More leading whitespace cleanup. Change AppArmor patches over to -p ab style (paths start with a/ or b/ instead of dir.old/ and dir/).

2025-09-03 15:55:46 +00:00 · 2007-02-07 01:15:19 +00:00
parent 69b741c8f6
commit 310b93e9a0
16 changed files with 1368 additions and 1368 deletions
--- a/kernel-patches/for-mainline/apparmor-aa_-to-aa.diff
+++ b/kernel-patches/for-mainline/apparmor-aa_-to-aa.diff
@@ -1,7 +1,7 @@
-Index: linux-2.6/security/apparmor/apparmor.h
+Index: b/security/apparmor/apparmor.h
 ===================================================================
--- linux-2.6.orig/security/apparmor/apparmor.h
+--- a/security/apparmor/apparmor.h
-+++ linux-2.6/security/apparmor/apparmor.h
+++ b/security/apparmor/apparmor.h
@@ -45,14 +45,14 @@ extern int apparmor_logsyscall;
  * which is not related to profile accesses.
  */
@@ -252,10 +252,10 @@ Index: linux-2.6/security/apparmor/apparmor.h
 +unsigned int aamatch(struct aadfa *dfa, const char *pathname);
 #endif				/* __APPARMOR_H */
-Index: linux-2.6/security/apparmor/apparmorfs.c
+Index: b/security/apparmor/apparmorfs.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/apparmorfs.c
+--- a/security/apparmor/apparmorfs.c
-+++ linux-2.6/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -19,56 +19,56 @@
 #include "inline.h"
@@ -546,10 +546,10 @@ Index: linux-2.6/security/apparmor/apparmorfs.c
 +	if (AAFS_DENTRY)
 		clear_apparmorfs();
 }
-Index: linux-2.6/security/apparmor/inline.h
+Index: b/security/apparmor/inline.h
 ===================================================================
--- linux-2.6.orig/security/apparmor/inline.h
+--- a/security/apparmor/inline.h
-+++ linux-2.6/security/apparmor/inline.h
+++ b/security/apparmor/inline.h
@@ -12,42 +12,42 @@
 #include <linux/sched.h>
@@ -815,10 +815,10 @@ Index: linux-2.6/security/apparmor/inline.h
 		}
 	}
 	return NULL;
-Index: linux-2.6/security/apparmor/list.c
+Index: b/security/apparmor/list.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/list.c
+--- a/security/apparmor/list.c
-+++ linux-2.6/security/apparmor/list.c
+++ b/security/apparmor/list.c
@@ -22,45 +22,45 @@ static LIST_HEAD(subdomain_list);
 static rwlock_t subdomain_lock = RW_LOCK_UNLOCKED;
@@ -1045,10 +1045,10 @@ Index: linux-2.6/security/apparmor/list.c
 	seq_printf(f, "%s (%s)\n", profile->name,
 		   PROFILE_COMPLAIN(profile) ? "complain" : "enforce");
 	return 0;
-Index: linux-2.6/security/apparmor/main.c
+Index: b/security/apparmor/main.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/main.c
+--- a/security/apparmor/main.c
-+++ linux-2.6/security/apparmor/main.c
+++ b/security/apparmor/main.c
@@ -28,20 +28,20 @@
  * can be associated to files which keep their reference even if apparmor is
  * unloaded
@@ -1216,14 +1216,15 @@ Index: linux-2.6/security/apparmor/main.c
 		if (l_mode == t_mode)
 			ret = 0;
-@@ -194,25 +194,25 @@ static int aa_link_perm(struct aa_profil
+@@ -194,26 +194,26 @@ static int aa_link_perm(struct aa_profil
 	return ret;
 }
 -static int _aa_perm_vfsmount(struct aa_profile *active, struct dentry *dentry,
-                      struct vfsmount *mnt, struct aa_audit *sa, int mask)
+-			     struct vfsmount *mnt, struct aa_audit *sa,
 +static int _aaperm_vfsmount(struct aaprofile *active, struct dentry *dentry,
-+                      struct vfsmount *mnt, struct aaaudit *sa, int mask)
+			     struct vfsmount *mnt, struct aaaudit *sa,
 			     int mask)
 {
 	int permerror, error;
@@ -1249,7 +1250,7 @@ Index: linux-2.6/security/apparmor/main.c
 	return error;
 }
-@@ -227,12 +227,12 @@ static int _aa_perm_vfsmount(struct aa_p
+@@ -228,12 +228,12 @@ static int _aa_perm_vfsmount(struct aa_p
  *
  * Return %0 (success) or error (-%ENOMEM)
  */
@@ -1265,7 +1266,7 @@ Index: linux-2.6/security/apparmor/main.c
 	if (!hat)
 		goto fail;
 	if (profile->flags.complain)
-@@ -252,7 +252,7 @@ int attach_nullprofile(struct aa_profile
+@@ -253,7 +253,7 @@ int attach_nullprofile(struct aa_profile
 fail:
 	kfree(hatname);
@@ -1274,7 +1275,7 @@ Index: linux-2.6/security/apparmor/main.c
 	return -ENOMEM;
 }
-@@ -265,7 +265,7 @@ fail:
+@@ -266,7 +266,7 @@ fail:
  */
 int alloc_null_complain_profile(void)
 {
@@ -1283,7 +1284,7 @@ Index: linux-2.6/security/apparmor/main.c
 	if (!null_complain_profile)
 		goto fail;
-@@ -282,8 +282,8 @@ int alloc_null_complain_profile(void)
+@@ -283,8 +283,8 @@ int alloc_null_complain_profile(void)
 	return 0;
 fail:
@@ -1294,7 +1295,7 @@ Index: linux-2.6/security/apparmor/main.c
 	null_complain_profile = NULL;
 	return -ENOMEM;
-@@ -294,24 +294,24 @@ fail:
+@@ -295,24 +295,24 @@ fail:
  */
 void free_null_complain_profile(void)
 {
@@ -1324,7 +1325,7 @@ Index: linux-2.6/security/apparmor/main.c
 	sa.name = fmt;
 	va_start(sa.vaval, fmt);
 	sa.flags = flags;
-@@ -319,7 +319,7 @@ int aa_audit_message(struct aa_profile *
+@@ -320,7 +320,7 @@ int aa_audit_message(struct aa_profile *
 	sa.error_code = 0;
 	sa.result = 0;	/* fake failure: force message to be logged */
@@ -1333,7 +1334,7 @@ Index: linux-2.6/security/apparmor/main.c
 	va_end(sa.vaval);
-@@ -327,32 +327,32 @@ int aa_audit_message(struct aa_profile *
+@@ -328,32 +328,32 @@ int aa_audit_message(struct aa_profile *
 }
 /**
@@ -1373,7 +1374,7 @@ Index: linux-2.6/security/apparmor/main.c
 {
 	struct audit_buffer *ab = NULL;
 	struct audit_context *ctx;
-@@ -366,7 +366,7 @@ int aa_audit(struct aa_profile *active, 
+@@ -367,7 +367,7 @@ int aa_audit(struct aa_profile *active, 
 	const gfp_t gfp_mask = sa->gfp_mask;
@@ -1382,7 +1383,7 @@ Index: linux-2.6/security/apparmor/main.c
 	/*
 	 * sa->result:	  1 success, 0 failure
-@@ -388,13 +388,13 @@ int aa_audit(struct aa_profile *active, 
+@@ -389,13 +389,13 @@ int aa_audit(struct aa_profile *active, 
 		audit_log(current->audit_context, gfp_mask, AUDIT_SD,
 			"Internal error auditing event type %d (error %d)",
 			sa->type, sa->error_code);
@@ -1400,7 +1401,7 @@ Index: linux-2.6/security/apparmor/main.c
 		 */
 		logcls = "REJECTING";
 	} else {
-@@ -407,23 +407,23 @@ int aa_audit(struct aa_profile *active, 
+@@ -408,23 +408,23 @@ int aa_audit(struct aa_profile *active, 
 	 */
 	flags = sa->flags;
 	if (apparmor_logsyscall)
@@ -1428,7 +1429,7 @@ Index: linux-2.6/security/apparmor/main.c
 			sa->type);
 		if (complain)
 			error = 0;
-@@ -431,7 +431,7 @@ int aa_audit(struct aa_profile *active, 
+@@ -432,7 +432,7 @@ int aa_audit(struct aa_profile *active, 
 	}
 	/* messages get special handling */
@@ -1437,7 +1438,7 @@ Index: linux-2.6/security/apparmor/main.c
 		audit_log_vformat(ab, sa->name, sa->vaval);
 		audit_log_end(ab);
 		error = 0;
-@@ -442,23 +442,23 @@ int aa_audit(struct aa_profile *active, 
+@@ -443,23 +443,23 @@ int aa_audit(struct aa_profile *active, 
 	audit_log_format(ab, "%s ", logcls);	/* REJECTING/ALLOWING/etc */
