add apparmor patches for kernels 2.6.16, 2.6.17, 2.6.18

kernel-patches/2.6.16.29/README

@@ -0,0 +1,8 @@
+current - contains the patches for the current branch of apparmor
+nextgen - contains the patches for the nextgen branch of apparmor
+
+in each directory
+patches : contains quilt series of patches to apply to the kernel
+
+apparmor-fullseries.patch : is the quilt series flattened into a single patch
+

kernel-patches/2.6.16.29/current/patches/apparmor_audit.patch

@@ -0,0 +1,58 @@
+From: tonyj@suse.de
+Subject: Export audit subsystem for use by modules
+Patch-mainline: no
+
+Adds necessary export symbols for audit subsystem routines.
+Changes audit_log_vformat to be externally visible (analagous to vprintf)
+Patch is not in mainline -- pending AppArmor code submission to lkml
+
+Index: linux-2.6.14/include/linux/audit.h
+===================================================================
+--- linux-2.6.14.orig/include/linux/audit.h
++++ linux-2.6.14/include/linux/audit.h
+@@ -73,6 +73,8 @@
+ #define AUDIT_SELINUX_ERR	1401	/* Internal SE Linux Errors */
+ #define AUDIT_AVC_PATH		1402	/* dentry, vfsmount pair from avc */
+ 
++#define AUDIT_SD		1500	/* AppArmor (SubDomain) audit */
++
+ #define AUDIT_KERNEL		2000	/* Asynchronous audit record. NOT A REQUEST. */
+ 
+ /* Rule flags */
+@@ -265,6 +267,9 @@ extern void		    audit_log(struct audit_
+ 				      __attribute__((format(printf,4,5)));
+ 
+ extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
++extern void		    audit_log_vformat(struct audit_buffer *ab, 
++					      const char *fmt, va_list args)
++			    __attribute__((format(printf,2,0)));
+ extern void		    audit_log_format(struct audit_buffer *ab,
+ 					     const char *fmt, ...)
+ 			    __attribute__((format(printf,2,3)));
+Index: linux-2.6.14/kernel/audit.c
+===================================================================
+--- linux-2.6.14.orig/kernel/audit.c
++++ linux-2.6.14/kernel/audit.c
+@@ -733,8 +733,8 @@ static inline int audit_expand(struct au
+  * room in the audit buffer, more room will be allocated and vsnprint
+  * will be called a second time.  Currently, we assume that a printk
+  * can't format message larger than 1024 bytes, so we don't either. */
+-static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
+-			      va_list args)
++void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
++		       va_list args)
+ {
+ 	int len, avail;
+ 	struct sk_buff *skb;
+@@ -895,3 +895,11 @@ void audit_log(struct audit_context *ctx
+ 		audit_log_end(ab);
+ 	}
+ }
++
++EXPORT_SYMBOL_GPL(audit_log_start);
++EXPORT_SYMBOL_GPL(audit_log_vformat);
++EXPORT_SYMBOL_GPL(audit_log_format);
++EXPORT_SYMBOL_GPL(audit_log_untrustedstring);
++EXPORT_SYMBOL_GPL(audit_log_d_path);
++EXPORT_SYMBOL_GPL(audit_log_end);
++EXPORT_SYMBOL_GPL(audit_log);

kernel-patches/2.6.16.29/current/patches/apparmor_namespacesem.patch

@@ -0,0 +1,36 @@
+From: tonyj@suse.de
+Subject: Export namespace semaphore
+Patch-mainline: no
+
+Export global namespace_sem (this used to be a per namespace semaphore).
+Alas, this isn't going to win _any_ points for style.
+Patch is not in mainline -- pending AppArmor code submission to lkml
+
+Index: linux-2.6.15/fs/namespace.c
+===================================================================
+--- linux-2.6.15.orig/fs/namespace.c
++++ linux-2.6.15/fs/namespace.c
+@@ -46,7 +46,8 @@ static int event;
+ static struct list_head *mount_hashtable;
+ static int hash_mask __read_mostly, hash_bits __read_mostly;
+ static kmem_cache_t *mnt_cache;
+-static struct rw_semaphore namespace_sem;
++struct rw_semaphore namespace_sem;
++EXPORT_SYMBOL_GPL(namespace_sem);
+ 
+ /* /sys/fs */
+ decl_subsys(fs, NULL, NULL);
+Index: linux-2.6.15/include/linux/namespace.h
+===================================================================
+--- linux-2.6.15.orig/include/linux/namespace.h
++++ linux-2.6.15/include/linux/namespace.h
+@@ -5,6 +5,9 @@
+ #include <linux/mount.h>
+ #include <linux/sched.h>
+ 
++/* exported for AppArmor (SubDomain) */
++extern struct rw_semaphore namespace_sem;
++
+ struct namespace {
+ 	atomic_t		count;
+ 	struct vfsmount *	root;

