diff --git a/kernel-patches/2.6.18/postapply/module/series b/kernel-patches/2.6.18/postapply/module/series
new file mode 100644
index 000000000..048ec4b31
--- /dev/null
+++ b/kernel-patches/2.6.18/postapply/module/series
@@ -0,0 +1 @@
+undo_2.6.20_mnt_namespace.patch
diff --git a/kernel-patches/2.6.18/postapply/module/undo_2.6.20_mnt_namespace.patch b/kernel-patches/2.6.18/postapply/module/undo_2.6.20_mnt_namespace.patch
new file mode 100644
index 000000000..efa0640ab
--- /dev/null
+++ b/kernel-patches/2.6.18/postapply/module/undo_2.6.20_mnt_namespace.patch
@@ -0,0 +1,37 @@
+Index: linux-2.6.18.6/security/apparmor/apparmor.h
+===================================================================
+--- linux-2.6.18.6.orig/security/apparmor/apparmor.h
++++ linux-2.6.18.6/security/apparmor/apparmor.h
+@@ -210,7 +210,7 @@ typedef int (*aa_iter) (struct subdomain
+  */
+ struct aa_path_data {
+ 	struct dentry *root, *dentry;
+-	struct mnt_namespace *mnt_namespace;
++	struct namespace *namespace;
+ 	struct list_head *head, *pos;
+ 	int errno;
+ };
+Index: linux-2.6.18.6/security/apparmor/inline.h
+===================================================================
+--- linux-2.6.18.6.orig/security/apparmor/inline.h
++++ linux-2.6.18.6/security/apparmor/inline.h
+@@ -10,7 +10,7 @@
+ #ifndef __INLINE_H
+ #define __INLINE_H
+ 
+-#include <linux/mnt_namespace.h>
++#include <linux/namespace.h>
+ 
+ static inline int __aa_is_confined(struct subdomain *sd)
+ {
+@@ -323,8 +323,8 @@ static inline void __aa_path_begin(struc
+ {
+ 	data->dentry = dentry;
+ 	data->root = dget(rdentry->d_sb->s_root);
+-	data->mnt_namespace = current->nsproxy->mnt_ns;
+-	data->head = &data->mnt_namespace->list;
++	data->namespace = current->namespace;
++	data->head = &data->namespace->list;
+ 	data->pos = data->head->next;
+ 	prefetch(data->pos->next);
+ 	data->errno = 0;
diff --git a/kernel-patches/2.6.19/patches/apparmor_audit.patch b/kernel-patches/2.6.19/patches/apparmor_audit.patch
new file mode 100644
index 000000000..1347bfe50
--- /dev/null
+++ b/kernel-patches/2.6.19/patches/apparmor_audit.patch
@@ -0,0 +1,54 @@
+From: tonyj@suse.de
+Subject: Export audit subsystem for use by modules
+Patch-mainline: no
+
+Adds necessary export symbols for audit subsystem routines.
+Changes audit_log_vformat to be externally visible (analagous to vprintf)
+Patch is not in mainline -- pending AppArmor code submission to lkml
+
+
+---
+ include/linux/audit.h |    5 +++++
+ kernel/audit.c        |    6 ++++--
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+--- linux-2.6.18.orig/include/linux/audit.h
++++ linux-2.6.18/include/linux/audit.h
+@@ -100,6 +100,8 @@
+ #define AUDIT_LAST_KERN_ANOM_MSG    1799
+ #define AUDIT_ANOM_PROMISCUOUS      1700 /* Device changed promiscuous mode */
+ 
++#define AUDIT_SD		1500	/* AppArmor (SubDomain) audit */
++
+ #define AUDIT_KERNEL		2000	/* Asynchronous audit record. NOT A REQUEST. */
+ 
+ /* Rule flags */
+@@ -466,6 +468,9 @@ extern void		    audit_log(struct audit_
+ 				      __attribute__((format(printf,4,5)));
+ 
+ extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
++extern void		    audit_log_vformat(struct audit_buffer *ab,
++					      const char *fmt, va_list args)
++			    __attribute__((format(printf,2,0)));
+ extern void		    audit_log_format(struct audit_buffer *ab,
+ 					     const char *fmt, ...)