@@ -1469,7 +1470,7 @@ Index: linux-2.6/security/apparmor/main.c
 		struct iattr *iattr = (struct iattr*)sa->pval;
 		audit_log_format(ab,
-@@ -474,25 +474,25 @@ int aa_audit(struct aa_profile *active, 
+@@ -475,25 +475,25 @@ int aa_audit(struct aa_profile *active, 
 			iattr->ia_valid & ATTR_CTIME ? "ctime," : "",
 			sa->name);
@@ -1499,7 +1500,7 @@ Index: linux-2.6/security/apparmor/main.c
 		audit_log_format(ab, "access to syscall '%s' ", sa->name);
 		opspec_error = -EPERM;
-@@ -517,14 +517,14 @@ out:
+@@ -518,14 +518,14 @@ out:
 }
 /**
@@ -1517,7 +1518,7 @@ Index: linux-2.6/security/apparmor/main.c
 {
 	char *page, *name;
-@@ -550,7 +550,7 @@ char *aa_get_name(struct dentry *dentry,
+@@ -551,7 +551,7 @@ char *aa_get_name(struct dentry *dentry,
 		    size > deleted_size &&
 		    strcmp(name + size - deleted_size, deleted_str) == 0)
 			name[size - deleted_size] = '\0';
@@ -1526,7 +1527,7 @@ Index: linux-2.6/security/apparmor/main.c
 	}
 out:
-@@ -562,29 +562,29 @@ out:
+@@ -563,29 +563,29 @@ out:
  ***********************************/
 /**
@@ -1562,7 +1563,7 @@ Index: linux-2.6/security/apparmor/main.c
  * @active: profile to check against
  * @dentry: file to check
  * @mnt: mount of file to check
-@@ -592,26 +592,26 @@ int aa_attr(struct aa_profile *active, s
+@@ -593,26 +593,26 @@ int aa_attr(struct aa_profile *active, s
  * @xattr_name: name of xattr to check
  * @mask: access mode requested
  */
@@ -1594,7 +1595,7 @@ Index: linux-2.6/security/apparmor/main.c
  * @active: profile to check against
  * @dentry: dentry
  * @mnt: mountpoint
-@@ -620,27 +620,27 @@ int aa_perm_xattr(struct aa_profile *act
+@@ -621,27 +621,27 @@ int aa_perm_xattr(struct aa_profile *act
  * Determine if access (mask) for dentry is authorized by active
  * profile.  Result, %0 (success), -ve (error)
  */
@@ -1628,7 +1629,7 @@ Index: linux-2.6/security/apparmor/main.c
  * @active: profile to check against
  * @dentry: requested dentry
  * @mnt: mount of file to check
-@@ -651,33 +651,33 @@ out:
+@@ -652,33 +652,33 @@ out:
  * by @active profile.
  * Result, %0 (success), -ve (error)
  */
@@ -1670,7 +1671,7 @@ Index: linux-2.6/security/apparmor/main.c
 	sa.name = NULL;
 	sa.capability = cap;
 	sa.flags = 0;
-@@ -685,27 +685,27 @@ int aa_capability(struct aa_profile *act
+@@ -686,27 +686,27 @@ int aa_capability(struct aa_profile *act
 	sa.result = cap_raised(active->capabilities, cap);
 	sa.gfp_mask = GFP_ATOMIC;
@@ -1693,43 +1694,42 @@ Index: linux-2.6/security/apparmor/main.c
 	    struct dentry *link, struct vfsmount *link_mnt,
 	    struct dentry *target, struct vfsmount *target_mnt)
 {
-         int permerror = -EPERM, error;
+ 	int permerror = -EPERM, error;
 -	struct aa_audit sa;
 +	struct aaaudit sa;
-        sa.name = aa_get_name(link, link_mnt);
+-	sa.name = aa_get_name(link, link_mnt);
-        sa.pval = aa_get_name(target, target_mnt);
+-	sa.pval = aa_get_name(target, target_mnt);
-+        sa.name = aaget_name(link, link_mnt);
+	sa.name = aaget_name(link, link_mnt);
-+        sa.pval = aaget_name(target, target_mnt);
+	sa.pval = aaget_name(target, target_mnt);
-         if (IS_ERR(sa.name)) {
+ 	if (IS_ERR(sa.name)) {
-                 permerror = PTR_ERR(sa.name);
+ 		permerror = PTR_ERR(sa.name);
-@@ -717,18 +717,18 @@ int aa_link(struct aa_profile *active,
+@@ -718,18 +718,18 @@ int aa_link(struct aa_profile *active,
 	}
 	if (sa.name && sa.pval)
 -		permerror = aa_link_perm(active, sa.name, sa.pval);
 +		permerror = aalink_perm(active, sa.name, sa.pval);
-        aa_permerror2result(permerror, &sa);
+-	aa_permerror2result(permerror, &sa);
-+        aapermerror2result(permerror, &sa);
+	aapermerror2result(permerror, &sa);
-	sa.type = AA_AUDITTYPE_LINK;
+ 	sa.type = AA_AUDITTYPE_LINK;
 +	sa.type = AAAUDITTYPE_LINK;
 	sa.flags = 0;
 	sa.gfp_mask = GFP_KERNEL;
 -	error = aa_audit(active, &sa);
 +	error = aaaudit(active, &sa);
-        aa_put_name(sa.name);
+-	aa_put_name(sa.name);
-        aa_put_name(sa.pval);
+-	aa_put_name(sa.pval);
-+        aaput_name(sa.name);
+	aaput_name(sa.name);
-+        aaput_name(sa.pval);
+	aaput_name(sa.pval);
-         return error;
+ 	return error;
 }
-@@ -738,27 +738,27 @@ int aa_link(struct aa_profile *active,
+@@ -739,27 +739,27 @@ int aa_link(struct aa_profile *active,
  *******************************/
 /**
@@ -1763,7 +1763,7 @@ Index: linux-2.6/security/apparmor/main.c
 		unsigned long flags;
 		newsd = alloc_subdomain(p);
-@@ -771,7 +771,7 @@ int aa_fork(struct task_struct *p)
+@@ -772,7 +772,7 @@ int aa_fork(struct task_struct *p)
 		 * new reference to be consistent.
 		 */
 		spin_lock_irqsave(&sd_lock, flags);
@@ -1772,7 +1772,7 @@ Index: linux-2.6/security/apparmor/main.c
 		newsd->hat_magic = sd->hat_magic;
 		spin_unlock_irqrestore(&sd_lock, flags);
-@@ -786,18 +786,18 @@ int aa_fork(struct task_struct *p)
+@@ -787,18 +787,18 @@ int aa_fork(struct task_struct *p)
 }
 /**
@@ -1795,7 +1795,7 @@ Index: linux-2.6/security/apparmor/main.c
 	int 	error = -ENOMEM,
 		exec_mode = 0,
 		find_profile = 0,
-@@ -805,17 +805,17 @@ int aa_register(struct linux_binprm *bpr
+@@ -806,17 +806,17 @@ int aa_register(struct linux_binprm *bpr
 		complain = 0,
 		unsafe_exec = 0;
@@ -1817,7 +1817,7 @@ Index: linux-2.6/security/apparmor/main.c
 	if (!active) {
 		/* Unconfined task, load profile if it exists */
-@@ -828,22 +828,22 @@ int aa_register(struct linux_binprm *bpr
+@@ -829,22 +829,22 @@ int aa_register(struct linux_binprm *bpr
 	/* Confined task, determine what mode inherit, unconstrained or
 	 * mandatory to load new profile
 	 */
@@ -1848,7 +1848,7 @@ Index: linux-2.6/security/apparmor/main.c
 				 __FUNCTION__,
 				 filename);
-@@ -851,8 +851,8 @@ int aa_register(struct linux_binprm *bpr
+@@ -852,8 +852,8 @@ int aa_register(struct linux_binprm *bpr
 			newprofile = &unconstrained_flag;
 			break;
@@ -1859,7 +1859,7 @@ Index: linux-2.6/security/apparmor/main.c
 				 __FUNCTION__,
 				 filename);
-@@ -860,13 +860,13 @@ int aa_register(struct linux_binprm *bpr
+@@ -861,13 +861,13 @@ int aa_register(struct linux_binprm *bpr
 			find_profile_mandatory = 1;
 			break;
@@ -1876,7 +1876,7 @@ Index: linux-2.6/security/apparmor/main.c
 				"(%s(%d) profile %s active %s\n",
 				 __FUNCTION__,
 				 filename,
-@@ -876,7 +876,7 @@ int aa_register(struct linux_binprm *bpr
+@@ -877,7 +877,7 @@ int aa_register(struct linux_binprm *bpr
 			break;
 		default:
@@ -1885,7 +1885,7 @@ Index: linux-2.6/security/apparmor/main.c
 				 "Unknown exec qualifier %x "
 				 "(%s (pid %d) profile %s active %s)\n",
 				 __FUNCTION__,
-@@ -893,10 +893,10 @@ int aa_register(struct linux_binprm *bpr
+@@ -894,10 +894,10 @@ int aa_register(struct linux_binprm *bpr
 		 * describing mode to execute image in.