kernel-patches/2.6.16.29/current/patches/apparmor_security_makefile.patch

@@ -0,0 +1,12 @@
+Index: linux-2.6.18/security/Makefile
+===================================================================
+--- linux-2.6.18.orig/security/Makefile
++++ linux-2.6.18/security/Makefile
+@@ -4,6 +4,7 @@
+ 
+ obj-$(CONFIG_KEYS)			+= keys/
+ subdir-$(CONFIG_SECURITY_SELINUX)	+= selinux
++obj-$(CONFIG_SECURITY_APPARMOR)		+= apparmor/
+ 
+ # if we don't select a security model, use the default capabilities
+ ifneq ($(CONFIG_SECURITY),y)

kernel-patches/2.6.16.29/current/patches/series

@@ -0,0 +1,4 @@
+apparmor_audit.patch
+apparmor_namespacesem.patch
+apparmor_security_makefile.patch
+apparmor.patch

kernel-patches/2.6.16.29/nextgen/patches/apparmor_audit.patch

@@ -0,0 +1,58 @@
+From: tonyj@suse.de
+Subject: Export audit subsystem for use by modules
+Patch-mainline: no
+
+Adds necessary export symbols for audit subsystem routines.
+Changes audit_log_vformat to be externally visible (analagous to vprintf)
+Patch is not in mainline -- pending AppArmor code submission to lkml
+
+Index: linux-2.6.14/include/linux/audit.h
+===================================================================
+--- linux-2.6.14.orig/include/linux/audit.h
++++ linux-2.6.14/include/linux/audit.h
+@@ -73,6 +73,8 @@
+ #define AUDIT_SELINUX_ERR	1401	/* Internal SE Linux Errors */
+ #define AUDIT_AVC_PATH		1402	/* dentry, vfsmount pair from avc */
+ 
++#define AUDIT_SD		1500	/* AppArmor (SubDomain) audit */
++
+ #define AUDIT_KERNEL		2000	/* Asynchronous audit record. NOT A REQUEST. */
+ 
+ /* Rule flags */
+@@ -265,6 +267,9 @@ extern void		    audit_log(struct audit_
+ 				      __attribute__((format(printf,4,5)));
+ 
+ extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
++extern void		    audit_log_vformat(struct audit_buffer *ab, 
++					      const char *fmt, va_list args)
++			    __attribute__((format(printf,2,0)));
+ extern void		    audit_log_format(struct audit_buffer *ab,
+ 					     const char *fmt, ...)
+ 			    __attribute__((format(printf,2,3)));
+Index: linux-2.6.14/kernel/audit.c
+===================================================================
+--- linux-2.6.14.orig/kernel/audit.c
++++ linux-2.6.14/kernel/audit.c
+@@ -733,8 +733,8 @@ static inline int audit_expand(struct au
+  * room in the audit buffer, more room will be allocated and vsnprint
+  * will be called a second time.  Currently, we assume that a printk
+  * can't format message larger than 1024 bytes, so we don't either. */
+-static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
+-			      va_list args)
++void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
++		       va_list args)
+ {
+ 	int len, avail;
+ 	struct sk_buff *skb;
+@@ -895,3 +895,11 @@ void audit_log(struct audit_context *ctx
+ 		audit_log_end(ab);
+ 	}
+ }
++
++EXPORT_SYMBOL_GPL(audit_log_start);
++EXPORT_SYMBOL_GPL(audit_log_vformat);
++EXPORT_SYMBOL_GPL(audit_log_format);
++EXPORT_SYMBOL_GPL(audit_log_untrustedstring);
++EXPORT_SYMBOL_GPL(audit_log_d_path);
++EXPORT_SYMBOL_GPL(audit_log_end);
++EXPORT_SYMBOL_GPL(audit_log);

