Vserver is a patch that implements BSD jail style virtual host semantics
inside Linux, where every process not only runs in its own namespace (it
reuses the chroot code for that, should switch to CLONE_NEWNS for 2.6),
but also its own hostname and IP address as well as its own view of
/proc.

Because of that added functionality, it needs more than what is
available in the LSM framework (which can only allow/deny permissions,
not alter return values).

The source code has been running stable for the last few years and is in
use at quite a few service providers.  The Fedora project also wants to
use vserver for their build system.  However, vserver for 2.4 just tacks
their syscalls onto the end of the syscall table and the userland tools
find those "dynamic numbers" somehow ...  EWWWW.

For 2.6 I'd like to do things right.  At the moment the vserver patch
has sys_new_s_context and sys_set_ipv4root calls, but since we'll
probably end up getting an ipv6 call too and people are planning future
functionality, I guess it would be more appropriate to multiplex these
through one sys_vserver patch, in the same way sys_ipc works.

For your reference, you can find more information about
vserver on these pages:

	http://www.13thfloor.at/VServer/
	http://www.solucorp.qc.ca/miscprj/s_context.hc

I estimate the project has about a dozen developers now.  We are
planning on making the implementation for 2.6 fairly lightweight,
reusing infrastructure from other code where possible and only doing
things through sys_vserver where there is no other way.

This small change just adds sys_vserver to the syscall table.