 		 * Drop into null-profile (disabling secure exec).
 		 */
@@ -1898,7 +1898,7 @@ Index: linux-2.6/security/apparmor/main.c
 			"Unable to determine exec qualifier "
 			"(%s (pid %d) profile %s active %s)\n",
 			__FUNCTION__,
-@@ -912,9 +912,9 @@ find_profile:
+@@ -913,9 +913,9 @@ find_profile:
 		goto apply_profile;
 	/* Locate new profile */
@@ -1910,7 +1910,7 @@ Index: linux-2.6/security/apparmor/main.c
 			 __FUNCTION__, newprofile->name);
 	} else if (find_profile_mandatory) {
 		/* Profile (mandatory) could not be found */
-@@ -926,9 +926,9 @@ find_profile:
+@@ -927,9 +927,9 @@ find_profile:
 				current->pid,
 				BASE_PROFILE(active)->name, active->name);
@@ -1922,7 +1922,7 @@ Index: linux-2.6/security/apparmor/main.c
 				"Profile mandatory and not found "
 				"(%s(%d) profile %s active %s)\n",
 				filename,
-@@ -945,7 +945,7 @@ find_profile:
+@@ -946,7 +946,7 @@ find_profile:
 		WARN_ON(active);
@@ -1931,7 +1931,7 @@ Index: linux-2.6/security/apparmor/main.c
 			 __FUNCTION__,
 			 filename);
 	} /* newprofile */
-@@ -978,15 +978,15 @@ apply_profile:
+@@ -979,15 +979,15 @@ apply_profile:
 		 *   the transition occured before replacement.
 		 *
 		 * - If newprofile points to an actual profile (result of
@@ -1950,7 +1950,7 @@ Index: linux-2.6/security/apparmor/main.c
 					 __FUNCTION__);
 				error = -ENOMEM;
 				goto cleanup;
-@@ -995,7 +995,7 @@ apply_profile:
+@@ -996,7 +996,7 @@ apply_profile:
 		spin_lock_irqsave(&sd_lock, flags);
@@ -1959,7 +1959,7 @@ Index: linux-2.6/security/apparmor/main.c
 		if (lazy_sd) {
 			if (sd) {
 				/* raced by setprofile - created sd */
-@@ -1016,10 +1016,10 @@ apply_profile:
+@@ -1017,10 +1017,10 @@ apply_profile:
 		if (newprofile && unlikely(newprofile->isstale)) {
 			WARN_ON(newprofile == null_complain_profile);
@@ -1973,7 +1973,7 @@ Index: linux-2.6/security/apparmor/main.c
 			if (!newprofile) {
 				/* Race, profile was removed, not replaced.
-@@ -1039,16 +1039,16 @@ apply_profile:
+@@ -1040,16 +1040,16 @@ apply_profile:
 		 * Cases 2 and 3 are marked as requiring secure exec
 		 * (unless policy specified "unsafe exec")
 		 */
@@ -1994,7 +1994,7 @@ Index: linux-2.6/security/apparmor/main.c
 		if (complain && newprofile == null_complain_profile)
 			LOG_HINT(newprofile, GFP_ATOMIC, HINT_CHGPROF,
-@@ -1059,16 +1059,16 @@ apply_profile:
+@@ -1060,16 +1060,16 @@ apply_profile:
 	}
 cleanup:
@@ -2014,7 +2014,7 @@ Index: linux-2.6/security/apparmor/main.c
  * @p: task being released
  *
  * This is called after a task has exited and the parent has reaped it.
-@@ -1077,17 +1077,17 @@ out:
+@@ -1078,17 +1078,17 @@ out:
  * This is the one case where we don't need to hold the sd_lock before
  * removing a profile from a subdomain.  Once the subdomain has been
  * removed from the subdomain_list, we are no longer racing other writers.
@@ -2037,7 +2037,7 @@ Index: linux-2.6/security/apparmor/main.c
 		kfree(sd);
 	}
-@@ -1106,15 +1106,15 @@ void aa_release(struct task_struct *p)
+@@ -1107,15 +1107,15 @@ void aa_release(struct task_struct *p)
  */
 static inline int do_change_hat(const char *hat_name, struct subdomain *sd)
 {
@@ -2057,7 +2057,7 @@ Index: linux-2.6/security/apparmor/main.c
 	} else {
 		/* There is no such subprofile change to a NULL profile.
 		 * The NULL profile grants no file access.
-@@ -1133,7 +1133,7 @@ static inline int do_change_hat(const ch
+@@ -1134,7 +1134,7 @@ static inline int do_change_hat(const ch
 				BASE_PROFILE(sd->active)->name,
 				sd->active->name);
 		} else {
@@ -2066,7 +2066,7 @@ Index: linux-2.6/security/apparmor/main.c
 				"Changing to NULL profile "
 				"(%s(%d) profile %s active %s)\n",
 				 __FUNCTION__,
-@@ -1143,14 +1143,14 @@ static inline int do_change_hat(const ch
+@@ -1144,14 +1144,14 @@ static inline int do_change_hat(const ch
 				 sd->active->name);
 			error = -EACCES;
 		}
@@ -2083,7 +2083,7 @@ Index: linux-2.6/security/apparmor/main.c
  * @hat_name: specifies hat to change to
  * @hat_magic: token to validate hat change
  *
-@@ -1160,25 +1160,25 @@ static inline int do_change_hat(const ch
+@@ -1161,25 +1161,25 @@ static inline int do_change_hat(const ch
  * return to original top level profile.  Returns %0 on success, error
  * otherwise.
  */
@@ -2114,7 +2114,7 @@ Index: linux-2.6/security/apparmor/main.c
 		error = -EPERM;
 		goto out;
 	}
-@@ -1198,7 +1198,7 @@ int aa_change_hat(const char *hat_name, 
+@@ -1199,7 +1199,7 @@ int aa_change_hat(const char *hat_name, 
 		 * parent
 		 */
 		if (hat_name) {
@@ -2123,7 +2123,7 @@ Index: linux-2.6/security/apparmor/main.c
 				 __FUNCTION__,
 				 hat_name,
 				 hat_magic);
-@@ -1232,7 +1232,7 @@ int aa_change_hat(const char *hat_name, 
+@@ -1233,7 +1233,7 @@ int aa_change_hat(const char *hat_name, 
 				 * Got here via changehat(NULL, magic)
 				 * Return from subprofile, back to parent
 				 */
@@ -2132,7 +2132,7 @@ Index: linux-2.6/security/apparmor/main.c
 				/* Reset hat_magic to zero.
