clean up kernel patch directory

2025-09-01 14:55:10 +00:00 · 2008-05-27 12:01:30 +00:00
parent b4edea623b
commit c82947b8b7
38 changed files with 0 additions and 991 deletions
--- a/kernel-patches/2.6.16/patches/apparmor_audit.patch
+++ b/kernel-patches/2.6.16/patches/apparmor_audit.patch
@@ -1,58 +0,0 @@
 From: tonyj@suse.de
 Subject: Export audit subsystem for use by modules
 Patch-mainline: no
 Adds necessary export symbols for audit subsystem routines.
 Changes audit_log_vformat to be externally visible (analagous to vprintf)
 Patch is not in mainline -- pending AppArmor code submission to lkml
 Index: linux-2.6.14/include/linux/audit.h
 ===================================================================
 --- linux-2.6.14.orig/include/linux/audit.h
 +++ linux-2.6.14/include/linux/audit.h
@@ -73,6 +73,8 @@
 #define AUDIT_SELINUX_ERR	1401	/* Internal SE Linux Errors */
 #define AUDIT_AVC_PATH		1402	/* dentry, vfsmount pair from avc */
 +#define AUDIT_SD		1500	/* AppArmor (SubDomain) audit */
 +
 #define AUDIT_KERNEL		2000	/* Asynchronous audit record. NOT A REQUEST. */
 /* Rule flags */
@@ -265,6 +267,9 @@ extern void		    audit_log(struct audit_
 				      __attribute__((format(printf,4,5)));
 extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
 +extern void		    audit_log_vformat(struct audit_buffer *ab, 
 +					      const char *fmt, va_list args)
 +			    __attribute__((format(printf,2,0)));
 extern void		    audit_log_format(struct audit_buffer *ab,
 					     const char *fmt, ...)
 			    __attribute__((format(printf,2,3)));
 Index: linux-2.6.14/kernel/audit.c
 ===================================================================
 --- linux-2.6.14.orig/kernel/audit.c
 +++ linux-2.6.14/kernel/audit.c
@@ -733,8 +733,8 @@ static inline int audit_expand(struct au
  * room in the audit buffer, more room will be allocated and vsnprint
  * will be called a second time.  Currently, we assume that a printk
  * can't format message larger than 1024 bytes, so we don't either. */
 -static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
 -			      va_list args)
 +void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
 +		       va_list args)
 {
 	int len, avail;
 	struct sk_buff *skb;
@@ -895,3 +895,11 @@ void audit_log(struct audit_context *ctx
 		audit_log_end(ab);
 	}
 }
 +
 +EXPORT_SYMBOL_GPL(audit_log_start);
 +EXPORT_SYMBOL_GPL(audit_log_vformat);
 +EXPORT_SYMBOL_GPL(audit_log_format);
 +EXPORT_SYMBOL_GPL(audit_log_untrustedstring);
 +EXPORT_SYMBOL_GPL(audit_log_d_path);
 +EXPORT_SYMBOL_GPL(audit_log_end);
 +EXPORT_SYMBOL_GPL(audit_log);
--- a/kernel-patches/2.6.16/patches/apparmor_namespacesem.patch
+++ b/kernel-patches/2.6.16/patches/apparmor_namespacesem.patch
@@ -1,36 +0,0 @@
 From: tonyj@suse.de
 Subject: Export namespace semaphore
 Patch-mainline: no
 Export global namespace_sem (this used to be a per namespace semaphore).
 Alas, this isn't going to win _any_ points for style.
