diff --git a/kernel/main.c b/kernel/main.c
index e521011b8..5b2707acf 100755
--- a/kernel/main.c
+++ b/kernel/main.c
@@ -73,6 +73,8 @@ PUBLIC void main()
   ktsb = (reg_t) t_stack;
 
   for (i=0; i < NR_BOOT_PROCS; ++i) {
+	int ci;
+	bitchunk_t fv;
 	ip = &image[i];				/* process' attributes */
 	rp = proc_addr(ip->proc_nr);		/* get process pointer */
 	ip->endpoint = rp->p_endpoint;		/* ipc endpoint */
@@ -84,7 +86,23 @@ PUBLIC void main()
 	(void) get_priv(rp, (ip->flags & SYS_PROC));    /* assign structure */
 	priv(rp)->s_flags = ip->flags;			/* process flags */
 	priv(rp)->s_trap_mask = ip->trap_mask;		/* allowed traps */
-	priv(rp)->s_call_mask = ip->call_mask;		/* kernel call mask */
+
+	/* Initialize call mask bitmap from unordered set.
+	 * A single SYS_ALL_CALLS is a special case - it
+	 * means all calls are allowed.
+	 */
+	if(ip->nr_k_calls == 1 && ip->k_calls[0] == SYS_ALL_CALLS)
+		fv = ~0;		/* fill call mask */
+	else
+		fv = 0;			/* clear call mask */
+
+	for(ci = 0; ci < CALL_MASK_SIZE; ci++) 	/* fill or clear call mask */
+		priv(rp)->s_k_call_mask[ci] = fv;
+	if(!fv)			/* not all full? enter calls bit by bit */
+		for(ci = 0; ci < ip->nr_k_calls; ci++)
+			SET_BIT(priv(rp)->s_k_call_mask,
+				ip->k_calls[ci]-KERNEL_CALL);
+
 	priv(rp)->s_ipc_to.chunk[0] = ip->ipc_to;	/* restrict targets */
 	if (iskerneln(proc_nr(rp))) {		/* part of the kernel? */ 
 		if (ip->stksize > 0) {		/* HARDWARE stack size is 0 */
@@ -185,7 +203,7 @@ PRIVATE void announce(void)
 #if (CHIP == INTEL)
   /* Real mode, or 16/32-bit protected mode? */
   kprintf("Executing in %s mode.\n\n",
-      machine.protected ? "32-bit protected" : "real");
+      machine.prot ? "32-bit protected" : "real");
 #endif
 }
 
diff --git a/kernel/priv.h b/kernel/priv.h
index 02c1d0ca1..78668aded 100755
--- a/kernel/priv.h
+++ b/kernel/priv.h
@@ -33,7 +33,10 @@ struct priv {
   short s_trap_mask;		/* allowed system call traps */
   sys_map_t s_ipc_from;		/* allowed callers to receive from */
   sys_map_t s_ipc_to;		/* allowed destination processes */
-  long s_call_mask;		/* allowed kernel calls */
+
+  /* allowed kernel calls */
+#define CALL_MASK_SIZE BITMAP_CHUNKS(NR_SYS_CALLS)
+  bitchunk_t s_k_call_mask[CALL_MASK_SIZE];  
 
   sys_map_t s_notify_pending;  	/* bit map with pending notifications */
   irq_id_t s_int_pending;	/* pending hardware interrupts */
@@ -51,6 +54,8 @@ struct priv {
 
   int s_nr_irq;			/* allowed IRQ lines */
   int s_irq_tab[NR_IRQ];
+  vir_bytes s_grant_table;	/* grant table address of process, or 0 */
+  int s_grant_entries;		/* no. of entries, or 0 */
 };
 