 				 * New value will be passed on next changehat
-@@ -1243,7 +1243,7 @@ int aa_change_hat(const char *hat_name, 
+@@ -1244,7 +1244,7 @@ int aa_change_hat(const char *hat_name, 
 				error = do_change_hat(hat_name, sd);
 			}
 		} else if (sd->hat_magic) {
@@ -2141,7 +2141,7 @@ Index: linux-2.6/security/apparmor/main.c
 				 "Invalid change_hat() magic# 0x%x "
 				 "(hatname %s profile %s active %s)\n",
 				 current->comm, current->pid,
-@@ -1255,7 +1255,7 @@ int aa_change_hat(const char *hat_name, 
+@@ -1256,7 +1256,7 @@ int aa_change_hat(const char *hat_name, 
 			/* terminate current process */
 			(void)send_sig_info(SIGKILL, NULL, current);
 		} else {	/* sd->hat_magic == NULL */
@@ -2150,10 +2150,10 @@ Index: linux-2.6/security/apparmor/main.c
 				 "Task was confined to current subprofile "
 				 "(profile %s active %s)\n",
 				 current->comm, current->pid,
-Index: linux-2.6/security/apparmor/match.c
+Index: b/security/apparmor/match.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/match.c
+--- a/security/apparmor/match.c
-+++ linux-2.6/security/apparmor/match.c
+++ b/security/apparmor/match.c
@@ -16,7 +16,7 @@
 #include <linux/module.h>
 #include "match.h"
@@ -2254,10 +2254,10 @@ Index: linux-2.6/security/apparmor/match.c
 	return 0;
 }
-Index: linux-2.6/security/apparmor/match.h
+Index: b/security/apparmor/match.h
 ===================================================================
--- linux-2.6.orig/security/apparmor/match.h
+--- a/security/apparmor/match.h
-+++ linux-2.6/security/apparmor/match.h
+++ b/security/apparmor/match.h
@@ -49,7 +49,7 @@ struct table_header {
 #define EQUIV_TABLE(DFA) ((u8 *)((DFA)->tables[YYTD_ID_EC - 1]->td_data))
 #define ACCEPT_TABLE(DFA) ((u32 *)((DFA)->tables[YYTD_ID_ACCEPT - 1]->td_data))
@@ -2267,10 +2267,10 @@ Index: linux-2.6/security/apparmor/match.h
 	struct table_header *tables[YYTD_ID_NXT];
 	struct table_set_header th;
-Index: linux-2.6/security/apparmor/module_interface.c
+Index: b/security/apparmor/module_interface.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/module_interface.c
+--- a/security/apparmor/module_interface.c
-+++ linux-2.6/security/apparmor/module_interface.c
+++ b/security/apparmor/module_interface.c
@@ -15,26 +15,26 @@
 #include "inline.h"
 #include "module_interface.h"
@@ -3066,10 +3066,10 @@ Index: linux-2.6/security/apparmor/module_interface.c
 		kfree(profile->name);
 	}
-Index: linux-2.6/security/apparmor/module_interface.h
+Index: b/security/apparmor/module_interface.h
 ===================================================================
--- linux-2.6.orig/security/apparmor/module_interface.h
+--- a/security/apparmor/module_interface.h
-+++ linux-2.6/security/apparmor/module_interface.h
+++ b/security/apparmor/module_interface.h
@@ -2,33 +2,33 @@
 #define __MODULEINTERFACE_H
@@ -3122,10 +3122,10 @@ Index: linux-2.6/security/apparmor/module_interface.h
 	void *start;
 	void *end;
 	void *pos;	/* pointer to current position in the buffer */
-Index: linux-2.6/security/apparmor/procattr.c
+Index: b/security/apparmor/procattr.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/procattr.c
+--- a/security/apparmor/procattr.c
-+++ linux-2.6/security/apparmor/procattr.c
+++ b/security/apparmor/procattr.c
@@ -15,7 +15,7 @@
 #include "apparmor.h"
 #include "inline.h"
@@ -3331,10 +3331,10 @@ Index: linux-2.6/security/apparmor/procattr.c
 		 */
 		sd->hat_magic = 0;
 	}
-Index: linux-2.6/security/apparmor/shared.h
+Index: b/security/apparmor/shared.h
 ===================================================================
--- linux-2.6.orig/security/apparmor/shared.h
+--- a/security/apparmor/shared.h
-+++ linux-2.6/security/apparmor/shared.h
+++ b/security/apparmor/shared.h
@@ -13,39 +13,39 @@
 #define _SHARED_H
@@ -3403,10 +3403,10 @@ Index: linux-2.6/security/apparmor/shared.h
 +#define AAVALID_PERM_MASK		((1 << (POS_AAFILE_MAX + 1)) - 1)
 #endif /* _SHARED_H */
-Index: linux-2.6/security/apparmor/lsm.c
+Index: b/security/apparmor/lsm.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/lsm.c
+--- a/security/apparmor/lsm.c
-+++ linux-2.6/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -66,15 +66,15 @@ MODULE_PARM_DESC(apparmor_logsyscall, "T
 static int apparmor_ptrace(struct task_struct *parent,
 			    struct task_struct *child)
--- a/kernel-patches/for-mainline/apparmor-audit-cleanup.diff
+++ b/kernel-patches/for-mainline/apparmor-audit-cleanup.diff
@@ -4,10 +4,10 @@ only mess up the code. Pass the name of the operation in aa_audit instead.
 Use a union for the remaining users of ival in aa_audit: this is more
 readable.
-Index: linux-2.6/security/apparmor/apparmor.h
+Index: b/security/apparmor/apparmor.h
 ===================================================================
--- linux-2.6.orig/security/apparmor/apparmor.h
+--- a/security/apparmor/apparmor.h
-+++ linux-2.6/security/apparmor/apparmor.h
+++ b/security/apparmor/apparmor.h
@@ -145,8 +145,12 @@ struct aa_audit {
 	gfp_t gfp_mask;
 	int error_code;
@@ -62,10 +62,10 @@ Index: linux-2.6/security/apparmor/apparmor.h
 extern int aa_link(struct aaprofile *active,
 		   struct dentry *link, struct vfsmount *link_mnt,
 		   struct dentry *target, struct vfsmount *target_mnt);
-Index: linux-2.6/security/apparmor/main.c
+Index: b/security/apparmor/main.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/main.c
+--- a/security/apparmor/main.c
-+++ linux-2.6/security/apparmor/main.c
+++ b/security/apparmor/main.c
@@ -443,7 +443,7 @@ int aa_audit(struct aaprofile *active, c
 	audit_log_format(ab, "%s ", logcls);	/* REJECTING/ALLOWING/etc */
@@ -221,10 +221,10 @@ Index: linux-2.6/security/apparmor/main.c
 	sa.flags = 0;
 	sa.error_code = 0;
 	sa.result = cap_raised(active->capabilities, cap);
-Index: linux-2.6/security/apparmor/lsm.c
+Index: b/security/apparmor/lsm.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/lsm.c
+--- a/security/apparmor/lsm.c
-+++ linux-2.6/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -244,7 +244,7 @@ static int apparmor_inode_mkdir(struct i
 	active = get_active_aaprofile();
--- a/kernel-patches/for-mainline/apparmor-audit.diff
+++ b/kernel-patches/for-mainline/apparmor-audit.diff
@@ -12,10 +12,10 @@ Patch is not in mainline -- pending AppArmor code submission to lkml
 kernel/audit.c        |    6 ++++--
 2 files changed, 9 insertions(+), 2 deletions(-)
-Index: linux-2.6/include/linux/audit.h
+Index: b/include/linux/audit.h
 ===================================================================
--- linux-2.6.orig/include/linux/audit.h
+--- a/include/linux/audit.h
-+++ linux-2.6/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -110,6 +110,8 @@
 #define AUDIT_LAST_KERN_ANOM_MSG    1799
 #define AUDIT_ANOM_PROMISCUOUS      1700 /* Device changed promiscuous mode */
@@ -35,10 +35,10 @@ Index: linux-2.6/include/linux/audit.h
 extern void		    audit_log_format(struct audit_buffer *ab,
 					     const char *fmt, ...)
 			    __attribute__((format(printf,2,3)));
-Index: linux-2.6/kernel/audit.c
+Index: b/kernel/audit.c
 ===================================================================
--- linux-2.6.orig/kernel/audit.c
+--- a/kernel/audit.c
-+++ linux-2.6/kernel/audit.c
+++ b/kernel/audit.c
@@ -956,8 +956,7 @@ static inline int audit_expand(struct au
  * will be called a second time.  Currently, we assume that a printk
  * can't format message larger than 1024 bytes, so we don't either.
--- a/kernel-patches/for-mainline/apparmor-bootdisable.diff
+++ b/kernel-patches/for-mainline/apparmor-bootdisable.diff
@@ -1,7 +1,7 @@
-Index: linux-2.6/security/apparmor/lsm.c
+Index: b/security/apparmor/lsm.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/lsm.c
+--- a/security/apparmor/lsm.c
-+++ linux-2.6/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -24,6 +24,15 @@
 /* struct subdomain write update lock (read side is RCU). */
 spinlock_t sd_lock = SPIN_LOCK_UNLOCKED;
@@ -10,8 +10,8 @@ Index: linux-2.6/security/apparmor/lsm.c
 +int apparmor_enabled=1;
 +static int __init apparmor_enabled_setup(char *str)
 +{
-+        apparmor_enabled = simple_strtol(str, NULL, 0);
+	apparmor_enabled = simple_strtol(str, NULL, 0);
-+        return 1;
+	return 1;
 +}
 +__setup("apparmor=", apparmor_enabled_setup);
 +
--- a/kernel-patches/for-mainline/apparmor-builtinonly.diff
+++ b/kernel-patches/for-mainline/apparmor-builtinonly.diff
@@ -1,7 +1,7 @@
-Index: linux-2.6/security/apparmor/Kconfig
+Index: b/security/apparmor/Kconfig
 ===================================================================
--- linux-2.6.orig/security/apparmor/Kconfig
+--- a/security/apparmor/Kconfig
-+++ linux-2.6/security/apparmor/Kconfig
+++ b/security/apparmor/Kconfig
@@ -1,8 +1,9 @@
 config SECURITY_APPARMOR
 -	tristate "AppArmor support"
@@ -15,10 +15,10 @@ Index: linux-2.6/security/apparmor/Kconfig
 	  Required userspace tools (if they are not included in your
 	  distribution) and further information may be found at
 	  <http://forge.novell.com/modules/xfmod/project/?apparmor>
-Index: linux-2.6/security/apparmor/lsm.c
+Index: b/security/apparmor/lsm.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/lsm.c
+--- a/security/apparmor/lsm.c
-+++ linux-2.6/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -54,36 +54,6 @@ int apparmor_logsyscall = 0;
 module_param_named(logsyscall, apparmor_logsyscall, int, S_IRUSR);
 MODULE_PARM_DESC(apparmor_logsyscall, "Toggle AppArmor logsyscall mode");
@@ -124,16 +124,16 @@ Index: linux-2.6/security/apparmor/lsm.c
 -MODULE_DESCRIPTION("AppArmor process confinement");
 -MODULE_AUTHOR("Tony Jones <tonyj@suse.de>");
 -MODULE_LICENSE("GPL");
