/fs/xfs/xfs_vnodeops.c	2006-09-20 16:58:40 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/xfs/xfs_vnodeops.c	2006-09-25 15:40:02 +0200
@@ -395,6 +398,8 @@ xfs_setattr(
 	if (mask &
 	    (XFS_AT_MODE|XFS_AT_XFLAGS|XFS_AT_EXTSIZE|XFS_AT_UID|
 	     XFS_AT_GID|XFS_AT_PROJID)) {
+		/* FIXME: handle tagging? */
+
 		/*
 		 * CAP_FOWNER overrides the following restrictions:
 		 *
--- linux-2.6.18.2/fs/xfs/xfs_vnodeops.c	2006-09-20 16:58:40 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/xfs/xfs_vnodeops.c	2006-09-25 15:40:02 +0200
@@ -443,7 +448,7 @@ xfs_setattr(
 	 * and can change the group id only to a group of which he
 	 * or she is a member.
 	 */
-	if (mask & (XFS_AT_UID|XFS_AT_GID|XFS_AT_PROJID)) {
+	if (mask & (XFS_AT_UID|XFS_AT_GID|XFS_AT_TAG|XFS_AT_PROJID)) {
 		/*
 		 * These IDs could have changed since we last looked at them.
 		 * But, we're assured that if the ownership did change
--- linux-2.6.18.2/fs/xfs/xfs_vnodeops.c	2006-09-20 16:58:40 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/xfs/xfs_vnodeops.c	2006-09-25 15:40:02 +0200
@@ -482,6 +489,7 @@ xfs_setattr(
 		if ((XFS_IS_UQUOTA_ON(mp) && iuid != uid) ||
 		    (XFS_IS_PQUOTA_ON(mp) && iprojid != projid) ||
 		    (XFS_IS_GQUOTA_ON(mp) && igid != gid)) {
+			/* FIXME: handle tagging? */
 			ASSERT(tp);
 			code = XFS_QM_DQVOPCHOWNRESV(mp, tp, ip, udqp, gdqp,
 						capable(CAP_FOWNER) ?
--- linux-2.6.18.2/fs/xfs/xfs_vnodeops.c	2006-09-20 16:58:40 +0200
+++ linux-2.6.18.2-vs2.1.1/fs/xfs/xfs_vnodeops.c	2006-09-25 15:40:02 +0200
@@ -707,7 +715,7 @@ xfs_setattr(
 	 * and can change the group id only to a group of which he
 	 * or she is a member.
 	 */
-	if (mask & (XFS_AT_UID|XFS_AT_GID|XFS_AT_PROJID)) {
+	if (mask & (XFS_AT_UID|XFS_AT_GID|XFS_AT_TAG|XFS_AT_PROJID)) {
 		/*
 		 * CAP_FSETID overrides the following restrictions:
 		 *
--- linux-2.6.18.2/include/linux/ext2_fs.h	2006-09-20 16:58:43 +0200
+++ linux-2.6.18.2-vs2.1.1/include/linux/ext2_fs.h	2006-11-04 08:24:09 +0100
@@ -313,8 +321,9 @@ struct ext2_inode {
 #define EXT2_MOUNT_XATTR_USER		0x004000  /* Extended user attributes */
 #define EXT2_MOUNT_POSIX_ACL		0x008000  /* POSIX Access Control Lists */
 #define EXT2_MOUNT_XIP			0x010000  /* Execute in place */
-#define EXT2_MOUNT_USRQUOTA		0x020000 /* user quota */
-#define EXT2_MOUNT_GRPQUOTA		0x040000 /* group quota */
+#define EXT2_MOUNT_USRQUOTA		0x020000  /* user quota */
+#define EXT2_MOUNT_GRPQUOTA		0x040000  /* group quota */
+#define EXT2_MOUNT_TAGGED		(1<<24)	  /* Enable Context Tags */
 
 