 /* Guard word for task stacks. */
diff --git a/kernel/table.c b/kernel/table.c
index 3460ac182..ec53a0466 100755
--- a/kernel/table.c
+++ b/kernel/table.c
@@ -65,7 +65,8 @@ PUBLIC char *t_stack[TOT_STACK_SPACE / sizeof(char *)];
  * can be directly copied onto map[0] of the actual send mask. Privilege
  * structure 0 is shared by user processes. 
  */
-#define s(n)		(1 << s_nr_to_id(n))
+#define s(n)	(1 << (s_nr_to_id(n)))
+#define NUL_M   0
 #define SRV_M	(~0)
 #define SYS_M	(~0)
 #define USR_M (s(PM_PROC_NR) | s(FS_PROC_NR) | s(RS_PROC_NR) | s(SYSTEM))
@@ -75,16 +76,24 @@ PUBLIC char *t_stack[TOT_STACK_SPACE / sizeof(char *)];
  * very nice, but we need to define the access rights on a per call basis. 
  * Note that the reincarnation server has all bits on, because it should
  * be allowed to distribute rights to services that it starts. 
+ * 
+ * Calls are unordered lists, converted by the kernel to bitmasks
+ * once at runtime.
  */
-#define c(n)	(1 << ((n)-KERNEL_CALL))
-#define RS_C	~0	
-#define DS_C	~0	
-#define PM_C	~(c(SYS_DEVIO) | c(SYS_SDEVIO) | c(SYS_VDEVIO) | c(SYS_IRQCTL) | c(SYS_INT86))
-#define FS_C	(c(SYS_KILL) | c(SYS_VIRCOPY) | c(SYS_VIRVCOPY) | c(SYS_UMAP) | c(SYS_GETINFO) | c(SYS_EXIT) | c(SYS_TIMES) | c(SYS_SETALARM) | c(SYS_TRACE))
-#define DRV_C (FS_C | c(SYS_SEGCTL) | c(SYS_IRQCTL) | c(SYS_INT86) | c(SYS_DEVIO) | c(SYS_SDEVIO) | c(SYS_VDEVIO))
-#define TTY_C (DRV_C | c(SYS_ABORT) | c(SYS_VM_MAP) | c(SYS_IOPENABLE))
-#define MEM_C	(DRV_C | c(SYS_PHYSCOPY) | c(SYS_PHYSVCOPY) | c(SYS_VM_MAP) | \
-	c(SYS_IOPENABLE))
+#define FS_C SYS_KILL, SYS_VIRCOPY, SYS_SAFECOPYFROM, SYS_SAFECOPYTO, \
+    SYS_VIRVCOPY, SYS_UMAP, SYS_GETINFO, SYS_EXIT, SYS_TIMES, SYS_SETALARM, \
+    SYS_PRIVCTL, SYS_TRACE 
+#define DRV_C	FS_C, SYS_SEGCTL, SYS_IRQCTL, SYS_INT86, SYS_DEVIO, \
+	SYS_SDEVIO, SYS_VDEVIO 
+
+PRIVATE int
+  fs_c[] = { FS_C },
+  pm_c[] = { SYS_ALL_CALLS },
+  rs_c[] = { SYS_ALL_CALLS },
+  ds_c[] = { SYS_ALL_CALLS },
+  drv_c[] = { DRV_C },
+  tty_c[] = { DRV_C, SYS_ABORT, SYS_VM_MAP, SYS_IOPENABLE },
+  mem_c[] = { DRV_C, SYS_PHYSCOPY, SYS_PHYSVCOPY, SYS_VM_MAP, SYS_IOPENABLE };
 