-Index: linux-2.6/security/Makefile
+Index: b/security/Makefile
 ===================================================================
--- linux-2.6.orig/security/Makefile
+--- a/security/Makefile
-+++ linux-2.6/security/Makefile
+++ b/security/Makefile
@@ -16,7 +16,7 @@ obj-$(CONFIG_SECURITY)			+= security.o d
 # Must precede capability.o in order to stack properly.
 obj-$(CONFIG_SECURITY_SELINUX)		+= selinux/built-in.o
 ifeq ($(CONFIG_SECURITY_APPARMOR),y)
-obj-$(CONFIG_SECURITY_APPARMOR)		+= apparmor/built-in.o
+-obj-y					+= apparmor/built-in.o
-+obj-$(CONFIG_SECURITY_APPARMOR)		+= apparmor/built-in.o commoncap.o
+obj-y					+= apparmor/built-in.o commoncap.o
 endif
 obj-$(CONFIG_SECURITY_CAPABILITIES)	+= commoncap.o capability.o
 obj-$(CONFIG_SECURITY_ROOTPLUG)		+= commoncap.o root_plug.o
--- a/kernel-patches/for-mainline/apparmor-cleanup-aa.diff
+++ b/kernel-patches/for-mainline/apparmor-cleanup-aa.diff
@@ -1,7 +1,7 @@
-Index: linux-2.6/security/apparmor/apparmor.h
+Index: b/security/apparmor/apparmor.h
 ===================================================================
--- linux-2.6.orig/security/apparmor/apparmor.h
+--- a/security/apparmor/apparmor.h
-+++ linux-2.6/security/apparmor/apparmor.h
+++ b/security/apparmor/apparmor.h
@@ -68,7 +68,7 @@ struct flagval {
 #define AA_EXEC_MODIFIER_MASK(mask) ((mask) & AA_EXEC_MODIFIERS)
 #define AA_EXEC_MASK(mask) ((mask) & (AA_EXEC_MODIFIERS | AA_EXEC_UNSAFE))
@@ -135,10 +135,10 @@ Index: linux-2.6/security/apparmor/apparmor.h
 +unsigned int aa_match(struct aa_dfa *dfa, const char *pathname);
 #endif				/* __APPARMOR_H */
-Index: linux-2.6/security/apparmor/apparmorfs.c
+Index: b/security/apparmor/apparmorfs.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/apparmorfs.c
+--- a/security/apparmor/apparmorfs.c
-+++ linux-2.6/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -19,7 +19,7 @@
 #include "inline.h"
@@ -198,10 +198,10 @@ Index: linux-2.6/security/apparmor/apparmorfs.c
 +	if (AA_FS_DENTRY)
 		clear_apparmorfs();
 }
-Index: linux-2.6/security/apparmor/inline.h
+Index: b/security/apparmor/inline.h
 ===================================================================
--- linux-2.6.orig/security/apparmor/inline.h
+--- a/security/apparmor/inline.h
-+++ linux-2.6/security/apparmor/inline.h
+++ b/security/apparmor/inline.h
@@ -44,10 +44,10 @@ static inline int aa_sub_defined(void)
 }
@@ -350,10 +350,10 @@ Index: linux-2.6/security/apparmor/inline.h
 			return p;
 		} else {
 			AA_DEBUG("%s: skipping %s\n", __FUNCTION__, p->name);
-Index: linux-2.6/security/apparmor/list.c
+Index: b/security/apparmor/list.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/list.c
+--- a/security/apparmor/list.c
-+++ linux-2.6/security/apparmor/list.c
+++ b/security/apparmor/list.c
@@ -28,9 +28,9 @@ static rwlock_t subdomain_lock = RW_LOCK
  * Search the profile list for profile @name.  Return refcounted profile on
  * success, NULL on failure.
@@ -474,10 +474,10 @@ Index: linux-2.6/security/apparmor/list.c
 	seq_printf(f, "%s (%s)\n", profile->name,
 		   PROFILE_COMPLAIN(profile) ? "complain" : "enforce");
 	return 0;
-Index: linux-2.6/security/apparmor/lsm.c
+Index: b/security/apparmor/lsm.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/lsm.c
+--- a/security/apparmor/lsm.c
-+++ linux-2.6/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -66,7 +66,7 @@ MODULE_PARM_DESC(apparmor_logsyscall, "T
 static int apparmor_ptrace(struct task_struct *parent,
 			    struct task_struct *child)
@@ -877,10 +877,10 @@ Index: linux-2.6/security/apparmor/lsm.c
 	} else {
 		/* unknown operation */
 		AA_WARN("%s: Unknown setprocattr command '%.*s' by task %s(%d) "
-Index: linux-2.6/security/apparmor/main.c
+Index: b/security/apparmor/main.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/main.c
+--- a/security/apparmor/main.c
-+++ linux-2.6/security/apparmor/main.c
+++ b/security/apparmor/main.c
@@ -28,7 +28,7 @@
  * can be associated to files which keep their reference even if apparmor is
  * unloaded
@@ -935,16 +935,19 @@ Index: linux-2.6/security/apparmor/main.c
 			const char *link, const char *target)
 {
 	int l_mode, t_mode, ret = -EPERM;
-@@ -194,7 +194,7 @@ static int aa_link_perm(struct aaprofile
+@@ -194,8 +194,9 @@ static int aa_link_perm(struct aaprofile
 	return ret;
 }
 -static int _aa_perm_vfsmount(struct aaprofile *active, struct dentry *dentry,
 -		      struct vfsmount *mnt, struct aa_audit *sa, int mask)
 +static int _aa_perm_vfsmount(struct aa_profile *active, struct dentry *dentry,
-                       struct vfsmount *mnt, struct aa_audit *sa, int mask)
+			     struct vfsmount *mnt, struct aa_audit *sa,
 +			     int mask)
 {
 	int permerror, error;
-@@ -227,12 +227,12 @@ static int _aa_perm_vfsmount(struct aapr
+ 
@@ -227,12 +228,12 @@ static int _aa_perm_vfsmount(struct aapr
  *
  * Return %0 (success) or error (-%ENOMEM)
  */
@@ -960,7 +963,7 @@ Index: linux-2.6/security/apparmor/main.c
 	if (!hat)
 		goto fail;
 	if (profile->flags.complain)
-@@ -252,7 +252,7 @@ int attach_nullprofile(struct aaprofile 
+@@ -252,7 +253,7 @@ int attach_nullprofile(struct aaprofile 
 fail:
 	kfree(hatname);
@@ -969,7 +972,7 @@ Index: linux-2.6/security/apparmor/main.c
 	return -ENOMEM;
 }
-@@ -265,7 +265,7 @@ fail:
+@@ -265,7 +266,7 @@ fail:
  */
 int alloc_null_complain_profile(void)
 {
@@ -978,7 +981,7 @@ Index: linux-2.6/security/apparmor/main.c
 	if (!null_complain_profile)
 		goto fail;
-@@ -282,8 +282,8 @@ int alloc_null_complain_profile(void)
+@@ -282,8 +283,8 @@ int alloc_null_complain_profile(void)
 	return 0;
 fail:
@@ -989,7 +992,7 @@ Index: linux-2.6/security/apparmor/main.c
 	null_complain_profile = NULL;
 	return -ENOMEM;
-@@ -294,7 +294,7 @@ fail:
+@@ -294,7 +295,7 @@ fail:
  */
 void free_null_complain_profile(void)
 {
@@ -998,7 +1001,7 @@ Index: linux-2.6/security/apparmor/main.c
 	null_complain_profile = NULL;
 }
-@@ -305,7 +305,7 @@ void free_null_complain_profile(void)
+@@ -305,7 +306,7 @@ void free_null_complain_profile(void)
  * @flags: audit flags
  * @fmt: varargs fmt
  */
@@ -1007,7 +1010,7 @@ Index: linux-2.6/security/apparmor/main.c
 		     const char *fmt, ...)
