--- olpc-2.6-master.00/arch/alpha/kernel/ptrace.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/alpha/kernel/ptrace.c	2007-03-01 11:52:20.000000000 -0500
@@ -15,6 +15,7 @@
 #include <linux/slab.h>
 #include <linux/security.h>
 #include <linux/signal.h>
+#include <linux/vs_base.h>
 
 #include <asm/uaccess.h>
 #include <asm/pgtable.h>
--- olpc-2.6-master.00/arch/alpha/kernel/ptrace.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/alpha/kernel/ptrace.c	2007-03-01 11:52:20.000000000 -0500
@@ -283,6 +284,11 @@ do_sys_ptrace(long request, long pid, lo
 		goto out_notsk;
 	}
 
+	if (!vx_check(vx_task_xid(child), VS_WATCH_P|VS_IDENT)) {
+		ret = -EPERM;
+		goto out;
+	}
+
 	if (request == PTRACE_ATTACH) {
 		ret = ptrace_attach(child);
 		goto out;
--- olpc-2.6-master.00/arch/ia64/kernel/ptrace.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/ia64/kernel/ptrace.c	2007-03-01 11:52:20.000000000 -0500
@@ -17,6 +17,7 @@
 #include <linux/security.h>
 #include <linux/audit.h>
 #include <linux/signal.h>
+#include <linux/vs_base.h>
 
 #include <asm/pgtable.h>
 #include <asm/processor.h>
--- olpc-2.6-master.00/arch/ia64/kernel/ptrace.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/ia64/kernel/ptrace.c	2007-03-01 11:52:20.000000000 -0500
@@ -1443,6 +1444,9 @@ sys_ptrace (long request, pid_t pid, uns
 	read_unlock(&tasklist_lock);
 	if (!child)
 		goto out;
+	if (!vx_check(vx_task_xid(child), VS_WATCH_P|VS_IDENT))
+		goto out_tsk;
+
 	ret = -EPERM;
 	if (pid == 1)		/* no messing around with init! */
 		goto out_tsk;
--- olpc-2.6-master.00/arch/m68k/kernel/ptrace.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/m68k/kernel/ptrace.c	2007-03-01 11:52:20.000000000 -0500
@@ -19,6 +19,7 @@
 #include <linux/ptrace.h>
 #include <linux/user.h>
 #include <linux/signal.h>
+#include <linux/vs_base.h>
 
 #include <asm/uaccess.h>
 #include <asm/page.h>
--- olpc-2.6-master.00/arch/m68k/kernel/ptrace.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/m68k/kernel/ptrace.c	2007-03-01 11:52:20.000000000 -0500
@@ -279,6 +280,8 @@ long arch_ptrace(struct task_struct *chi
 		ret = ptrace_request(child, request, addr, data);
 		break;
 	}
+	if (!vx_check(vx_task_xid(child), VS_WATCH_P|VS_IDENT))
+		goto out_tsk;
 
 	return ret;
 out_eio:
--- olpc-2.6-master.00/arch/mips/kernel/ptrace.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/mips/kernel/ptrace.c	2007-03-01 11:52:20.000000000 -0500
@@ -26,6 +26,7 @@
 #include <linux/user.h>
 #include <linux/security.h>
 #include <linux/signal.h>
+#include <linux/vs_base.h>
 
 #include <asm/byteorder.h>
 #include <asm/cpu.h>
--- olpc-2.6-master.00/arch/mips/kernel/ptrace.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/mips/kernel/ptrace.c	2007-03-01 11:52:20.000000000 -0500
@@ -172,6 +173,9 @@ long arch_ptrace(struct task_struct *chi
 {
 	int ret;
 
+	if (!vx_check(vx_task_xid(child), VS_WATCH_P|VS_IDENT))
+		goto out;
+
 	switch (request) {
 	/* when I and D space are separate, these will need to be fixed. */
 	case PTRACE_PEEKTEXT: /* read word at location addr. */
--- olpc-2.6-master.00/arch/s390/kernel/ptrace.c	2007-02-28 20:05:26.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/s390/kernel/ptrace.c	2007-03-01 11:52:20.000000000 -0500
@@ -33,6 +33,7 @@
 #include <linux/security.h>
 #include <linux/audit.h>
 #include <linux/signal.h>
+#include <linux/vs_base.h>
 
 #include <asm/segment.h>
 #include <asm/page.h>
--- olpc-2.6-master.00/arch/s390/kernel/ptrace.c	2007-02-28 20:05:26.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/s390/kernel/ptrace.c	2007-03-01 11:52:20.000000000 -0500
@@ -725,7 +726,13 @@ sys_ptrace(long request, long pid, long 
 		goto out;
 	}
 
+	if (!vx_check(vx_task_xid(child), VS_WATCH_P|VS_IDENT)) {
+		ret = -EPERM;
+		goto out_tsk;
+	}
+
 	ret = do_ptrace(child, request, addr, data);
+out_tsk:
 	put_task_struct(child);
 out:
 	unlock_kernel();
--- olpc-2.6-master.00/arch/sparc/kernel/ptrace.c	2007-02-28 20:05:26.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/sparc/kernel/ptrace.c	2007-03-01 11:52:20.000000000 -0500
@@ -19,6 +19,7 @@
 #include <linux/smp_lock.h>
 #include <linux/security.h>
 #include <linux/signal.h>
+#include <linux/vs_base.h>
 