 /* The system image table lists all programs that are part of the boot image. 
  * The order of the entries here MUST agree with the order of the programs
@@ -96,20 +105,23 @@ PUBLIC char *t_stack[TOT_STACK_SPACE / sizeof(char *)];
  *
  * Note: the quantum size must be positive in all cases! 
  */
+#define c(calls) calls, (sizeof(calls) / sizeof((calls)[0]))
+#define no_c { 0 }, 0
+
 PUBLIC struct boot_image image[] = {
-/* process nr,   pc, flags, qs,  queue, stack, traps, ipcto, call,  name */ 
- { IDLE,  idle_task, IDL_F,  8, IDLE_Q, IDL_S,     0,     0,     0, "idle"  },
- { CLOCK,clock_task, TSK_F,  8, TASK_Q, TSK_S, TSK_T,     0,     0, "clock" },
- { SYSTEM, sys_task, TSK_F,  8, TASK_Q, TSK_S, TSK_T,     0,     0, "system"},
- { HARDWARE,      0, TSK_F,  8, TASK_Q, HRD_S,     0,     0,     0, "kernel"},
- { PM_PROC_NR,    0, SRV_F, 32,      3, 0,     SRV_T, SRV_M,  PM_C, "pm"    },
- { FS_PROC_NR,    0, SRV_F, 32,      4, 0,     SRV_T, SRV_M,  FS_C, "fs"    },
- { RS_PROC_NR,    0, SRV_F,  4,      3, 0,     SRV_T, SYS_M,  RS_C, "rs"    },
- { DS_PROC_NR,    0, SRV_F,  4,      3, 0,     SRV_T, SYS_M,  DS_C, "ds"    },
- { TTY_PROC_NR,   0, SRV_F,  4,      1, 0,     SRV_T, SYS_M, TTY_C, "tty"   },
- { MEM_PROC_NR,   0, SRV_F,  4,      2, 0,     SRV_T, SYS_M, MEM_C, "mem"   },
- { LOG_PROC_NR,   0, SRV_F,  4,      2, 0,     SRV_T, SYS_M, DRV_C, "log"   },
- { INIT_PROC_NR,  0, USR_F,  8, USER_Q, 0,     USR_T, USR_M,     0, "init"  },
+/* process nr, pc,flags, qs,  queue, stack, traps, ipcto, call,  name */ 
+{IDLE,  idle_task,IDL_F,  8, IDLE_Q, IDL_S,     0,     0, no_c,"idle"  },
+{CLOCK,clock_task,TSK_F,  8, TASK_Q, TSK_S, TSK_T,     0, no_c,"clock" },
+{SYSTEM, sys_task,TSK_F,  8, TASK_Q, TSK_S, TSK_T,     0, no_c,"system"},
+{HARDWARE,      0,TSK_F,  8, TASK_Q, HRD_S,     0,     0, no_c,"kernel"},
+{PM_PROC_NR,    0,SRV_F, 32,      3, 0,     SRV_T, SRV_M, c(pm_c),"pm"    },
+{FS_PROC_NR,    0,SRV_F, 32,      4, 0,     SRV_T, SRV_M, c(fs_c),"fs"    },
+{RS_PROC_NR,    0,SRV_F,  4,      3, 0,     SRV_T, SYS_M, c(rs_c),"rs"    },
+{DS_PROC_NR,    0,SRV_F,  4,      3, 0,     SRV_T, SYS_M, c(ds_c),"ds"    },
+{TTY_PROC_NR,   0,SRV_F,  4,      1, 0,     SRV_T, SYS_M,c(tty_c),"tty"   },
+{MEM_PROC_NR,   0,SRV_F,  4,      2, 0,     SRV_T, SYS_M,c(mem_c),"memory"},
+{LOG_PROC_NR,   0,SRV_F,  4,      2, 0,     SRV_T, SYS_M,c(drv_c),"log"   },
+{INIT_PROC_NR,  0,USR_F,  8, USER_Q, 0,     USR_T, USR_M, no_c,"init"  },
 };
 
 /* Verify the size of the system image table at compile time. Also verify that 
diff --git a/kernel/type.h b/kernel/type.h
index 0d51f5527..7c5e53d57 100755
--- a/kernel/type.h
+++ b/kernel/type.h
@@ -1,6 +1,8 @@
 #ifndef TYPE_H
 #define TYPE_H
 
+#include <minix/com.h>
+
 typedef _PROTOTYPE( void task_t, (void) );
 
 /* Process table and system property related types. */ 
@@ -19,9 +21,10 @@ struct boot_image {
   int stksize;				/* stack size for tasks */
   short trap_mask;			/* allowed system call traps */
   bitchunk_t ipc_to;			/* send mask protection */
-  long call_mask;			/* system call protection */
+  int *k_calls;				/* kern. call protection */
+  int nr_k_calls;
   char proc_name[P_NAME_LEN];		/* name in process table */
-  int endpoint;				/* endpoint number when started */
+  endpoint_t endpoint;			/* endpoint number when started */
 };
 
 struct memory {