 {
 	int ret;
-@@ -332,7 +332,7 @@ int aa_audit_message(struct aaprofile *a
+@@ -332,7 +333,7 @@ int aa_audit_message(struct aaprofile *a
  * @msg: string describing syscall being rejected
  * @gfp: memory allocation flags
  */
@@ -1016,7 +1019,7 @@ Index: linux-2.6/security/apparmor/main.c
 			   const char *msg)
 {
 	struct aa_audit sa;
-@@ -352,7 +352,7 @@ int aa_audit_syscallreject(struct aaprof
+@@ -352,7 +353,7 @@ int aa_audit_syscallreject(struct aaprof
  * @active: profile to check against
  * @sa: audit event
  */
@@ -1025,7 +1028,7 @@ Index: linux-2.6/security/apparmor/main.c
 {
 	struct audit_buffer *ab = NULL;
 	struct audit_context *ctx;
-@@ -567,7 +567,7 @@ out:
+@@ -567,7 +568,7 @@ out:
  * @dentry: file to check
  * @iattr: attribute changes requested
  */
@@ -1034,7 +1037,7 @@ Index: linux-2.6/security/apparmor/main.c
 	    struct vfsmount *mnt, struct iattr *iattr)
 {
 	int error;
-@@ -592,7 +592,7 @@ int aa_attr(struct aaprofile *active, st
+@@ -592,7 +593,7 @@ int aa_attr(struct aaprofile *active, st
  * @xattr_name: name of xattr to check
  * @mask: access mode requested
  */
@@ -1043,7 +1046,7 @@ Index: linux-2.6/security/apparmor/main.c
 		  struct vfsmount *mnt, const char *operation,
 		  const char *xattr_name, int mask)
 {
-@@ -620,7 +620,7 @@ int aa_perm_xattr(struct aaprofile *acti
+@@ -620,7 +621,7 @@ int aa_perm_xattr(struct aaprofile *acti
  * Determine if access (mask) for dentry is authorized by active
  * profile.  Result, %0 (success), -ve (error)
  */
@@ -1052,7 +1055,7 @@ Index: linux-2.6/security/apparmor/main.c
 	    struct vfsmount *mnt, int mask)
 {
 	int error = 0;
-@@ -651,7 +651,7 @@ out:
+@@ -651,7 +652,7 @@ out:
  * by @active profile.
  * Result, %0 (success), -ve (error)
  */
@@ -1061,7 +1064,7 @@ Index: linux-2.6/security/apparmor/main.c
 		struct vfsmount *mnt, const char *operation, int mask)
 {
 	struct aa_audit sa;
-@@ -672,7 +672,7 @@ int aa_perm_dir(struct aaprofile *active
+@@ -672,7 +673,7 @@ int aa_perm_dir(struct aaprofile *active
  * Look up capability in active profile capability set.
  * Return %0 (success), -%EPERM (error)
  */
@@ -1070,7 +1073,7 @@ Index: linux-2.6/security/apparmor/main.c
 {
 	int error = 0;
 	struct aa_audit sa;
-@@ -697,7 +697,7 @@ int aa_capability(struct aaprofile *acti
+@@ -697,7 +698,7 @@ int aa_capability(struct aaprofile *acti
  * @target: dentry for link target
  * @mnt: vfsmount (-EXDEV is link and target are not on same vfsmount)
  */
@@ -1079,7 +1082,7 @@ Index: linux-2.6/security/apparmor/main.c
 	    struct dentry *link, struct vfsmount *link_mnt,
 	    struct dentry *target, struct vfsmount *target_mnt)
 {
-@@ -796,8 +796,8 @@ int aa_register(struct linux_binprm *bpr
+@@ -796,8 +797,8 @@ int aa_register(struct linux_binprm *bpr
 {
 	char *filename;
 	struct file *filp = bprm->file;
@@ -1090,7 +1093,7 @@ Index: linux-2.6/security/apparmor/main.c
 	int 	error = -ENOMEM,
 		exec_mode = 0,
 		find_profile = 0,
-@@ -815,7 +815,7 @@ int aa_register(struct linux_binprm *bpr
+@@ -815,7 +816,7 @@ int aa_register(struct linux_binprm *bpr
 	error = 0;
@@ -1099,7 +1102,7 @@ Index: linux-2.6/security/apparmor/main.c
 	if (!active) {
 		/* Unconfined task, load profile if it exists */
-@@ -828,7 +828,7 @@ int aa_register(struct linux_binprm *bpr
+@@ -828,7 +829,7 @@ int aa_register(struct linux_binprm *bpr
 	/* Confined task, determine what mode inherit, unconstrained or
 	 * mandatory to load new profile
 	 */
@@ -1108,7 +1111,7 @@ Index: linux-2.6/security/apparmor/main.c
 	unsafe_exec = exec_mode & AA_EXEC_UNSAFE;
 	if (exec_mode) {
-@@ -893,7 +893,7 @@ int aa_register(struct linux_binprm *bpr
+@@ -893,7 +894,7 @@ int aa_register(struct linux_binprm *bpr
 		 * describing mode to execute image in.
 		 * Drop into null-profile (disabling secure exec).
 		 */
@@ -1117,7 +1120,7 @@ Index: linux-2.6/security/apparmor/main.c
 		unsafe_exec = 1;
 	} else {
 		AA_WARN("%s: Rejecting exec(2) of image '%s'. "
-@@ -926,7 +926,7 @@ find_profile:
+@@ -926,7 +927,7 @@ find_profile:
 				current->pid,
 				BASE_PROFILE(active)->name, active->name);
@@ -1126,7 +1129,7 @@ Index: linux-2.6/security/apparmor/main.c
 		} else {
 			AA_WARN("REJECTING exec(2) of image '%s'. "
 				"Profile mandatory and not found "
-@@ -1016,8 +1016,8 @@ apply_profile:
+@@ -1016,8 +1017,8 @@ apply_profile:
 		if (newprofile && unlikely(newprofile->isstale)) {
 			WARN_ON(newprofile == null_complain_profile);
@@ -1137,7 +1140,7 @@ Index: linux-2.6/security/apparmor/main.c
 			newprofile = aa_profilelist_find(filename);
-@@ -1048,7 +1048,7 @@ apply_profile:
+@@ -1048,7 +1049,7 @@ apply_profile:
 		}
 		aa_switch(sd, newprofile);
@@ -1146,7 +1149,7 @@ Index: linux-2.6/security/apparmor/main.c
 		if (complain && newprofile == null_complain_profile)
 			LOG_HINT(newprofile, GFP_ATOMIC, HINT_CHGPROF,
-@@ -1061,7 +1061,7 @@ apply_profile:
+@@ -1061,7 +1062,7 @@ apply_profile:
 cleanup:
 	aa_put_name(filename);
@@ -1155,7 +1158,7 @@ Index: linux-2.6/security/apparmor/main.c
 out:
 	return error;
-@@ -1106,7 +1106,7 @@ void aa_release(struct task_struct *p)
+@@ -1106,7 +1107,7 @@ void aa_release(struct task_struct *p)
  */
 static inline int do_change_hat(const char *hat_name, struct subdomain *sd)
 {
@@ -1164,7 +1167,7 @@ Index: linux-2.6/security/apparmor/main.c
 	int error = 0;
 	sub = __aa_find_profile(hat_name, &BASE_PROFILE(sd->active)->sub);
-@@ -1114,7 +1114,7 @@ static inline int do_change_hat(const ch
+@@ -1114,7 +1115,7 @@ static inline int do_change_hat(const ch
 	if (sub) {
 		/* change hat */
 		aa_switch(sd, sub);
@@ -1173,10 +1176,10 @@ Index: linux-2.6/security/apparmor/main.c
 	} else {
 		/* There is no such subprofile change to a NULL profile.
 		 * The NULL profile grants no file access.