 #include <asm/pgtable.h>
 #include <asm/system.h>
--- olpc-2.6-master.00/arch/sparc/kernel/ptrace.c	2007-02-28 20:05:26.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/sparc/kernel/ptrace.c	2007-03-01 11:52:20.000000000 -0500
@@ -302,6 +303,10 @@ asmlinkage void do_ptrace(struct pt_regs
 		pt_error_return(regs, -ret);
 		goto out;
 	}
+	if (!vx_check(vx_task_xid(child), VS_WATCH_P|VS_IDENT)) {
+		pt_error_return(regs, ESRCH);
+		goto out_tsk;
+	}
 
 	if ((current->personality == PER_SUNOS && request == PTRACE_SUNATTACH)
 	    || (current->personality != PER_SUNOS && request == PTRACE_ATTACH)) {
--- olpc-2.6-master.00/arch/sparc64/kernel/ptrace.c	2007-02-28 20:05:26.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/sparc64/kernel/ptrace.c	2007-03-01 11:52:20.000000000 -0500
@@ -22,6 +22,7 @@
 #include <linux/seccomp.h>
 #include <linux/audit.h>
 #include <linux/signal.h>
+#include <linux/vs_base.h>
 
 #include <asm/asi.h>
 #include <asm/pgtable.h>
--- olpc-2.6-master.00/arch/sparc64/kernel/ptrace.c	2007-02-28 20:05:26.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/sparc64/kernel/ptrace.c	2007-03-01 11:52:20.000000000 -0500
@@ -215,6 +216,10 @@ asmlinkage void do_ptrace(struct pt_regs
 		pt_error_return(regs, -ret);
 		goto out;
 	}
+	if (!vx_check(vx_task_xid(child), VS_WATCH_P|VS_IDENT)) {
+		pt_error_return(regs, ESRCH);
+		goto out_tsk;
+	}
 
 	if ((current->personality == PER_SUNOS && request == PTRACE_SUNATTACH)
 	    || (current->personality != PER_SUNOS && request == PTRACE_ATTACH)) {
--- olpc-2.6-master.00/arch/v850/kernel/ptrace.c	2007-02-28 20:05:26.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/v850/kernel/ptrace.c	2007-03-01 11:52:20.000000000 -0500
@@ -24,6 +24,7 @@
 #include <linux/smp_lock.h>
 #include <linux/ptrace.h>
 #include <linux/signal.h>
+#include <linux/vs_base.h>
 
 #include <asm/errno.h>
 #include <asm/ptrace.h>
--- olpc-2.6-master.00/arch/v850/kernel/ptrace.c	2007-02-28 20:05:26.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/v850/kernel/ptrace.c	2007-03-01 11:52:20.000000000 -0500
@@ -117,6 +118,9 @@ long arch_ptrace(struct task_struct *chi
 {
 	int rval;
 
+	if (!vx_check(vx_task_xid(child), VS_WATCH_P|VS_IDENT))
+		goto out;
+
 	switch (request) {
 		unsigned long val, copied;
 
--- olpc-2.6-master.00/kernel/ptrace.c	2007-02-28 20:05:29.000000000 -0500
+++ olpc-2.6-master-vs22x.02/kernel/ptrace.c	2007-03-01 11:52:20.000000000 -0500
@@ -18,6 +18,7 @@
 #include <linux/ptrace.h>
 #include <linux/security.h>
 #include <linux/signal.h>
+#include <linux/vs_context.h>
 
 #include <asm/pgtable.h>
 #include <asm/uaccess.h>
--- olpc-2.6-master.00/kernel/ptrace.c	2007-02-28 20:05:29.000000000 -0500
+++ olpc-2.6-master-vs22x.02/kernel/ptrace.c	2007-03-01 11:52:20.000000000 -0500
@@ -144,6 +145,11 @@ static int may_attach(struct task_struct
 		dumpable = task->mm->dumpable;
 	if (!dumpable && !capable(CAP_SYS_PTRACE))
 		return -EPERM;
+	if (!vx_check(task->xid, VS_ADMIN_P|VS_IDENT))
+		return -EPERM;
+	if (!vx_check(task->xid, VS_IDENT) &&
+		!task_vx_flags(task, VXF_STATE_ADMIN, 0))
+		return -EACCES;
 
 	return security_ptrace(current, task);
 }
--- olpc-2.6-master.00/kernel/ptrace.c	2007-02-28 20:05:29.000000000 -0500
+++ olpc-2.6-master-vs22x.02/kernel/ptrace.c	2007-03-01 11:52:20.000000000 -0500
@@ -468,6 +474,10 @@ asmlinkage long sys_ptrace(long request,
 		goto out;
 	}
 
+	ret = -EPERM;
+	if (!vx_check(vx_task_xid(child), VS_WATCH_P|VS_IDENT))
+		goto out_put_task_struct;
+
 	if (request == PTRACE_ATTACH) {
 		ret = ptrace_attach(child);
 		goto out_put_task_struct;