diff -urNp --exclude CVS --exclude BitKeeper --exclude {arch} --exclude .arch-ids xx-ref/fs/hugetlbfs/inode.c xx/fs/hugetlbfs/inode.c
--- xx-ref/fs/hugetlbfs/inode.c	2004-03-31 03:58:32.000000000 +0200
+++ xx/fs/hugetlbfs/inode.c	2004-04-01 15:55:00.451516336 +0200
@@ -707,7 +707,7 @@ struct file *hugetlb_zero_setup(size_t s
 	struct qstr quick_string;
 	char buf[16];
 
-	if (!capable(CAP_IPC_LOCK))
+	if (!disable_cap_mlock && !capable(CAP_IPC_LOCK))
 		return ERR_PTR(-EPERM);
 
 	if (!is_hugepage_mem_enough(size))
diff -urNp --exclude CVS --exclude BitKeeper --exclude {arch} --exclude .arch-ids xx-ref/include/linux/capability.h xx/include/linux/capability.h
--- xx-ref/include/linux/capability.h	2003-05-14 01:56:48.000000000 +0200
+++ xx/include/linux/capability.h	2004-04-01 15:55:00.451516336 +0200
@@ -316,6 +316,8 @@ extern kernel_cap_t cap_bset;
 #define cap_lower(c, flag)   (cap_t(c) &= ~CAP_TO_MASK(flag))
 #define cap_raised(c, flag)  (cap_t(c) & CAP_TO_MASK(flag))
 
+extern int disable_cap_mlock;
+
 static inline kernel_cap_t cap_combine(kernel_cap_t a, kernel_cap_t b)
 {
      kernel_cap_t dest;
diff -urNp --exclude CVS --exclude BitKeeper --exclude {arch} --exclude .arch-ids xx-ref/include/linux/sysctl.h xx/include/linux/sysctl.h
--- xx-ref/include/linux/sysctl.h	2004-03-11 08:27:46.000000000 +0100
+++ xx/include/linux/sysctl.h	2004-04-01 15:55:30.573937032 +0200
@@ -158,6 +158,7 @@ enum
 	VM_SWAPPINESS=19,	/* Tendency to steal mapped memory */
 	VM_LOWER_ZONE_PROTECTION=20,/* Amount of protection of lower zones */
 	VM_MIN_FREE_KBYTES=21,	/* Minimum free kilobytes to maintain */
+	VM_DISABLE_CAP_MLOCK=22,/* disable CAP_IPC_LOCK checking */
 };
 
 
diff -urNp --exclude CVS --exclude BitKeeper --exclude {arch} --exclude .arch-ids xx-ref/ipc/shm.c xx/ipc/shm.c
--- xx-ref/ipc/shm.c	2004-03-31 03:58:32.000000000 +0200
+++ xx/ipc/shm.c	2004-04-01 15:55:00.454515880 +0200
@@ -505,7 +505,7 @@ asmlinkage long sys_shmctl (int shmid, i
 /* Allow superuser to lock segment in memory */
 /* Should the pages be faulted in here or leave it to user? */
 /* need to determine interaction with current->swappable */
-		if (!capable(CAP_IPC_LOCK)) {
+		if (!disable_cap_mlock && !capable(CAP_IPC_LOCK)) {
 			err = -EPERM;
 			goto out;
 		}
diff -urNp --exclude CVS --exclude BitKeeper --exclude {arch} --exclude .arch-ids xx-ref/kernel/capability.c xx/kernel/capability.c
--- xx-ref/kernel/capability.c	2003-10-31 05:56:39.000000000 +0100
+++ xx/kernel/capability.c	2004-04-01 15:55:00.474512840 +0200
@@ -14,6 +14,7 @@
 
 unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */
 kernel_cap_t cap_bset = CAP_INIT_EFF_SET;
+int disable_cap_mlock = 0;
 
 EXPORT_SYMBOL(securebits);
 EXPORT_SYMBOL(cap_bset);
diff -urNp --exclude CVS --exclude BitKeeper --exclude {arch} --exclude .arch-ids xx-ref/kernel/sysctl.c xx/kernel/sysctl.c
--- xx-ref/kernel/sysctl.c	2004-03-31 03:58:32.000000000 +0200
+++ xx/kernel/sysctl.c	2004-04-01 15:55:00.484511320 +0200
@@ -736,6 +736,14 @@ static ctl_table vm_table[] = {
 		.strategy	= &sysctl_intvec,
 		.extra1		= &zero,
 	},
+	{
+		.ctl_name	= VM_DISABLE_CAP_MLOCK,
+		.procname	= "disable_cap_mlock",
+		.data		= &disable_cap_mlock,
+		.maxlen		= sizeof(disable_cap_mlock),
+		.mode		= 0644,
+		.proc_handler	= &proc_dointvec,
+	},
 	{ .ctl_name = 0 }
 };
 
diff -urNp --exclude CVS --exclude BitKeeper --exclude {arch} --exclude .arch-ids xx-ref/mm/mlock.c xx/mm/mlock.c
--- xx-ref/mm/mlock.c	2003-10-31 05:56:45.000000000 +0100
+++ xx/mm/mlock.c	2004-04-01 15:55:00.497509344 +0200
@@ -57,7 +57,7 @@ static int do_mlock(unsigned long start,
 	struct vm_area_struct * vma, * next;
 	int error;
 
-	if (on && !capable(CAP_IPC_LOCK))
+	if (on && !disable_cap_mlock && !capable(CAP_IPC_LOCK))
 		return -EPERM;
 	len = PAGE_ALIGN(len);
 	end = start + len;
@@ -139,7 +139,7 @@ static int do_mlockall(int flags)
 	unsigned int def_flags;
 	struct vm_area_struct * vma;
 
-	if (!capable(CAP_IPC_LOCK))
+	if (!disable_cap_mlock && !capable(CAP_IPC_LOCK))
 		return -EPERM;
 
 	def_flags = 0;
diff -urNp --exclude CVS --exclude BitKeeper --exclude {arch} --exclude .arch-ids xx-ref/mm/mmap.c xx/mm/mmap.c
--- xx-ref/mm/mmap.c	2004-03-31 03:58:32.000000000 +0200
+++ xx/mm/mmap.c	2004-04-01 15:55:00.510507368 +0200
@@ -530,7 +530,7 @@ unsigned long do_mmap_pgoff(struct file 
 			mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
 
 	if (flags & MAP_LOCKED) {
-		if (!capable(CAP_IPC_LOCK))
+		if (!disable_cap_mlock && !capable(CAP_IPC_LOCK))
 			return -EPERM;
 		vm_flags |= VM_LOCKED;
 	}