kernel-patches/2.6.16.29/nextgen/patches/apparmor_namespacesem.patch

@@ -0,0 +1,36 @@
+From: tonyj@suse.de
+Subject: Export namespace semaphore
+Patch-mainline: no
+
+Export global namespace_sem (this used to be a per namespace semaphore).
+Alas, this isn't going to win _any_ points for style.
+Patch is not in mainline -- pending AppArmor code submission to lkml
+
+Index: linux-2.6.15/fs/namespace.c
+===================================================================
+--- linux-2.6.15.orig/fs/namespace.c
++++ linux-2.6.15/fs/namespace.c
+@@ -46,7 +46,8 @@ static int event;
+ static struct list_head *mount_hashtable;
+ static int hash_mask __read_mostly, hash_bits __read_mostly;
+ static kmem_cache_t *mnt_cache;
+-static struct rw_semaphore namespace_sem;
++struct rw_semaphore namespace_sem;
++EXPORT_SYMBOL_GPL(namespace_sem);
+ 
+ /* /sys/fs */
+ decl_subsys(fs, NULL, NULL);
+Index: linux-2.6.15/include/linux/namespace.h
+===================================================================
+--- linux-2.6.15.orig/include/linux/namespace.h
++++ linux-2.6.15/include/linux/namespace.h
+@@ -5,6 +5,9 @@
+ #include <linux/mount.h>
+ #include <linux/sched.h>
+ 
++/* exported for AppArmor (SubDomain) */
++extern struct rw_semaphore namespace_sem;
++
+ struct namespace {
+ 	atomic_t		count;
+ 	struct vfsmount *	root;

kernel-patches/2.6.16.29/nextgen/patches/apparmor_security_makefile.patch

@@ -0,0 +1,12 @@
+Index: linux-2.6.18/security/Makefile
+===================================================================
+--- linux-2.6.18.orig/security/Makefile
++++ linux-2.6.18/security/Makefile
+@@ -4,6 +4,7 @@
+ 
+ obj-$(CONFIG_KEYS)			+= keys/
+ subdir-$(CONFIG_SECURITY_SELINUX)	+= selinux
++obj-$(CONFIG_SECURITY_APPARMOR)		+= apparmor/
+ 
+ # if we don't select a security model, use the default capabilities
+ ifneq ($(CONFIG_SECURITY),y)

kernel-patches/2.6.16.29/nextgen/patches/series

@@ -0,0 +1,4 @@
+apparmor_audit.patch
+apparmor_namespacesem.patch
+apparmor_security_makefile.patch
+apparmor.patch

kernel-patches/2.6.17.9/README

@@ -0,0 +1,8 @@
+current - contains the patches for the current branch of apparmor
+nextgen - contains the patches for the nextgen branch of apparmor
+
+in each directory
+patches : contains quilt series of patches to apply to the kernel
+
+apparmor-fullseries.patch : is the quilt series flattened into a single patch
+