 #define clear_opt(o, opt)		o &= ~EXT2_MOUNT_##opt
--- linux-2.6.18.2/include/linux/ext3_fs.h	2006-09-20 16:58:43 +0200
+++ linux-2.6.18.2-vs2.1.1/include/linux/ext3_fs.h	2006-09-25 15:40:02 +0200
@@ -371,6 +382,7 @@ struct ext3_inode {
 #define EXT3_MOUNT_QUOTA		0x80000 /* Some quota option set */
 #define EXT3_MOUNT_USRQUOTA		0x100000 /* "old" user quota */
 #define EXT3_MOUNT_GRPQUOTA		0x200000 /* "old" group quota */
+#define EXT3_MOUNT_TAGGED		(1<<24) /* Enable Context Tags */
 
 /* Compatibility, for having both ext2_fs.h and ext3_fs.h included at once */
 #ifndef _LINUX_EXT2_FS_H
--- linux-2.6.18.2/include/linux/fs.h	2006-09-20 16:58:43 +0200
+++ linux-2.6.18.2-vs2.1.1/include/linux/fs.h	2006-11-01 01:01:33 +0100
@@ -119,6 +119,8 @@ extern int dir_notify_enable;
 #define MS_PRIVATE	(1<<18)	/* change to private */
 #define MS_SLAVE	(1<<19)	/* change to slave */
 #define MS_SHARED	(1<<20)	/* change to shared */
+#define MS_TAGGED	(1<<24) /* use generic inode tagging */
+#define MS_TAGID	(1<<25) /* use specific tag for this mount */
 #define MS_ACTIVE	(1<<30)
 #define MS_NOUSER	(1<<31)
 
--- linux-2.6.18.2/include/linux/fs.h	2006-09-20 16:58:43 +0200
+++ linux-2.6.18.2-vs2.1.1/include/linux/fs.h	2006-11-01 01:01:33 +0100
@@ -280,6 +296,7 @@ typedef void (dio_iodone_t)(struct kiocb
 #define ATTR_KILL_SUID	2048
 #define ATTR_KILL_SGID	4096
 #define ATTR_FILE	8192
+#define ATTR_TAG	16384
 
 /*
  * This is the Inode Attributes structure, used for notify_change().  It
--- linux-2.6.18.2/include/linux/fs.h	2006-09-20 16:58:43 +0200
+++ linux-2.6.18.2-vs2.1.1/include/linux/fs.h	2006-11-01 01:01:33 +0100
@@ -295,6 +312,7 @@ struct iattr {
 	umode_t		ia_mode;
 	uid_t		ia_uid;
 	gid_t		ia_gid;
+	tag_t		ia_tag;
 	loff_t		ia_size;
 	struct timespec	ia_atime;
 	struct timespec	ia_mtime;
--- linux-2.6.18.2/include/linux/fs.h	2006-09-20 16:58:43 +0200
+++ linux-2.6.18.2-vs2.1.1/include/linux/fs.h	2006-11-01 01:01:33 +0100
@@ -505,6 +526,7 @@ struct inode {
 	unsigned int		i_nlink;
 	uid_t			i_uid;
 	gid_t			i_gid;
+	tag_t			i_tag;
 	dev_t			i_rdev;
 	loff_t			i_size;
 	struct timespec		i_atime;
--- linux-2.6.18.2/include/linux/fs.h	2006-09-20 16:58:43 +0200
+++ linux-2.6.18.2-vs2.1.1/include/linux/fs.h	2006-11-01 01:01:33 +0100
@@ -687,6 +712,7 @@ struct file {
 	struct fown_struct	f_owner;
 	unsigned int		f_uid, f_gid;
 	struct file_ra_state	f_ra;
+	xid_t			f_xid;
 
 	unsigned long		f_version;
 	void			*f_security;