+ 			    __attribute__((format(printf,2,3)));
+--- linux-2.6.18.orig/kernel/audit.c
++++ linux-2.6.18/kernel/audit.c
+@@ -954,8 +954,7 @@ static inline int audit_expand(struct au
+  * will be called a second time.  Currently, we assume that a printk
+  * can't format message larger than 1024 bytes, so we don't either.
+  */
+-static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
+-			      va_list args)
++void audit_log_vformat(struct audit_buffer *ab, const char *fmt, va_list args)
+ {
+ 	int len, avail;
+ 	struct sk_buff *skb;
+@@ -1211,3 +1210,6 @@ EXPORT_SYMBOL(audit_log_start);
+ EXPORT_SYMBOL(audit_log_end);
+ EXPORT_SYMBOL(audit_log_format);
+ EXPORT_SYMBOL(audit_log);
++EXPORT_SYMBOL_GPL(audit_log_vformat);
++EXPORT_SYMBOL_GPL(audit_log_untrustedstring);
++EXPORT_SYMBOL_GPL(audit_log_d_path);
diff --git a/kernel-patches/2.6.19/patches/apparmor_namespacesem.patch b/kernel-patches/2.6.19/patches/apparmor_namespacesem.patch
new file mode 100644
index 000000000..61f804b16
--- /dev/null
+++ b/kernel-patches/2.6.19/patches/apparmor_namespacesem.patch
@@ -0,0 +1,38 @@
+From: tonyj@suse.de
+Subject: Export namespace semaphore
+Patch-mainline: no
+
+Export global namespace_sem (this used to be a per namespace semaphore).
+Alas, this isn't going to win _any_ points for style.
+Patch is not in mainline -- pending AppArmor code submission to lkml
+
+
+---
+ fs/namespace.c            |    3 ++-
+ include/linux/namespace.h |    3 +++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+--- linux-2.6.18.orig/fs/namespace.c
++++ linux-2.6.18/fs/namespace.c
+@@ -45,7 +45,8 @@ static int event;
+ static struct list_head *mount_hashtable __read_mostly;
+ static int hash_mask __read_mostly, hash_bits __read_mostly;
+ static kmem_cache_t *mnt_cache __read_mostly;
+-static struct rw_semaphore namespace_sem;
++struct rw_semaphore namespace_sem;
++EXPORT_SYMBOL_GPL(namespace_sem);
+ 
+ /* /sys/fs */
+ decl_subsys(fs, NULL, NULL);
+--- linux-2.6.18.orig/include/linux/namespace.h
++++ linux-2.6.18/include/linux/namespace.h
+@@ -5,6 +5,9 @@
+ #include <linux/mount.h>
+ #include <linux/sched.h>
+ 
++/* exported for AppArmor (SubDomain) */
++extern struct rw_semaphore namespace_sem;
++
+ struct namespace {
+ 	atomic_t		count;
+ 	struct vfsmount *	root;
diff --git a/kernel-patches/2.6.19/patches/apparmor_security.patch b/kernel-patches/2.6.19/patches/apparmor_security.patch
new file mode 100644
index 000000000..3f3140a2b
--- /dev/null
+++ b/kernel-patches/2.6.19/patches/apparmor_security.patch
@@ -0,0 +1,22 @@
+Index: linux-2.6.18/security/Makefile
+===================================================================
+--- linux-2.6.18.orig/security/Makefile
++++ linux-2.6.18/security/Makefile
+@@ -4,6 +4,7 @@
+ 
+ obj-$(CONFIG_KEYS)			+= keys/
+ subdir-$(CONFIG_SECURITY_SELINUX)	+= selinux
++obj-$(CONFIG_SECURITY_APPARMOR)		+= commoncap.o apparmor/
+ 
+ # if we don't select a security model, use the default capabilities
+ ifneq ($(CONFIG_SECURITY),y)
+--- linux-2.6.17.orig/security/Kconfig
++++ linux-2.6.17/security/Kconfig
+@@ -106,6 +106,7 @@ config SECURITY_SECLVL
+          If you are unsure how to answer this question, answer N.