kernel-patches/2.6.17.9/current/patches/apparmor_audit.patch

@@ -0,0 +1,58 @@
+From: tonyj@suse.de
+Subject: Export audit subsystem for use by modules
+Patch-mainline: no
+
+Adds necessary export symbols for audit subsystem routines.
+Changes audit_log_vformat to be externally visible (analagous to vprintf)
+Patch is not in mainline -- pending AppArmor code submission to lkml
+
+
+---
+ include/linux/audit.h |    5 +++++
+ kernel/audit.c        |    6 ++++--
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+Index: linux-2.6.17.9/include/linux/audit.h
+===================================================================
+--- linux-2.6.17.9.orig/include/linux/audit.h
++++ linux-2.6.17.9/include/linux/audit.h
+@@ -96,6 +96,8 @@
+ #define AUDIT_LAST_KERN_ANOM_MSG    1799
+ #define AUDIT_ANOM_PROMISCUOUS      1700 /* Device changed promiscuous mode */
+ 
++#define AUDIT_SD		1500	/* AppArmor (SubDomain) audit */
++
+ #define AUDIT_KERNEL		2000	/* Asynchronous audit record. NOT A REQUEST. */
+ 
+ /* Rule flags */
+@@ -357,6 +359,9 @@ extern void		    audit_log(struct audit_
+ 				      __attribute__((format(printf,4,5)));
+ 
+ extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
++extern void		    audit_log_vformat(struct audit_buffer *ab,
++					      const char *fmt, va_list args)
++			    __attribute__((format(printf,2,0)));
+ extern void		    audit_log_format(struct audit_buffer *ab,
+ 					     const char *fmt, ...)
+ 			    __attribute__((format(printf,2,3)));
+Index: linux-2.6.17.9/kernel/audit.c
+===================================================================
+--- linux-2.6.17.9.orig/kernel/audit.c
++++ linux-2.6.17.9/kernel/audit.c
+@@ -893,8 +893,7 @@ static inline int audit_expand(struct au
+  * will be called a second time.  Currently, we assume that a printk
+  * can't format message larger than 1024 bytes, so we don't either.
+  */
+-static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
+-			      va_list args)
++void audit_log_vformat(struct audit_buffer *ab, const char *fmt, va_list args)
+ {
+ 	int len, avail;
+ 	struct sk_buff *skb;
+@@ -1096,3 +1095,6 @@ EXPORT_SYMBOL(audit_log_start);
+ EXPORT_SYMBOL(audit_log_end);
+ EXPORT_SYMBOL(audit_log_format);
+ EXPORT_SYMBOL(audit_log);
++EXPORT_SYMBOL_GPL(audit_log_vformat);
++EXPORT_SYMBOL_GPL(audit_log_untrustedstring);
++EXPORT_SYMBOL_GPL(audit_log_d_path);

kernel-patches/2.6.17.9/current/patches/apparmor_namespacesem.patch

@@ -0,0 +1,42 @@
+From: tonyj@suse.de
+Subject: Export namespace semaphore
+Patch-mainline: no
+
+Export global namespace_sem (this used to be a per namespace semaphore).
+Alas, this isn't going to win _any_ points for style.
+Patch is not in mainline -- pending AppArmor code submission to lkml
+
+
+---
+ fs/namespace.c            |    3 ++-
+ include/linux/namespace.h |    3 +++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+Index: linux-2.6.17.9/fs/namespace.c
+===================================================================
+--- linux-2.6.17.9.orig/fs/namespace.c
++++ linux-2.6.17.9/fs/namespace.c
+@@ -46,7 +46,8 @@ static int event;
+ static struct list_head *mount_hashtable __read_mostly;
+ static int hash_mask __read_mostly, hash_bits __read_mostly;
+ static kmem_cache_t *mnt_cache __read_mostly;
+-static struct rw_semaphore namespace_sem;
++struct rw_semaphore namespace_sem;
++EXPORT_SYMBOL_GPL(namespace_sem);
+ 
+ /* /sys/fs */
+ decl_subsys(fs, NULL, NULL);
+Index: linux-2.6.17.9/include/linux/namespace.h
+===================================================================
+--- linux-2.6.17.9.orig/include/linux/namespace.h
++++ linux-2.6.17.9/include/linux/namespace.h
+@@ -5,6 +5,9 @@
+ #include <linux/mount.h>
+ #include <linux/sched.h>
+ 
++/* exported for AppArmor (SubDomain) */
++extern struct rw_semaphore namespace_sem;
++
+ struct namespace {
+ 	atomic_t		count;
+ 	struct vfsmount *	root;

kernel-patches/2.6.17.9/current/patches/apparmor_security_makefile.patch

@@ -0,0 +1,12 @@
+Index: linux-2.6.18/security/Makefile
+===================================================================
+--- linux-2.6.18.orig/security/Makefile
++++ linux-2.6.18/security/Makefile
+@@ -4,6 +4,7 @@
+ 
+ obj-$(CONFIG_KEYS)			+= keys/
+ subdir-$(CONFIG_SECURITY_SELINUX)	+= selinux
++obj-$(CONFIG_SECURITY_APPARMOR)		+= apparmor/
+ 
+ # if we don't select a security model, use the default capabilities
+ ifneq ($(CONFIG_SECURITY),y)