-Index: linux-2.6/security/apparmor/match.c
+Index: b/security/apparmor/match.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/match.c
+--- a/security/apparmor/match.c
-+++ linux-2.6/security/apparmor/match.c
+++ b/security/apparmor/match.c
@@ -16,7 +16,7 @@
 #include <linux/module.h>
 #include "match.h"
@@ -1260,10 +1263,10 @@ Index: linux-2.6/security/apparmor/match.c
 	return 0;
 }
-Index: linux-2.6/security/apparmor/module_interface.c
+Index: b/security/apparmor/module_interface.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/module_interface.c
+--- a/security/apparmor/module_interface.c
-+++ linux-2.6/security/apparmor/module_interface.c
+++ b/security/apparmor/module_interface.c
@@ -17,24 +17,24 @@
 /* aa_code defined in module_interface.h */
@@ -1605,10 +1608,10 @@ Index: linux-2.6/security/apparmor/module_interface.c
 	}
 	if (profile->name) {
-Index: linux-2.6/security/apparmor/procattr.c
+Index: b/security/apparmor/procattr.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/procattr.c
+--- a/security/apparmor/procattr.c
-+++ linux-2.6/security/apparmor/procattr.c
+++ b/security/apparmor/procattr.c
@@ -15,7 +15,7 @@
 #include "apparmor.h"
 #include "inline.h"
--- a/kernel-patches/for-mainline/apparmor-d_namespace.diff
+++ b/kernel-patches/for-mainline/apparmor-d_namespace.diff
@@ -1,7 +1,7 @@
-Index: linux-2.6/security/apparmor/main.c
+Index: b/security/apparmor/main.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/main.c
+--- a/security/apparmor/main.c
-+++ linux-2.6/security/apparmor/main.c
+++ b/security/apparmor/main.c
@@ -12,6 +12,7 @@
 #include <linux/security.h>
 #include <linux/namei.h>
--- a/kernel-patches/for-mainline/apparmor-dfa.diff
+++ b/kernel-patches/for-mainline/apparmor-dfa.diff
@@ -1,7 +1,7 @@
-Index: linux-2.6/security/apparmor/match/Kbuild
+Index: b/security/apparmor/match/Kbuild
 ===================================================================
--- linux-2.6.orig/security/apparmor/match/Kbuild
+--- a/security/apparmor/match/Kbuild
-+++ linux-2.6/security/apparmor/match/Kbuild
+++ b/security/apparmor/match/Kbuild
@@ -1,6 +1,6 @@
 # Makefile for AppArmor aamatch submodule
 #
@@ -11,10 +11,10 @@ Index: linux-2.6/security/apparmor/match/Kbuild
 -aamatch_pcre-y := match_pcre.o pcre_exec.o
 +aamatch_dfa-y := match_dfa.o
-Index: linux-2.6/security/apparmor/match/match_dfa.c
+Index: b/security/apparmor/match/match_dfa.c
 ===================================================================
 --- /dev/null
-+++ linux-2.6/security/apparmor/match/match_dfa.c
+++ b/security/apparmor/match/match_dfa.c
@@ -0,0 +1,398 @@
 +/*
 + *	Copyright (C) 2002-2005 Novell/SUSE
@@ -414,10 +414,10 @@ Index: linux-2.6/security/apparmor/match/match_dfa.c
 +MODULE_DESCRIPTION("AppArmor aa_match module [dfa]");
 +MODULE_AUTHOR("John Johansen <jjohansen@suse.de>");
 +MODULE_LICENSE("GPL");
-Index: linux-2.6/security/apparmor/module_interface.c
+Index: b/security/apparmor/module_interface.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/module_interface.c
+--- a/security/apparmor/module_interface.c
-+++ linux-2.6/security/apparmor/module_interface.c
+++ b/security/apparmor/module_interface.c
@@ -206,6 +206,7 @@ static void aaconvert(enum aa_code code,
 		*(u16 *)dest = le16_to_cpu(get_unaligned((u16 *)src));
 		break;
@@ -465,10 +465,10 @@ Index: linux-2.6/security/apparmor/module_interface.c
 	free_aa_entry(entry);
 	return NULL;
 }
-Index: linux-2.6/security/apparmor/module_interface.h
+Index: b/security/apparmor/module_interface.h
 ===================================================================
--- linux-2.6.orig/security/apparmor/module_interface.h
+--- a/security/apparmor/module_interface.h
-+++ linux-2.6/security/apparmor/module_interface.h
+++ b/security/apparmor/module_interface.h
@@ -20,6 +20,7 @@ enum aa_code {
 	AA_LIST,
 	AA_LISTEND,
@@ -477,10 +477,10 @@ Index: linux-2.6/security/apparmor/module_interface.h
 	AA_BAD
 };
-Index: linux-2.6/security/apparmor/shared.h
+Index: b/security/apparmor/shared.h
 ===================================================================
--- linux-2.6.orig/security/apparmor/shared.h
+--- a/security/apparmor/shared.h
-+++ linux-2.6/security/apparmor/shared.h
+++ b/security/apparmor/shared.h
@@ -28,6 +28,9 @@
 #define POS_AA_EXEC_UNSAFE		(POS_AA_EXEC_MMAP + 1)
 #define POS_AA_FILE_MAX			POS_AA_EXEC_UNSAFE
--- a/kernel-patches/for-mainline/apparmor-intree.diff
+++ b/kernel-patches/for-mainline/apparmor-intree.diff
@@ -1,7 +1,7 @@
-Index: linux-2.6-apparmor/security/Kconfig
+Index: b/security/Kconfig
 ===================================================================
--- linux-2.6-apparmor.orig/security/Kconfig
+--- a/security/Kconfig
-+++ linux-2.6-apparmor/security/Kconfig
+++ b/security/Kconfig
@@ -94,6 +94,7 @@ config SECURITY_ROOTPLUG
 	  If you are unsure how to answer this question, answer N.
@@ -10,10 +10,10 @@ Index: linux-2.6-apparmor/security/Kconfig
 endmenu
-Index: linux-2.6-apparmor/security/Makefile
+Index: b/security/Makefile
 ===================================================================
--- linux-2.6-apparmor.orig/security/Makefile
+--- a/security/Makefile
-+++ linux-2.6-apparmor/security/Makefile
+++ b/security/Makefile
@@ -4,6 +4,7 @@
 obj-$(CONFIG_KEYS)			+= keys/
--- a/kernel-patches/for-mainline/apparmor-match_perms.diff
+++ b/kernel-patches/for-mainline/apparmor-match_perms.diff
@@ -1,7 +1,7 @@
-Index: linux-2.6/security/apparmor/main.c
+Index: b/security/apparmor/main.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/main.c
+--- a/security/apparmor/main.c
-+++ linux-2.6/security/apparmor/main.c
+++ b/security/apparmor/main.c
@@ -61,7 +61,7 @@ static inline int aa_taskattr_access(con
 static inline int aa_file_mode(struct aaprofile *profile, const char *name)
 {
@@ -171,10 +171,10 @@ Index: linux-2.6/security/apparmor/main.c
 done:
 	return error;
-Index: linux-2.6/security/apparmor/match/match.h
+Index: b/security/apparmor/match/match.h
 ===================================================================
--- linux-2.6.orig/security/apparmor/match/match.h
+--- a/security/apparmor/match/match.h
-+++ linux-2.6/security/apparmor/match/match.h
+++ b/security/apparmor/match/match.h
@@ -69,16 +69,11 @@ extern int aamatch_serialize(void *entry
 /**
@@ -231,10 +231,10 @@ Index: linux-2.6/security/apparmor/match/match.h
 }
 #endif /* __MATCH_H */
-Index: linux-2.6/security/apparmor/match/match_default.c
+Index: b/security/apparmor/match/match_default.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/match/match_default.c
+--- a/security/apparmor/match/match_default.c
-+++ linux-2.6/security/apparmor/match/match_default.c
+++ b/security/apparmor/match/match_default.c
@@ -36,12 +36,11 @@ int aamatch_serialize(void *entry_extrad
 	return 0;
 }
@@ -250,10 +250,10 @@ Index: linux-2.6/security/apparmor/match/match_default.c
 	return ret;
 }
-Index: linux-2.6/security/apparmor/match/match_pcre.c
+Index: b/security/apparmor/match/match_pcre.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/match/match_pcre.c
+--- a/security/apparmor/match/match_pcre.c
-+++ linux-2.6/security/apparmor/match/match_pcre.c
+++ b/security/apparmor/match/match_pcre.c
@@ -132,27 +132,26 @@ done:
 	return error;
 }
@@ -271,19 +271,19 @@ Index: linux-2.6/security/apparmor/match/match_pcre.c
 -			(struct aamatch_entry *) entry_extradata;
 +			(struct aamatch_entry *) entry->extradata;
-         	pcreret = pcre_exec(ed->compiled, NULL,
+ 		pcreret = pcre_exec(ed->compiled, NULL,
 				    pathname, strlen(pathname),
 			    	    0, 0, NULL, 0);
-        	ret = (pcreret >= 0);
+-		ret = (pcreret >= 0);
-+        	ret = (pcreret >= 0) ? entry->mode : 0;
+		ret = (pcreret >= 0) ? entry->mode : 0;
 		// XXX - this needs access to subdomain_debug,  hmmm
-         	//AA_DEBUG("%s(%d): %s %s %d\n", __FUNCTION__,
+ 		//AA_DEBUG("%s(%d): %s %s %d\n", __FUNCTION__,
 		//	 ret, pathname, ed->pattern, pcreret);
 	} else {
 -		ret = aamatch_match_common(pathname, entry_name, entry_type);
 +		ret = aamatch_match_common(entry, pathname);
 	}
-         return ret;
+ 	return ret;
--- a/kernel-patches/for-mainline/apparmor-minor-stuff.diff
+++ b/kernel-patches/for-mainline/apparmor-minor-stuff.diff
@@ -4,10 +4,10 @@ Defining and initializing a variable at the same time is okay.
 Rename struct task *p to <task>.