 Patch is not in mainline -- pending AppArmor code submission to lkml
 Index: linux-2.6.15/fs/namespace.c
 ===================================================================
 --- linux-2.6.15.orig/fs/namespace.c
 +++ linux-2.6.15/fs/namespace.c
@@ -46,7 +46,8 @@ static int event;
 static struct list_head *mount_hashtable;
 static int hash_mask __read_mostly, hash_bits __read_mostly;
 static kmem_cache_t *mnt_cache;
 -static struct rw_semaphore namespace_sem;
 +struct rw_semaphore namespace_sem;
 +EXPORT_SYMBOL_GPL(namespace_sem);
 /* /sys/fs */
 decl_subsys(fs, NULL, NULL);
 Index: linux-2.6.15/include/linux/namespace.h
 ===================================================================
 --- linux-2.6.15.orig/include/linux/namespace.h
 +++ linux-2.6.15/include/linux/namespace.h
@@ -5,6 +5,9 @@
 #include <linux/mount.h>
 #include <linux/sched.h>
 +/* exported for AppArmor (SubDomain) */
 +extern struct rw_semaphore namespace_sem;
 +
 struct namespace {
 	atomic_t		count;
 	struct vfsmount *	root;
--- a/kernel-patches/2.6.16/patches/apparmor_security.patch
+++ b/kernel-patches/2.6.16/patches/apparmor_security.patch
@@ -1,24 +0,0 @@
 Index: b/security/Makefile
 ===================================================================
 --- a/security/Makefile
 +++ b/security/Makefile
@@ -4,6 +4,7 @@
 obj-$(CONFIG_KEYS)			+= keys/
 subdir-$(CONFIG_SECURITY_SELINUX)	+= selinux
 +obj-$(CONFIG_SECURITY_APPARMOR)		+= commoncap.o apparmor/
 # if we don't select a security model, use the default capabilities
 ifneq ($(CONFIG_SECURITY),y)
 Index: b/security/Kconfig
 ===================================================================
 --- a/security/Kconfig
 +++ b/security/Kconfig
@@ -100,6 +100,7 @@ config SECURITY_SECLVL
 	  If you are unsure how to answer this question, answer N.
 source security/selinux/Kconfig
 +source security/apparmor/Kconfig
 endmenu
--- a/kernel-patches/2.6.16/patches/series
+++ b/kernel-patches/2.6.16/patches/series
@@ -1,3 +0,0 @@
 apparmor_audit.patch
 apparmor_namespacesem.patch
 apparmor_security.patch
--- a/kernel-patches/2.6.16/postapply/module-deprecated/series
+++ b/kernel-patches/2.6.16/postapply/module-deprecated/series
@@ -1 +0,0 @@
 undo_netlinkrecv.patch
--- a/kernel-patches/2.6.16/postapply/module-deprecated/undo_netlinkrecv.patch
+++ b/kernel-patches/2.6.16/postapply/module-deprecated/undo_netlinkrecv.patch
@@ -1,14 +0,0 @@
 --- linux-2.6.18.orig/security/apparmor/lsm.c
 +++ linux-2.6.18/security/apparmor/lsm.c
@@ -199,9 +199,9 @@
 	return cap_netlink_send(sk, skb);
 }
 -static int subdomain_netlink_recv(struct sk_buff *skb, int cap)
 +static int subdomain_netlink_recv(struct sk_buff *skb)
 {
 -	return cap_netlink_recv(skb, cap);
 +	return cap_netlink_recv(skb);
 }
 static void subdomain_bprm_apply_creds(struct linux_binprm *bprm, int unsafe)
--- a/kernel-patches/2.6.16/postapply/module/series
+++ b/kernel-patches/2.6.16/postapply/module/series
@@ -1,2 +0,0 @@
 undo_2.6.20_mnt_namespace.patch
 undo_netlinkrecv.patch
--- a/kernel-patches/2.6.16/postapply/module/undo_2.6.20_mnt_namespace.patch
+++ b/kernel-patches/2.6.16/postapply/module/undo_2.6.20_mnt_namespace.patch
@@ -1,37 +0,0 @@
 Index: linux-2.6.18.6/security/apparmor/apparmor.h
 ===================================================================
 --- linux-2.6.18.6.orig/security/apparmor/apparmor.h
 +++ linux-2.6.18.6/security/apparmor/apparmor.h
@@ -210,7 +210,7 @@ typedef int (*aa_iter) (struct subdomain
  */
 struct aa_path_data {
 	struct dentry *root, *dentry;