kernel-patches/2.6.17.9/current/patches/series

@@ -0,0 +1,4 @@
+apparmor_audit.patch
+apparmor_namespacesem.patch
+apparmor_security_makefile.patch
+apparmor.patch

kernel-patches/2.6.17.9/nextgen/patches/apparmor_audit.patch

@@ -0,0 +1,58 @@
+From: tonyj@suse.de
+Subject: Export audit subsystem for use by modules
+Patch-mainline: no
+
+Adds necessary export symbols for audit subsystem routines.
+Changes audit_log_vformat to be externally visible (analagous to vprintf)
+Patch is not in mainline -- pending AppArmor code submission to lkml
+
+
+---
+ include/linux/audit.h |    5 +++++
+ kernel/audit.c        |    6 ++++--
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+Index: linux-2.6.17.9/include/linux/audit.h
+===================================================================
+--- linux-2.6.17.9.orig/include/linux/audit.h
++++ linux-2.6.17.9/include/linux/audit.h
+@@ -96,6 +96,8 @@
+ #define AUDIT_LAST_KERN_ANOM_MSG    1799
+ #define AUDIT_ANOM_PROMISCUOUS      1700 /* Device changed promiscuous mode */
+ 
++#define AUDIT_SD		1500	/* AppArmor (SubDomain) audit */
++
+ #define AUDIT_KERNEL		2000	/* Asynchronous audit record. NOT A REQUEST. */
+ 
+ /* Rule flags */
+@@ -357,6 +359,9 @@ extern void		    audit_log(struct audit_
+ 				      __attribute__((format(printf,4,5)));
+ 
+ extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
++extern void		    audit_log_vformat(struct audit_buffer *ab,
++					      const char *fmt, va_list args)
++			    __attribute__((format(printf,2,0)));
+ extern void		    audit_log_format(struct audit_buffer *ab,
+ 					     const char *fmt, ...)
+ 			    __attribute__((format(printf,2,3)));
+Index: linux-2.6.17.9/kernel/audit.c
+===================================================================
+--- linux-2.6.17.9.orig/kernel/audit.c
++++ linux-2.6.17.9/kernel/audit.c
+@@ -893,8 +893,7 @@ static inline int audit_expand(struct au
+  * will be called a second time.  Currently, we assume that a printk
+  * can't format message larger than 1024 bytes, so we don't either.
+  */
+-static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
+-			      va_list args)
++void audit_log_vformat(struct audit_buffer *ab, const char *fmt, va_list args)
+ {
+ 	int len, avail;
+ 	struct sk_buff *skb;
+@@ -1096,3 +1095,6 @@ EXPORT_SYMBOL(audit_log_start);
+ EXPORT_SYMBOL(audit_log_end);
+ EXPORT_SYMBOL(audit_log_format);
+ EXPORT_SYMBOL(audit_log);
++EXPORT_SYMBOL_GPL(audit_log_vformat);
++EXPORT_SYMBOL_GPL(audit_log_untrustedstring);
++EXPORT_SYMBOL_GPL(audit_log_d_path);