--- linux-2.6.18.2/include/linux/reiserfs_fs_sb.h	2006-02-18 14:40:35 +0100
+++ linux-2.6.18.2-vs2.1.1/include/linux/reiserfs_fs_sb.h	2006-09-25 15:40:02 +0200
@@ -456,6 +456,7 @@ enum reiserfs_mount_options {
 	REISERFS_POSIXACL,
 	REISERFS_BARRIER_NONE,
 	REISERFS_BARRIER_FLUSH,
+	REISERFS_TAGGED,
 
 	/* Actions on error */
 	REISERFS_ERROR_PANIC,
--- linux-2.6.18.2/include/linux/stat.h	2006-06-18 04:55:25 +0200
+++ linux-2.6.18.2-vs2.1.1/include/linux/stat.h	2006-09-25 15:40:02 +0200
@@ -63,6 +63,7 @@ struct kstat {
 	unsigned int	nlink;
 	uid_t		uid;
 	gid_t		gid;
+	tag_t		tag;
 	dev_t		rdev;
 	loff_t		size;
 	struct timespec  atime;
--- linux-2.6.18.2/include/linux/vs_tag.h	1970-01-01 01:00:00 +0100
+++ linux-2.6.18.2-vs2.1.1/include/linux/vs_tag.h	2006-09-25 15:40:02 +0200
@@ -0,0 +1,45 @@
+#ifndef _VX_VS_TAG_H
+#define _VX_VS_TAG_H
+
+#include <linux/kernel.h>
+#include <linux/vserver/tag.h>
+
+/* check conditions */
+
+#define DX_ADMIN	0x0001
+#define DX_WATCH	0x0002
+#define DX_HOSTID	0x0008
+
+#define DX_IDENT	0x0010
+
+#define DX_ARG_MASK	0x0010
+
+
+#define dx_task_tag(t)	((t)->xid)
+
+#define dx_current_tag() dx_task_tag(current)
+
+#define dx_check(c,m)	__dx_check(dx_current_tag(),c,m)
+
+#define dx_weak_check(c,m)	((m) ? dx_check(c,m) : 1)
+
+
+/*
+ * check current context for ADMIN/WATCH and
+ * optionally against supplied argument
+ */
+static inline int __dx_check(tag_t cid, tag_t id, unsigned int mode)
+{
+	if (mode & DX_ARG_MASK) {
+		if ((mode & DX_IDENT) &&
+			(id == cid))
+			return 1;
+	}
+	return (((mode & DX_ADMIN) && (cid == 0)) ||
+		((mode & DX_WATCH) && (cid == 1)) ||
+		((mode & DX_HOSTID) && (id == 0)));
+}
+
+#else
+#warning duplicate inclusion
+#endif
--- linux-2.6.18.2/include/linux/vserver/tag.h	1970-01-01 01:00:00 +0100
+++ linux-2.6.18.2-vs2.1.1/include/linux/vserver/tag.h	2006-09-25 15:40:02 +0200
@@ -0,0 +1,153 @@
+#ifndef _DX_TAG_H
+#define _DX_TAG_H
+
+
+#define DX_TAG(in)	(IS_TAGGED(in))
+
+
+#ifdef CONFIG_DX_TAG_NFSD
+#define DX_TAG_NFSD	1
+#else
+#define DX_TAG_NFSD	0
+#endif
+
+
+#ifdef CONFIG_TAGGING_NONE
+
+#define MAX_UID		0xFFFFFFFF
+#define MAX_GID		0xFFFFFFFF
+
+#define INOTAG_TAG(cond, uid, gid, tag)	(0)
+
+#define TAGINO_UID(cond, uid, tag)	(uid)
+#define TAGINO_GID(cond, gid, tag)	(gid)
+
+#endif
+
+
+#ifdef CONFIG_TAGGING_GID16
+
+#define MAX_UID		0xFFFFFFFF
+#define MAX_GID		0x0000FFFF
+
+#define INOTAG_TAG(cond, uid, gid, tag)	\
+	((cond) ? (((gid) >> 16) & 0xFFFF) : 0)
+
+#define TAGINO_UID(cond, uid, tag)	(uid)
+#define TAGINO_GID(cond, gid, tag)	\