 -	struct mnt_namespace *mnt_namespace;
 +	struct namespace *namespace;
 	struct list_head *head, *pos;
 	int errno;
 };
 Index: linux-2.6.18.6/security/apparmor/inline.h
 ===================================================================
 --- linux-2.6.18.6.orig/security/apparmor/inline.h
 +++ linux-2.6.18.6/security/apparmor/inline.h
@@ -10,7 +10,7 @@
 #ifndef __INLINE_H
 #define __INLINE_H
 -#include <linux/mnt_namespace.h>
 +#include <linux/namespace.h>
 static inline int __aa_is_confined(struct subdomain *sd)
 {
@@ -323,8 +323,8 @@ static inline void __aa_path_begin(struc
 {
 	data->dentry = dentry;
 	data->root = dget(rdentry->d_sb->s_root);
 -	data->mnt_namespace = current->nsproxy->mnt_ns;
 -	data->head = &data->mnt_namespace->list;
 +	data->namespace = current->namespace;
 +	data->head = &data->namespace->list;
 	data->pos = data->head->next;
 	prefetch(data->pos->next);
 	data->errno = 0;
--- a/kernel-patches/2.6.16/postapply/module/undo_netlinkrecv.patch
+++ b/kernel-patches/2.6.16/postapply/module/undo_netlinkrecv.patch
@@ -1,16 +0,0 @@
 Index: linux-2.6.16.29/security/apparmor/lsm.c
 ===================================================================
 --- linux-2.6.16.29.orig/security/apparmor/lsm.c
 +++ linux-2.6.16.29/security/apparmor/lsm.c
@@ -176,9 +176,9 @@ static int apparmor_netlink_send(struct 
 	return cap_netlink_send(sk, skb);
 }
 -static int apparmor_netlink_recv(struct sk_buff *skb, int cap)
 +static int apparmor_netlink_recv(struct sk_buff *skb)
 {
 -	return cap_netlink_recv(skb, cap);
 +	return cap_netlink_recv(skb);
 }
 static void apparmor_bprm_apply_creds(struct linux_binprm *bprm, int unsafe)
--- a/kernel-patches/2.6.17/patches/apparmor_audit.patch
+++ b/kernel-patches/2.6.17/patches/apparmor_audit.patch
@@ -1,58 +0,0 @@
 From: tonyj@suse.de
 Subject: Export audit subsystem for use by modules
 Patch-mainline: no
 Adds necessary export symbols for audit subsystem routines.
 Changes audit_log_vformat to be externally visible (analagous to vprintf)
 Patch is not in mainline -- pending AppArmor code submission to lkml
 ---
 include/linux/audit.h |    5 +++++
 kernel/audit.c        |    6 ++++--
 2 files changed, 9 insertions(+), 2 deletions(-)
 Index: linux-2.6.17.9/include/linux/audit.h
 ===================================================================
 --- linux-2.6.17.9.orig/include/linux/audit.h
 +++ linux-2.6.17.9/include/linux/audit.h
@@ -96,6 +96,8 @@
 #define AUDIT_LAST_KERN_ANOM_MSG    1799
 #define AUDIT_ANOM_PROMISCUOUS      1700 /* Device changed promiscuous mode */
 +#define AUDIT_SD		1500	/* AppArmor (SubDomain) audit */
 +
 #define AUDIT_KERNEL		2000	/* Asynchronous audit record. NOT A REQUEST. */
 /* Rule flags */
@@ -357,6 +359,9 @@ extern void		    audit_log(struct audit_
 				      __attribute__((format(printf,4,5)));
 extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
 +extern void		    audit_log_vformat(struct audit_buffer *ab,
 +					      const char *fmt, va_list args)
 +			    __attribute__((format(printf,2,0)));
 extern void		    audit_log_format(struct audit_buffer *ab,
 					     const char *fmt, ...)
 			    __attribute__((format(printf,2,3)));
 Index: linux-2.6.17.9/kernel/audit.c
 ===================================================================
 --- linux-2.6.17.9.orig/kernel/audit.c
 +++ linux-2.6.17.9/kernel/audit.c
@@ -893,8 +893,7 @@ static inline int audit_expand(struct au
  * will be called a second time.  Currently, we assume that a printk
  * can't format message larger than 1024 bytes, so we don't either.