+
+ source security/selinux/Kconfig
++source security/apparmor/Kconfig
+
+ endmenu
+
diff --git a/kernel-patches/2.6.19/patches/series b/kernel-patches/2.6.19/patches/series
new file mode 100644
index 000000000..22ae747c4
--- /dev/null
+++ b/kernel-patches/2.6.19/patches/series
@@ -0,0 +1,3 @@
+apparmor_audit.patch
+apparmor_namespacesem.patch
+apparmor_security.patch
diff --git a/kernel-patches/2.6.19/postapply/module/series b/kernel-patches/2.6.19/postapply/module/series
new file mode 100644
index 000000000..048ec4b31
--- /dev/null
+++ b/kernel-patches/2.6.19/postapply/module/series
@@ -0,0 +1 @@
+undo_2.6.20_mnt_namespace.patch
diff --git a/kernel-patches/2.6.19/postapply/module/undo_2.6.20_mnt_namespace.patch b/kernel-patches/2.6.19/postapply/module/undo_2.6.20_mnt_namespace.patch
new file mode 100644
index 000000000..efa0640ab
--- /dev/null
+++ b/kernel-patches/2.6.19/postapply/module/undo_2.6.20_mnt_namespace.patch
@@ -0,0 +1,37 @@
+Index: linux-2.6.18.6/security/apparmor/apparmor.h
+===================================================================
+--- linux-2.6.18.6.orig/security/apparmor/apparmor.h
++++ linux-2.6.18.6/security/apparmor/apparmor.h
+@@ -210,7 +210,7 @@ typedef int (*aa_iter) (struct subdomain
+  */
+ struct aa_path_data {
+ 	struct dentry *root, *dentry;
+-	struct mnt_namespace *mnt_namespace;
++	struct namespace *namespace;
+ 	struct list_head *head, *pos;
+ 	int errno;
+ };
+Index: linux-2.6.18.6/security/apparmor/inline.h
+===================================================================
+--- linux-2.6.18.6.orig/security/apparmor/inline.h
++++ linux-2.6.18.6/security/apparmor/inline.h
+@@ -10,7 +10,7 @@
+ #ifndef __INLINE_H
+ #define __INLINE_H
+ 
+-#include <linux/mnt_namespace.h>
++#include <linux/namespace.h>
+ 
+ static inline int __aa_is_confined(struct subdomain *sd)
+ {
+@@ -323,8 +323,8 @@ static inline void __aa_path_begin(struc
+ {
+ 	data->dentry = dentry;
+ 	data->root = dget(rdentry->d_sb->s_root);
+-	data->mnt_namespace = current->nsproxy->mnt_ns;
+-	data->head = &data->mnt_namespace->list;
++	data->namespace = current->namespace;
++	data->head = &data->namespace->list;
+ 	data->pos = data->head->next;
+ 	prefetch(data->pos->next);
+ 	data->errno = 0;
diff --git a/kernel-patches/2.6.20/patches/apparmor_audit.patch b/kernel-patches/2.6.20/patches/apparmor_audit.patch
new file mode 100644
index 000000000..1347bfe50
--- /dev/null
+++ b/kernel-patches/2.6.20/patches/apparmor_audit.patch
@@ -0,0 +1,54 @@
+From: tonyj@suse.de
+Subject: Export audit subsystem for use by modules
+Patch-mainline: no
+
+Adds necessary export symbols for audit subsystem routines.
+Changes audit_log_vformat to be externally visible (analagous to vprintf)
+Patch is not in mainline -- pending AppArmor code submission to lkml
+
+
+---
+ include/linux/audit.h |    5 +++++
+ kernel/audit.c        |    6 ++++--
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+--- linux-2.6.18.orig/include/linux/audit.h
++++ linux-2.6.18/include/linux/audit.h
+@@ -100,6 +100,8 @@
+ #define AUDIT_LAST_KERN_ANOM_MSG    1799
+ #define AUDIT_ANOM_PROMISCUOUS      1700 /* Device changed promiscuous mode */
+ 
++#define AUDIT_SD		1500	/* AppArmor (SubDomain) audit */
++
+ #define AUDIT_KERNEL		2000	/* Asynchronous audit record. NOT A REQUEST. */
+ 
+ /* Rule flags */
+@@ -466,6 +468,9 @@ extern void		    audit_log(struct audit_
+ 				      __attribute__((format(printf,4,5)));
+ 
+ extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
++extern void		    audit_log_vformat(struct audit_buffer *ab,
++					      const char *fmt, va_list args)
++			    __attribute__((format(printf,2,0)));
+ extern void		    audit_log_format(struct audit_buffer *ab,
+ 					     const char *fmt, ...)