+	((cond) ? (((gid) & 0xFFFF) | ((tag) << 16)) : (gid))
+
+#endif
+
+
+#ifdef CONFIG_TAGGING_ID24
+
+#define MAX_UID		0x00FFFFFF
+#define MAX_GID		0x00FFFFFF
+
+#define INOTAG_TAG(cond, uid, gid, tag)	\
+	((cond) ? ((((uid) >> 16) & 0xFF00) | (((gid) >> 24) & 0xFF)) : 0)
+
+#define TAGINO_UID(cond, uid, tag)	\
+	((cond) ? (((uid) & 0xFFFFFF) | (((tag) & 0xFF00) << 16)) : (uid))
+#define TAGINO_GID(cond, gid, tag)	\
+	((cond) ? (((gid) & 0xFFFFFF) | (((tag) & 0x00FF) << 24)) : (gid))
+
+#endif
+
+
+#ifdef CONFIG_TAGGING_UID16
+
+#define MAX_UID		0x0000FFFF
+#define MAX_GID		0xFFFFFFFF
+
+#define INOTAG_TAG(cond, uid, gid, tag)	\
+	((cond) ? (((uid) >> 16) & 0xFFFF) : 0)
+
+#define TAGINO_UID(cond, uid, tag)	\
+	((cond) ? (((uid) & 0xFFFF) | ((tag) << 16)) : (uid))
+#define TAGINO_GID(cond, gid, tag)	(gid)
+
+#endif
+
+
+#ifdef CONFIG_TAGGING_INTERN
+
+#define MAX_UID		0xFFFFFFFF
+#define MAX_GID		0xFFFFFFFF
+
+#define INOTAG_TAG(cond, uid, gid, tag)	\
+	((cond) ? (tag) : 0)
+
+#define TAGINO_UID(cond, uid, tag)	(uid)
+#define TAGINO_GID(cond, gid, tag)	(gid)
+
+#endif
+
+
+#ifdef CONFIG_TAGGING_RUNTIME
+
+#define MAX_UID		0xFFFFFFFF
+#define MAX_GID		0xFFFFFFFF
+
+#define INOTAG_TAG(cond, uid, gid, tag)	(0)
+
+#define TAGINO_UID(cond, uid, tag)	(uid)
+#define TAGINO_GID(cond, gid, tag)	(gid)
+
+#endif
+
+
+#ifndef CONFIG_TAGGING_NONE
+#define dx_current_fstag(sb)	\
+	((sb)->s_flags & MS_TAGGED ? dx_current_tag(): 0)
+#else
+#define dx_current_fstag(sb)	(0)
+#endif
+
+#ifndef CONFIG_TAGGING_INTERN
+#define TAGINO_TAG(cond, tag)	(0)
+#else
+#define TAGINO_TAG(cond, tag)	((cond) ? (tag) : 0)
+#endif
+
+#define INOTAG_UID(cond, uid, gid)	\
+	((cond) ? ((uid) & MAX_UID) : (uid))
+#define INOTAG_GID(cond, uid, gid)	\
+	((cond) ? ((gid) & MAX_GID) : (gid))
+
+
+static inline uid_t dx_map_uid(uid_t uid)
+{
+	if ((uid > MAX_UID) && (uid != -1))
+		uid = -2;
+	return (uid & MAX_UID);
+}
+
+static inline gid_t dx_map_gid(gid_t gid)
+{
+	if ((gid > MAX_GID) && (gid != -1))
+		gid = -2;
+	return (gid & MAX_GID);
+}
+
+
+#ifdef	CONFIG_VSERVER_LEGACY
+#define FIOC_GETTAG	_IOR('x', 1, long)
+#define FIOC_SETTAG	_IOW('x', 2, long)
+#define FIOC_SETTAGJ	_IOW('x', 3, long)
+#endif
+
+#ifdef	CONFIG_PROPAGATE
+
+int dx_parse_tag(char *string, tag_t *tag, int remove);
+
+void __dx_propagate_tag(struct nameidata *nd, struct inode *inode);
+
+#define dx_propagate_tag(n,i)	__dx_propagate_tag(n,i)
+
+#else
+#define dx_propagate_tag(n,i)	do { } while (0)
+#endif
+
+#endif /* _DX_TAG_H */