kernel-patches/2.6.17.9/nextgen/patches/apparmor_namespacesem.patch

@@ -0,0 +1,42 @@
+From: tonyj@suse.de
+Subject: Export namespace semaphore
+Patch-mainline: no
+
+Export global namespace_sem (this used to be a per namespace semaphore).
+Alas, this isn't going to win _any_ points for style.
+Patch is not in mainline -- pending AppArmor code submission to lkml
+
+
+---
+ fs/namespace.c            |    3 ++-
+ include/linux/namespace.h |    3 +++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+Index: linux-2.6.17.9/fs/namespace.c
+===================================================================
+--- linux-2.6.17.9.orig/fs/namespace.c
++++ linux-2.6.17.9/fs/namespace.c
+@@ -46,7 +46,8 @@ static int event;
+ static struct list_head *mount_hashtable __read_mostly;
+ static int hash_mask __read_mostly, hash_bits __read_mostly;
+ static kmem_cache_t *mnt_cache __read_mostly;
+-static struct rw_semaphore namespace_sem;
++struct rw_semaphore namespace_sem;
++EXPORT_SYMBOL_GPL(namespace_sem);
+ 
+ /* /sys/fs */
+ decl_subsys(fs, NULL, NULL);
+Index: linux-2.6.17.9/include/linux/namespace.h
+===================================================================
+--- linux-2.6.17.9.orig/include/linux/namespace.h
++++ linux-2.6.17.9/include/linux/namespace.h
+@@ -5,6 +5,9 @@
+ #include <linux/mount.h>
+ #include <linux/sched.h>
+ 
++/* exported for AppArmor (SubDomain) */
++extern struct rw_semaphore namespace_sem;
++
+ struct namespace {
+ 	atomic_t		count;
+ 	struct vfsmount *	root;

kernel-patches/2.6.17.9/nextgen/patches/apparmor_security_makefile.patch

@@ -0,0 +1,12 @@
+Index: linux-2.6.18/security/Makefile
+===================================================================
+--- linux-2.6.18.orig/security/Makefile
++++ linux-2.6.18/security/Makefile
+@@ -4,6 +4,7 @@
+ 
+ obj-$(CONFIG_KEYS)			+= keys/
+ subdir-$(CONFIG_SECURITY_SELINUX)	+= selinux
++obj-$(CONFIG_SECURITY_APPARMOR)		+= apparmor/
+ 
+ # if we don't select a security model, use the default capabilities
+ ifneq ($(CONFIG_SECURITY),y)

kernel-patches/2.6.17.9/nextgen/patches/series

@@ -0,0 +1,4 @@
+apparmor_audit.patch
+apparmor_namespacesem.patch
+apparmor_security_makefile.patch
+apparmor.patch

kernel-patches/2.6.18/README

@@ -0,0 +1,8 @@
+current - contains the patches for the current branch of apparmor
+nextgen - contains the patches for the nextgen branch of apparmor
+
+in each directory
+patches : contains quilt series of patches to apply to the kernel
+
+apparmor-fullseries.patch : is the quilt series flattened into a single patch
+

kernel-patches/2.6.18/current/patches/apparmor_audit.patch

@@ -0,0 +1,54 @@
+From: tonyj@suse.de
+Subject: Export audit subsystem for use by modules
+Patch-mainline: no
+
+Adds necessary export symbols for audit subsystem routines.
+Changes audit_log_vformat to be externally visible (analagous to vprintf)
+Patch is not in mainline -- pending AppArmor code submission to lkml
+
+
+---
+ include/linux/audit.h |    5 +++++
+ kernel/audit.c        |    6 ++++--
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+--- linux-2.6.18.orig/include/linux/audit.h
++++ linux-2.6.18/include/linux/audit.h
+@@ -100,6 +100,8 @@
+ #define AUDIT_LAST_KERN_ANOM_MSG    1799
+ #define AUDIT_ANOM_PROMISCUOUS      1700 /* Device changed promiscuous mode */
+ 
++#define AUDIT_SD		1500	/* AppArmor (SubDomain) audit */
++
+ #define AUDIT_KERNEL		2000	/* Asynchronous audit record. NOT A REQUEST. */
+ 
+ /* Rule flags */
+@@ -466,6 +468,9 @@ extern void		    audit_log(struct audit_
+ 				      __attribute__((format(printf,4,5)));
+ 
+ extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
++extern void		    audit_log_vformat(struct audit_buffer *ab,
++					      const char *fmt, va_list args)
++			    __attribute__((format(printf,2,0)));
+ extern void		    audit_log_format(struct audit_buffer *ab,
+ 					     const char *fmt, ...)
+ 			    __attribute__((format(printf,2,3)));
+--- linux-2.6.18.orig/kernel/audit.c
++++ linux-2.6.18/kernel/audit.c
+@@ -954,8 +954,7 @@ static inline int audit_expand(struct au
+  * will be called a second time.  Currently, we assume that a printk
+  * can't format message larger than 1024 bytes, so we don't either.
+  */
+-static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
+-			      va_list args)
++void audit_log_vformat(struct audit_buffer *ab, const char *fmt, va_list args)
+ {
+ 	int len, avail;
+ 	struct sk_buff *skb;
+@@ -1211,3 +1210,6 @@ EXPORT_SYMBOL(audit_log_start);
+ EXPORT_SYMBOL(audit_log_end);
+ EXPORT_SYMBOL(audit_log_format);
+ EXPORT_SYMBOL(audit_log);
++EXPORT_SYMBOL_GPL(audit_log_vformat);
++EXPORT_SYMBOL_GPL(audit_log_untrustedstring);
++EXPORT_SYMBOL_GPL(audit_log_d_path);

