diff --git a/kernel-patches/for-mainline/fix-aa_register.diff b/kernel-patches/for-mainline/fix-aa_register.diff
index df7664626..47f95445a 100644
--- a/kernel-patches/for-mainline/fix-aa_register.diff
+++ b/kernel-patches/for-mainline/fix-aa_register.diff
@@ -2,7 +2,7 @@ Index: b/security/apparmor/main.c
 ===================================================================
 --- a/security/apparmor/main.c
 +++ b/security/apparmor/main.c
-@@ -844,16 +844,16 @@ repeat:
+@@ -843,16 +843,16 @@ repeat:
  		 */
  		exec_mode = aa_match(profile->file_rules, filename);
  
@@ -23,7 +23,7 @@ Index: b/security/apparmor/main.c
  				AA_DEBUG("%s: UNCONSTRAINED %s\n",
  					 __FUNCTION__,
  					 filename);
-@@ -862,7 +862,7 @@ repeat:
+@@ -861,7 +861,7 @@ repeat:
  				newprofile = NULL;
  				break;
  
diff --git a/kernel-patches/for-mainline/no-new-namespaces.diff b/kernel-patches/for-mainline/no-new-namespaces.diff
new file mode 100644
index 000000000..687517cc8
--- /dev/null
+++ b/kernel-patches/for-mainline/no-new-namespaces.diff
@@ -0,0 +1,35 @@
+Index: b/security/apparmor/lsm.c
+===================================================================
+--- a/security/apparmor/lsm.c
++++ b/security/apparmor/lsm.c
+@@ -467,6 +467,22 @@ out:
+ 	return error;
+ }
+ 
++static int apparmor_task_create(unsigned long clone_flags)
++{
++	struct aa_profile *profile;
++	int error = 0;
++
++	profile = aa_get_profile(current);
++	if (profile) {
++		/* Don't allow to create new namespaces. */
++		if (clone_flags & CLONE_NEWNS)
++			error = -EPERM;
++	}
++	aa_put_profile(profile);
++
++	return error;
++}
++
+ static int apparmor_file_alloc_security(struct file *file)
+ {
+ 	struct aa_profile *profile;
+@@ -714,6 +730,7 @@ struct security_operations apparmor_ops 
+ 	.file_mmap =			apparmor_file_mmap,
+ 	.file_mprotect =		apparmor_file_mprotect,
+ 
++	.task_create =			apparmor_task_create,
+ 	.task_alloc_security =		apparmor_task_alloc_security,
+ 	.task_free_security =		apparmor_task_free_security,
+ 	.task_post_setuid =		apparmor_task_post_setuid,
diff --git a/kernel-patches/for-mainline/rework-locking-2.diff b/kernel-patches/for-mainline/rework-locking-2.diff
index 5c884a886..6250c5720 100644
--- a/kernel-patches/for-mainline/rework-locking-2.diff
+++ b/kernel-patches/for-mainline/rework-locking-2.diff
@@ -107,7 +107,7 @@ Index: b/security/apparmor/main.c
 +				new_profile = NULL;
  				break;
  
- 			case AA_EXEC_PROFILE:
+ 			case MAY_EXEC | AA_EXEC_PROFILE:
  				AA_DEBUG("%s: PROFILE %s\n",
  					 __FUNCTION__,
  					 filename);
diff --git a/kernel-patches/for-mainline/series b/kernel-patches/for-mainline/series
index ea6d5bbea..3db2d3133 100644
--- a/kernel-patches/for-mainline/series
+++ b/kernel-patches/for-mainline/series
@@ -70,7 +70,7 @@ match-changes.diff
 rename-audit_context.diff
 cleanup-aa_register.diff
 cleanup-aa_register-2.diff
-# ? fix-aa_register.diff
+fix-aa_register.diff
 rewrite-profile-list-functions.diff
 make-parent-point-to-itself.diff
 per-profile-task-contexts.diff
@@ -84,3 +84,4 @@ tell-files-from-dirs.diff
 ptrace.diff
 clarify-audit-status-handling.diff
 link-subset-check.diff
+no-new-namespaces.diff