  */
 -static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
 -			      va_list args)
 +void audit_log_vformat(struct audit_buffer *ab, const char *fmt, va_list args)
 {
 	int len, avail;
 	struct sk_buff *skb;
@@ -1096,3 +1095,6 @@ EXPORT_SYMBOL(audit_log_start);
 EXPORT_SYMBOL(audit_log_end);
 EXPORT_SYMBOL(audit_log_format);
 EXPORT_SYMBOL(audit_log);
 +EXPORT_SYMBOL_GPL(audit_log_vformat);
 +EXPORT_SYMBOL_GPL(audit_log_untrustedstring);
 +EXPORT_SYMBOL_GPL(audit_log_d_path);
--- a/kernel-patches/2.6.17/patches/apparmor_namespacesem.patch
+++ b/kernel-patches/2.6.17/patches/apparmor_namespacesem.patch
@@ -1,42 +0,0 @@
 From: tonyj@suse.de
 Subject: Export namespace semaphore
 Patch-mainline: no
 Export global namespace_sem (this used to be a per namespace semaphore).
 Alas, this isn't going to win _any_ points for style.
 Patch is not in mainline -- pending AppArmor code submission to lkml
 ---
 fs/namespace.c            |    3 ++-
 include/linux/namespace.h |    3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)
 Index: linux-2.6.17.9/fs/namespace.c
 ===================================================================
 --- linux-2.6.17.9.orig/fs/namespace.c
 +++ linux-2.6.17.9/fs/namespace.c
@@ -46,7 +46,8 @@ static int event;
 static struct list_head *mount_hashtable __read_mostly;
 static int hash_mask __read_mostly, hash_bits __read_mostly;
 static kmem_cache_t *mnt_cache __read_mostly;
 -static struct rw_semaphore namespace_sem;
 +struct rw_semaphore namespace_sem;
 +EXPORT_SYMBOL_GPL(namespace_sem);
 /* /sys/fs */
 decl_subsys(fs, NULL, NULL);
 Index: linux-2.6.17.9/include/linux/namespace.h
 ===================================================================
 --- linux-2.6.17.9.orig/include/linux/namespace.h
 +++ linux-2.6.17.9/include/linux/namespace.h
@@ -5,6 +5,9 @@
 #include <linux/mount.h>
 #include <linux/sched.h>
 +/* exported for AppArmor (SubDomain) */
 +extern struct rw_semaphore namespace_sem;
 +
 struct namespace {
 	atomic_t		count;
 	struct vfsmount *	root;
--- a/kernel-patches/2.6.17/patches/apparmor_security.patch
+++ b/kernel-patches/2.6.17/patches/apparmor_security.patch
@@ -1,24 +0,0 @@
 Index: linux-2.6.17.9/security/Makefile
 ===================================================================
 --- linux-2.6.17.9.orig/security/Makefile
 +++ linux-2.6.17.9/security/Makefile
@@ -4,6 +4,7 @@
 obj-$(CONFIG_KEYS)			+= keys/
 subdir-$(CONFIG_SECURITY_SELINUX)	+= selinux
 +obj-$(CONFIG_SECURITY_APPARMOR)		+= commoncap.o apparmor/
 # if we don't select a security model, use the default capabilities
 ifneq ($(CONFIG_SECURITY),y)
 Index: linux-2.6.17.9/security/Kconfig
 ===================================================================
 --- linux-2.6.17.9.orig/security/Kconfig
 +++ linux-2.6.17.9/security/Kconfig
@@ -100,6 +100,7 @@ config SECURITY_SECLVL
 	  If you are unsure how to answer this question, answer N.