kernel-patches/2.6.18/current/patches/apparmor_namespacesem.patch

@@ -0,0 +1,38 @@
+From: tonyj@suse.de
+Subject: Export namespace semaphore
+Patch-mainline: no
+
+Export global namespace_sem (this used to be a per namespace semaphore).
+Alas, this isn't going to win _any_ points for style.
+Patch is not in mainline -- pending AppArmor code submission to lkml
+
+
+---
+ fs/namespace.c            |    3 ++-
+ include/linux/namespace.h |    3 +++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+--- linux-2.6.18.orig/fs/namespace.c
++++ linux-2.6.18/fs/namespace.c
+@@ -45,7 +45,8 @@ static int event;
+ static struct list_head *mount_hashtable __read_mostly;
+ static int hash_mask __read_mostly, hash_bits __read_mostly;
+ static kmem_cache_t *mnt_cache __read_mostly;
+-static struct rw_semaphore namespace_sem;
++struct rw_semaphore namespace_sem;
++EXPORT_SYMBOL_GPL(namespace_sem);
+ 
+ /* /sys/fs */
+ decl_subsys(fs, NULL, NULL);
+--- linux-2.6.18.orig/include/linux/namespace.h
++++ linux-2.6.18/include/linux/namespace.h
+@@ -5,6 +5,9 @@
+ #include <linux/mount.h>
+ #include <linux/sched.h>
+ 
++/* exported for AppArmor (SubDomain) */
++extern struct rw_semaphore namespace_sem;
++
+ struct namespace {
+ 	atomic_t		count;
+ 	struct vfsmount *	root;

kernel-patches/2.6.18/current/patches/apparmor_security_makefile.patch

@@ -0,0 +1,12 @@
+Index: linux-2.6.18/security/Makefile
+===================================================================
+--- linux-2.6.18.orig/security/Makefile
++++ linux-2.6.18/security/Makefile
+@@ -4,6 +4,7 @@
+ 
+ obj-$(CONFIG_KEYS)			+= keys/
+ subdir-$(CONFIG_SECURITY_SELINUX)	+= selinux
++obj-$(CONFIG_SECURITY_APPARMOR)		+= apparmor/
+ 
+ # if we don't select a security model, use the default capabilities
+ ifneq ($(CONFIG_SECURITY),y)

kernel-patches/2.6.18/current/patches/series

@@ -0,0 +1,4 @@
+apparmor_audit.patch
+apparmor_namespacesem.patch
+apparmor_security_makefile.patch
+apparmor.patch

