1. unpack vanilla kernel
2. patch with latest grsec (check for rejects/problems)
3. patch with latest vserver
4. fix all rejects
5. recheck all patches with a fuzz, then just the offsets (some patches occur with a fuzz or in just the plain wrong place because of the previous patch applied)
6. special requirements to check...:
- fs->users has become an atomic_t instead of an int, so change all uses to atomic_* implementations according to the kernel API...
http://people.nl.linux.org/ftp/pub/anoncvs/kernelnewbies/documents/kdoc/kernel-api/x71.html
- watch out with all atomic_t values... some are meant to overflow, so make them atomic_unchecked_t so they don't cause a kernel panic

7. last one... test!
8. diff -NurpP --minimal <srctree> <dsttree> > patch-<kernelversion>-vs<version>-grsec<version>-<date>.diff