 source security/selinux/Kconfig
 +source security/apparmor/Kconfig
 endmenu
--- a/kernel-patches/2.6.17/patches/series
+++ b/kernel-patches/2.6.17/patches/series
@@ -1,3 +0,0 @@
 apparmor_audit.patch
 apparmor_namespacesem.patch
 apparmor_security.patch
--- a/kernel-patches/2.6.17/postapply/module-deprecated/series
+++ b/kernel-patches/2.6.17/postapply/module-deprecated/series
@@ -1 +0,0 @@
 undo_netlinkrecv.patch
--- a/kernel-patches/2.6.17/postapply/module-deprecated/undo_netlinkrecv.patch
+++ b/kernel-patches/2.6.17/postapply/module-deprecated/undo_netlinkrecv.patch
@@ -1,14 +0,0 @@
 --- linux-2.6.18.orig/security/apparmor/lsm.c
 +++ linux-2.6.18/security/apparmor/lsm.c
@@ -199,9 +199,9 @@
 	return cap_netlink_send(sk, skb);
 }
 -static int subdomain_netlink_recv(struct sk_buff *skb, int cap)
 +static int subdomain_netlink_recv(struct sk_buff *skb)
 {
 -	return cap_netlink_recv(skb, cap);
 +	return cap_netlink_recv(skb);
 }
 static void subdomain_bprm_apply_creds(struct linux_binprm *bprm, int unsafe)
--- a/kernel-patches/2.6.17/postapply/module/series
+++ b/kernel-patches/2.6.17/postapply/module/series
@@ -1,2 +0,0 @@
 undo_2.6.20_mnt_namespace.patch
 undo_netlinkrecv.patch
--- a/kernel-patches/2.6.17/postapply/module/undo_2.6.20_mnt_namespace.patch
+++ b/kernel-patches/2.6.17/postapply/module/undo_2.6.20_mnt_namespace.patch
@@ -1,37 +0,0 @@
 Index: linux-2.6.18.6/security/apparmor/apparmor.h
 ===================================================================
 --- linux-2.6.18.6.orig/security/apparmor/apparmor.h
 +++ linux-2.6.18.6/security/apparmor/apparmor.h
@@ -210,7 +210,7 @@ typedef int (*aa_iter) (struct subdomain
  */
 struct aa_path_data {
 	struct dentry *root, *dentry;
 -	struct mnt_namespace *mnt_namespace;
 +	struct namespace *namespace;
 	struct list_head *head, *pos;
 	int errno;
 };
 Index: linux-2.6.18.6/security/apparmor/inline.h
 ===================================================================
 --- linux-2.6.18.6.orig/security/apparmor/inline.h
 +++ linux-2.6.18.6/security/apparmor/inline.h
@@ -10,7 +10,7 @@
 #ifndef __INLINE_H
 #define __INLINE_H
 -#include <linux/mnt_namespace.h>
 +#include <linux/namespace.h>
 static inline int __aa_is_confined(struct subdomain *sd)
 {
@@ -323,8 +323,8 @@ static inline void __aa_path_begin(struc
 {
 	data->dentry = dentry;
 	data->root = dget(rdentry->d_sb->s_root);
 -	data->mnt_namespace = current->nsproxy->mnt_ns;
 -	data->head = &data->mnt_namespace->list;
 +	data->namespace = current->namespace;
 +	data->head = &data->namespace->list;
 	data->pos = data->head->next;
 	prefetch(data->pos->next);
 	data->errno = 0;
--- a/kernel-patches/2.6.17/postapply/module/undo_netlinkrecv.patch
+++ b/kernel-patches/2.6.17/postapply/module/undo_netlinkrecv.patch
@@ -1,16 +0,0 @@
 Index: linux-2.6.16.29/security/apparmor/lsm.c
 ===================================================================
 --- linux-2.6.16.29.orig/security/apparmor/lsm.c
 +++ linux-2.6.16.29/security/apparmor/lsm.c
@@ -176,9 +176,9 @@ static int apparmor_netlink_send(struct 
 	return cap_netlink_send(sk, skb);
 }
 -static int apparmor_netlink_recv(struct sk_buff *skb, int cap)
 +static int apparmor_netlink_recv(struct sk_buff *skb)
 {
 -	return cap_netlink_recv(skb, cap);
 +	return cap_netlink_recv(skb);
 }
 static void apparmor_bprm_apply_creds(struct linux_binprm *bprm, int unsafe)
--- a/kernel-patches/2.6.18/patches/apparmor_audit.patch
+++ b/kernel-patches/2.6.18/patches/apparmor_audit.patch
@@ -1,54 +0,0 @@
 From: tonyj@suse.de
 Subject: Export audit subsystem for use by modules
 Patch-mainline: no
 Adds necessary export symbols for audit subsystem routines.