-Index: linux-2.6/security/apparmor/lsm.c
+Index: b/security/apparmor/lsm.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/lsm.c
+--- a/security/apparmor/lsm.c
-+++ linux-2.6/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -66,12 +66,8 @@ MODULE_PARM_DESC(apparmor_logsyscall, "T
 static int apparmor_ptrace(struct task_struct *parent,
 			    struct task_struct *child)
--- a/kernel-patches/for-mainline/apparmor-novalidfstype.diff
+++ b/kernel-patches/for-mainline/apparmor-novalidfstype.diff
@@ -1,7 +1,7 @@
-Index: linux-2.6/security/apparmor/apparmor.h
+Index: b/security/apparmor/apparmor.h
 ===================================================================
--- linux-2.6.orig/security/apparmor/apparmor.h
+--- a/security/apparmor/apparmor.h
-+++ linux-2.6/security/apparmor/apparmor.h
+++ b/security/apparmor/apparmor.h
@@ -25,17 +25,6 @@ extern int apparmor_debug;
 extern int apparmor_audit;
 extern int apparmor_logsyscall;
@@ -14,8 +14,8 @@ Index: linux-2.6/security/apparmor/apparmor.h
 -#define INOTIFYFS_MAGIC 0xBAD1DEA
 -
 -#define VALID_FSTYPE(inode) ((inode)->i_sb->s_magic != PIPEFS_MAGIC && \
-                             (inode)->i_sb->s_magic != SOCKFS_MAGIC && \
+-			     (inode)->i_sb->s_magic != SOCKFS_MAGIC && \
-                             (inode)->i_sb->s_magic != INOTIFYFS_MAGIC)
+-			     (inode)->i_sb->s_magic != INOTIFYFS_MAGIC)
 -
 #define PROFILE_COMPLAIN(_profile) \
 	(apparmor_complain == 1 || ((_profile) && (_profile)->flags.complain))
@@ -52,10 +52,10 @@ Index: linux-2.6/security/apparmor/apparmor.h
 /**
  * struct subdomain - primary label for confined tasks
  * @active: the current active profile
-Index: linux-2.6/security/apparmor/lsm.c
+Index: b/security/apparmor/lsm.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/lsm.c
+--- a/security/apparmor/lsm.c
-+++ linux-2.6/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -203,6 +203,9 @@ static int apparmor_sb_mount(char *dev_n
 	if (active) {
 		error = aa_audit_syscallreject(active, GFP_KERNEL, "mount");
--- a/kernel-patches/for-mainline/apparmor-setprocattr.diff
+++ b/kernel-patches/for-mainline/apparmor-setprocattr.diff
@@ -5,10 +5,10 @@ I'm not sure we need all the syslogging going on here.
 There are some self-explanatory comments (not only here).
-Index: linux-2.6-apparmor/security/apparmor/lsm.c
+Index: b/security/apparmor/lsm.c
 ===================================================================
--- linux-2.6-apparmor.orig/security/apparmor/lsm.c
+--- a/security/apparmor/lsm.c
-+++ linux-2.6-apparmor/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -594,19 +594,15 @@ static int apparmor_setprocattr(struct t
 	const char *cmd_changehat = "changehat ",
 		   *cmd_setprofile = "setprofile ";
--- a/kernel-patches/for-mainline/apparmor-single_module.diff
+++ b/kernel-patches/for-mainline/apparmor-single_module.diff
--- a/kernel-patches/for-mainline/apparmor-vfsmnt.diff
+++ b/kernel-patches/for-mainline/apparmor-vfsmnt.diff
@@ -1,7 +1,7 @@
-Index: linux-2.6/security/apparmor/apparmor.h
+Index: b/security/apparmor/apparmor.h
 ===================================================================
--- linux-2.6.orig/security/apparmor/apparmor.h
+--- a/security/apparmor/apparmor.h
-+++ linux-2.6/security/apparmor/apparmor.h
+++ b/security/apparmor/apparmor.h
@@ -188,16 +188,6 @@ struct subdomain {
 typedef int (*aa_iter) (struct subdomain *, void *);
@@ -45,10 +45,10 @@ Index: linux-2.6/security/apparmor/apparmor.h
 extern int aa_fork(struct task_struct *p);
 extern int aa_register(struct linux_binprm *bprm);
 extern void aa_release(struct task_struct *p);
-Index: linux-2.6/security/apparmor/inline.h
+Index: b/security/apparmor/inline.h
 ===================================================================
--- linux-2.6.orig/security/apparmor/inline.h
+--- a/security/apparmor/inline.h
-+++ linux-2.6/security/apparmor/inline.h
+++ b/security/apparmor/inline.h
@@ -10,7 +10,7 @@
 #ifndef __INLINE_H
 #define __INLINE_H
@@ -143,10 +143,10 @@ Index: linux-2.6/security/apparmor/inline.h
 -}
 -
 #endif /* __INLINE_H__ */
-Index: linux-2.6/security/apparmor/lsm.c
+Index: b/security/apparmor/lsm.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/lsm.c
+--- a/security/apparmor/lsm.c
-+++ linux-2.6/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -15,6 +15,8 @@
 #include <linux/module.h>
 #include <linux/mm.h>
@@ -477,10 +477,10 @@ Index: linux-2.6/security/apparmor/lsm.c
 	return error;
 }
-Index: linux-2.6/security/apparmor/main.c
+Index: b/security/apparmor/main.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/main.c
+--- a/security/apparmor/main.c
-+++ linux-2.6/security/apparmor/main.c
+++ b/security/apparmor/main.c
@@ -35,34 +35,6 @@ struct aaprofile *null_complain_profile;
  **************************/
@@ -595,8 +595,6 @@ Index: linux-2.6/security/apparmor/main.c
 -		}
 -	} while (name);
 +	int permerror, error;
 +
 +	sa->name = aa_get_name(dentry, mnt);
 -	if ((path_error = aa_path_end(&data)) != 0) {
 -		dentry_xlate_error(dentry, path_error, "dentry");
@@ -606,6 +604,8 @@ Index: linux-2.6/security/apparmor/main.c
 -	} else if (name) {
 -		if (failed_name)
 -			aa_put_name(failed_name);
 +	sa->name = aa_get_name(dentry, mnt);
 +
 +	if (IS_ERR(sa->name)) {
 +		permerror = PTR_ERR(sa->name);
 +		sa->name = NULL;
@@ -675,12 +675,12 @@ Index: linux-2.6/security/apparmor/main.c
 -	permerror = _aa_perm_dentry(active, dentry, mask, &sa.name);
 -	aa_permerror2result(permerror, &sa);
-
+	error = _aa_perm_vfsmount(active, dentry, mnt, &sa, mask);
 -	error = aa_audit(active, &sa);
 -
 -	aa_put_name(sa.name);
-+	error = _aa_perm_vfsmount(active, dentry, mnt, &sa, mask);
+-
 -out:
 	return error;
 }
@@ -806,10 +806,10 @@ Index: linux-2.6/security/apparmor/main.c
 -	aa_permerror2result(permerror, &sa);
 -
 -	error = aa_audit(active, &sa);
 -
 -	aa_put_name(sa.name);
 +	error = _aa_perm_vfsmount(active, dentry, mnt, &sa, MAY_WRITE);
 -	aa_put_name(sa.name);
 -
 -out:
 	return error;
 }
@@ -822,7 +822,7 @@ Index: linux-2.6/security/apparmor/main.c
 	struct aa_audit sa;
 	sa.type = AA_AUDITTYPE_CAP;
-@@ -1030,124 +867,42 @@ int aa_capability(struct aaprofile *acti
+@@ -1030,122 +867,40 @@ int aa_capability(struct aaprofile *acti
  * @active: profile to check against
  * @link: dentry for link being created
  * @target: dentry for link target
@@ -894,7 +894,9 @@ Index: linux-2.6/security/apparmor/main.c
 -			if ((path_error = aa_path_end(&idata)) != 0) {
 -				dentry_xlate_error(target, path_error,
 -						   "inner dentry [link]");
-
+	sa.name = aa_get_name(link, link_mnt);
 +	sa.pval = aa_get_name(target, target_mnt);
 -				/* name should not be set if error */
 -				WARN_ON(iname);
 -
@@ -906,9 +908,7 @@ Index: linux-2.6/security/apparmor/main.c
 -				aa_put_name(oname);
 -		}
 -	} while (oname && !match);
-+	sa.name = aa_get_name(link, link_mnt);
+-
 +	sa.pval = aa_get_name(target, target_mnt);
 -	if (error_code != 0) {
 -		/* inner error */
 -		(void)aa_path_end(&odata);
@@ -963,8 +963,5 @@ Index: linux-2.6/security/apparmor/main.c
 +	aa_put_name(sa.name);
 +	aa_put_name(sa.pval);
-	return error;
+ 	return error;
 +	return error;
 }
 /*******************************
--- a/kernel-patches/for-mainline/apparmor.diff
+++ b/kernel-patches/for-mainline/apparmor.diff