+ 			    __attribute__((format(printf,2,3)));
+--- linux-2.6.18.orig/kernel/audit.c
++++ linux-2.6.18/kernel/audit.c
+@@ -954,8 +954,7 @@ static inline int audit_expand(struct au
+  * will be called a second time.  Currently, we assume that a printk
+  * can't format message larger than 1024 bytes, so we don't either.
+  */
+-static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
+-			      va_list args)
++void audit_log_vformat(struct audit_buffer *ab, const char *fmt, va_list args)
+ {
+ 	int len, avail;
+ 	struct sk_buff *skb;
+@@ -1211,3 +1210,6 @@ EXPORT_SYMBOL(audit_log_start);
+ EXPORT_SYMBOL(audit_log_end);
+ EXPORT_SYMBOL(audit_log_format);
+ EXPORT_SYMBOL(audit_log);
++EXPORT_SYMBOL_GPL(audit_log_vformat);
++EXPORT_SYMBOL_GPL(audit_log_untrustedstring);
++EXPORT_SYMBOL_GPL(audit_log_d_path);
diff --git a/kernel-patches/2.6.20/patches/apparmor_namespacesem.patch b/kernel-patches/2.6.20/patches/apparmor_namespacesem.patch
new file mode 100644
index 000000000..61f804b16
--- /dev/null
+++ b/kernel-patches/2.6.20/patches/apparmor_namespacesem.patch
@@ -0,0 +1,38 @@
+From: tonyj@suse.de
+Subject: Export namespace semaphore
+Patch-mainline: no
+
+Export global namespace_sem (this used to be a per namespace semaphore).
+Alas, this isn't going to win _any_ points for style.
+Patch is not in mainline -- pending AppArmor code submission to lkml
+
+
+---
+ fs/namespace.c            |    3 ++-
+ include/linux/namespace.h |    3 +++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+--- linux-2.6.18.orig/fs/namespace.c
++++ linux-2.6.18/fs/namespace.c
+@@ -45,7 +45,8 @@ static int event;
+ static struct list_head *mount_hashtable __read_mostly;
+ static int hash_mask __read_mostly, hash_bits __read_mostly;
+ static kmem_cache_t *mnt_cache __read_mostly;
+-static struct rw_semaphore namespace_sem;
++struct rw_semaphore namespace_sem;
++EXPORT_SYMBOL_GPL(namespace_sem);
+ 
+ /* /sys/fs */
+ decl_subsys(fs, NULL, NULL);
+--- linux-2.6.18.orig/include/linux/namespace.h
++++ linux-2.6.18/include/linux/namespace.h
+@@ -5,6 +5,9 @@
+ #include <linux/mount.h>
+ #include <linux/sched.h>
+ 
++/* exported for AppArmor (SubDomain) */
++extern struct rw_semaphore namespace_sem;
++
+ struct namespace {
+ 	atomic_t		count;
+ 	struct vfsmount *	root;
diff --git a/kernel-patches/2.6.20/patches/apparmor_security.patch b/kernel-patches/2.6.20/patches/apparmor_security.patch
new file mode 100644
index 000000000..3f3140a2b
--- /dev/null
+++ b/kernel-patches/2.6.20/patches/apparmor_security.patch
@@ -0,0 +1,22 @@
+Index: linux-2.6.18/security/Makefile
+===================================================================
+--- linux-2.6.18.orig/security/Makefile
++++ linux-2.6.18/security/Makefile
+@@ -4,6 +4,7 @@
+ 
+ obj-$(CONFIG_KEYS)			+= keys/
+ subdir-$(CONFIG_SECURITY_SELINUX)	+= selinux
++obj-$(CONFIG_SECURITY_APPARMOR)		+= commoncap.o apparmor/
+ 
+ # if we don't select a security model, use the default capabilities
+ ifneq ($(CONFIG_SECURITY),y)
+--- linux-2.6.17.orig/security/Kconfig
++++ linux-2.6.17/security/Kconfig
+@@ -106,6 +106,7 @@ config SECURITY_SECLVL
+          If you are unsure how to answer this question, answer N.
+
+ source security/selinux/Kconfig
++source security/apparmor/Kconfig
+
+ endmenu
+
diff --git a/kernel-patches/2.6.20/patches/series b/kernel-patches/2.6.20/patches/series
new file mode 100644
index 000000000..22ae747c4
--- /dev/null
+++ b/kernel-patches/2.6.20/patches/series
@@ -0,0 +1,3 @@
+apparmor_audit.patch
+apparmor_namespacesem.patch
+apparmor_security.patch