kernel-patches/2.6.18/nextgen/patches/apparmor_audit.patch

@@ -0,0 +1,54 @@
+From: tonyj@suse.de
+Subject: Export audit subsystem for use by modules
+Patch-mainline: no
+
+Adds necessary export symbols for audit subsystem routines.
+Changes audit_log_vformat to be externally visible (analagous to vprintf)
+Patch is not in mainline -- pending AppArmor code submission to lkml
+
+
+---
+ include/linux/audit.h |    5 +++++
+ kernel/audit.c        |    6 ++++--
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+--- linux-2.6.18.orig/include/linux/audit.h
++++ linux-2.6.18/include/linux/audit.h
+@@ -100,6 +100,8 @@
+ #define AUDIT_LAST_KERN_ANOM_MSG    1799
+ #define AUDIT_ANOM_PROMISCUOUS      1700 /* Device changed promiscuous mode */
+ 
++#define AUDIT_SD		1500	/* AppArmor (SubDomain) audit */
++
+ #define AUDIT_KERNEL		2000	/* Asynchronous audit record. NOT A REQUEST. */
+ 
+ /* Rule flags */
+@@ -466,6 +468,9 @@ extern void		    audit_log(struct audit_
+ 				      __attribute__((format(printf,4,5)));
+ 
+ extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
++extern void		    audit_log_vformat(struct audit_buffer *ab,
++					      const char *fmt, va_list args)
++			    __attribute__((format(printf,2,0)));
+ extern void		    audit_log_format(struct audit_buffer *ab,
+ 					     const char *fmt, ...)
+ 			    __attribute__((format(printf,2,3)));
+--- linux-2.6.18.orig/kernel/audit.c
++++ linux-2.6.18/kernel/audit.c
+@@ -954,8 +954,7 @@ static inline int audit_expand(struct au
+  * will be called a second time.  Currently, we assume that a printk
+  * can't format message larger than 1024 bytes, so we don't either.
+  */
+-static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
+-			      va_list args)
++void audit_log_vformat(struct audit_buffer *ab, const char *fmt, va_list args)
+ {
+ 	int len, avail;
+ 	struct sk_buff *skb;
+@@ -1211,3 +1210,6 @@ EXPORT_SYMBOL(audit_log_start);
+ EXPORT_SYMBOL(audit_log_end);
+ EXPORT_SYMBOL(audit_log_format);
+ EXPORT_SYMBOL(audit_log);
++EXPORT_SYMBOL_GPL(audit_log_vformat);
++EXPORT_SYMBOL_GPL(audit_log_untrustedstring);
++EXPORT_SYMBOL_GPL(audit_log_d_path);

kernel-patches/2.6.18/nextgen/patches/apparmor_namespacesem.patch

@@ -0,0 +1,38 @@
+From: tonyj@suse.de
+Subject: Export namespace semaphore
+Patch-mainline: no
+
+Export global namespace_sem (this used to be a per namespace semaphore).
+Alas, this isn't going to win _any_ points for style.
+Patch is not in mainline -- pending AppArmor code submission to lkml
+
+
+---
+ fs/namespace.c            |    3 ++-
+ include/linux/namespace.h |    3 +++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+--- linux-2.6.18.orig/fs/namespace.c
++++ linux-2.6.18/fs/namespace.c
+@@ -45,7 +45,8 @@ static int event;
+ static struct list_head *mount_hashtable __read_mostly;
+ static int hash_mask __read_mostly, hash_bits __read_mostly;
+ static kmem_cache_t *mnt_cache __read_mostly;
+-static struct rw_semaphore namespace_sem;
++struct rw_semaphore namespace_sem;
++EXPORT_SYMBOL_GPL(namespace_sem);
+ 
+ /* /sys/fs */
+ decl_subsys(fs, NULL, NULL);
+--- linux-2.6.18.orig/include/linux/namespace.h
++++ linux-2.6.18/include/linux/namespace.h
+@@ -5,6 +5,9 @@
+ #include <linux/mount.h>
+ #include <linux/sched.h>
+ 
++/* exported for AppArmor (SubDomain) */
++extern struct rw_semaphore namespace_sem;
++
+ struct namespace {
+ 	atomic_t		count;
+ 	struct vfsmount *	root;

kernel-patches/2.6.18/nextgen/patches/apparmor_security_makefile.patch

@@ -0,0 +1,12 @@
+Index: linux-2.6.18/security/Makefile
+===================================================================
+--- linux-2.6.18.orig/security/Makefile
++++ linux-2.6.18/security/Makefile
+@@ -4,6 +4,7 @@
+ 
+ obj-$(CONFIG_KEYS)			+= keys/
+ subdir-$(CONFIG_SECURITY_SELINUX)	+= selinux
++obj-$(CONFIG_SECURITY_APPARMOR)		+= apparmor/
+ 
+ # if we don't select a security model, use the default capabilities
+ ifneq ($(CONFIG_SECURITY),y)

kernel-patches/2.6.18/nextgen/patches/series

@@ -0,0 +1,4 @@
+apparmor_audit.patch
+apparmor_namespacesem.patch
+apparmor_security_makefile.patch
+apparmor.patch