--- olpc-2.6-master.00/ipc/msg.c	2007-02-28 20:05:29.000000000 -0500
+++ olpc-2.6-master-vs22x.02/ipc/msg.c	2007-03-01 11:52:20.000000000 -0500
@@ -925,6 +927,9 @@ static int sysvipc_msg_proc_show(struct 
 {
 	struct msg_queue *msq = it;
 
+	if (!vx_check(msq->q_perm.xid, VS_WATCH_P|VS_IDENT))
+		return 0;
+
 	return seq_printf(s,
 			"%10d %10d  %4o  %10lu %10lu %5u %5u %5u %5u %5u %5u %10lu %10lu %10lu\n",
 			msq->q_perm.key,
--- olpc-2.6-master.00/ipc/sem.c	2007-02-28 20:05:29.000000000 -0500
+++ olpc-2.6-master-vs22x.02/ipc/sem.c	2007-03-01 11:52:20.000000000 -0500
@@ -1402,6 +1411,9 @@ static int sysvipc_sem_proc_show(struct 
 {
 	struct sem_array *sma = it;
 
+	if (!vx_check(sma->sem_perm.xid, VS_WATCH_P|VS_IDENT))
+		return 0;
+
 	return seq_printf(s,
 			  "%10d %10d  %4o %10lu %5u %5u %5u %5u %10lu %10lu\n",
 			  sma->sem_perm.key,
--- olpc-2.6-master.00/ipc/shm.c	2007-02-28 20:05:29.000000000 -0500
+++ olpc-2.6-master-vs22x.02/ipc/shm.c	2007-03-01 11:53:25.000000000 -0500
@@ -1063,6 +1076,9 @@ static int sysvipc_shm_proc_show(struct 
 #define SMALL_STRING "%10d %10d  %4o %10u %5u %5u  %5d %5u %5u %5u %5u %10lu %10lu %10lu\n"
 #define BIG_STRING   "%10d %10d  %4o %21u %5u %5u  %5d %5u %5u %5u %5u %10lu %10lu %10lu\n"
 
+	if (!vx_check(shp->shm_perm.xid, VS_WATCH_P|VS_IDENT))
+		return 0;
+
 	if (sizeof(size_t) <= sizeof(int))
 		format = SMALL_STRING;
 	else
--- olpc-2.6-master.00/ipc/util.c	2007-02-28 20:05:29.000000000 -0500
+++ olpc-2.6-master-vs22x.02/ipc/util.c	2007-03-01 11:52:20.000000000 -0500
@@ -260,7 +264,9 @@ int ipc_findkey(struct ipc_ids* ids, key
 	 */
 	for (id = 0; id <= max_id; id++) {
 		p = ids->entries->p[id];
-		if(p==NULL)
+		if (p==NULL)
+			continue;
+		if (!vx_check(p->xid, VS_WATCH_P|VS_IDENT))
 			continue;
 		if (key == p->key)
 			return id;
--- olpc-2.6-master.00/ipc/util.c	2007-02-28 20:05:29.000000000 -0500
+++ olpc-2.6-master-vs22x.02/ipc/util.c	2007-03-01 11:52:20.000000000 -0500
@@ -578,6 +584,9 @@ int ipcperms (struct kern_ipc_perm *ipcp
 
 	if (unlikely((err = audit_ipc_obj(ipcp))))
 		return err;
+
+	if (!vx_check(ipcp->xid, VS_WATCH_P|VS_IDENT)) /* maybe just VS_IDENT? */
+		return -1;
 	requested_mode = (flag >> 6) | (flag >> 3) | flag;
 	granted_mode = ipcp->mode;
 	if (current->euid == ipcp->cuid || current->euid == ipcp->uid)