 Changes audit_log_vformat to be externally visible (analagous to vprintf)
 Patch is not in mainline -- pending AppArmor code submission to lkml
 ---
 include/linux/audit.h |    5 +++++
 kernel/audit.c        |    6 ++++--
 2 files changed, 9 insertions(+), 2 deletions(-)
 --- linux-2.6.18.orig/include/linux/audit.h
 +++ linux-2.6.18/include/linux/audit.h
@@ -100,6 +100,8 @@
 #define AUDIT_LAST_KERN_ANOM_MSG    1799
 #define AUDIT_ANOM_PROMISCUOUS      1700 /* Device changed promiscuous mode */
 +#define AUDIT_SD		1500	/* AppArmor (SubDomain) audit */
 +
 #define AUDIT_KERNEL		2000	/* Asynchronous audit record. NOT A REQUEST. */
 /* Rule flags */
@@ -466,6 +468,9 @@ extern void		    audit_log(struct audit_
 				      __attribute__((format(printf,4,5)));
 extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
 +extern void		    audit_log_vformat(struct audit_buffer *ab,
 +					      const char *fmt, va_list args)
 +			    __attribute__((format(printf,2,0)));
 extern void		    audit_log_format(struct audit_buffer *ab,
 					     const char *fmt, ...)
 			    __attribute__((format(printf,2,3)));
 --- linux-2.6.18.orig/kernel/audit.c
 +++ linux-2.6.18/kernel/audit.c
@@ -954,8 +954,7 @@ static inline int audit_expand(struct au
  * will be called a second time.  Currently, we assume that a printk
  * can't format message larger than 1024 bytes, so we don't either.
  */
 -static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
 -			      va_list args)
 +void audit_log_vformat(struct audit_buffer *ab, const char *fmt, va_list args)
 {
 	int len, avail;
 	struct sk_buff *skb;
@@ -1211,3 +1210,6 @@ EXPORT_SYMBOL(audit_log_start);
 EXPORT_SYMBOL(audit_log_end);
 EXPORT_SYMBOL(audit_log_format);
 EXPORT_SYMBOL(audit_log);
 +EXPORT_SYMBOL_GPL(audit_log_vformat);
 +EXPORT_SYMBOL_GPL(audit_log_untrustedstring);
 +EXPORT_SYMBOL_GPL(audit_log_d_path);
--- a/kernel-patches/2.6.18/patches/apparmor_namespacesem.patch
+++ b/kernel-patches/2.6.18/patches/apparmor_namespacesem.patch
@@ -1,38 +0,0 @@
 From: tonyj@suse.de
 Subject: Export namespace semaphore
 Patch-mainline: no
 Export global namespace_sem (this used to be a per namespace semaphore).
 Alas, this isn't going to win _any_ points for style.
 Patch is not in mainline -- pending AppArmor code submission to lkml
 ---
 fs/namespace.c            |    3 ++-
 include/linux/namespace.h |    3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)
 --- linux-2.6.18.orig/fs/namespace.c
 +++ linux-2.6.18/fs/namespace.c
@@ -45,7 +45,8 @@ static int event;
 static struct list_head *mount_hashtable __read_mostly;
 static int hash_mask __read_mostly, hash_bits __read_mostly;
 static kmem_cache_t *mnt_cache __read_mostly;
 -static struct rw_semaphore namespace_sem;
 +struct rw_semaphore namespace_sem;
 +EXPORT_SYMBOL_GPL(namespace_sem);
 /* /sys/fs */
 decl_subsys(fs, NULL, NULL);
 --- linux-2.6.18.orig/include/linux/namespace.h
 +++ linux-2.6.18/include/linux/namespace.h
@@ -5,6 +5,9 @@
 #include <linux/mount.h>
 #include <linux/sched.h>
 +/* exported for AppArmor (SubDomain) */
 +extern struct rw_semaphore namespace_sem;
 +
 struct namespace {
 	atomic_t		count;
 	struct vfsmount *	root;
--- a/kernel-patches/2.6.18/patches/apparmor_security.patch
+++ b/kernel-patches/2.6.18/patches/apparmor_security.patch
@@ -1,22 +0,0 @@
 Index: linux-2.6.18/security/Makefile
 ===================================================================
 --- linux-2.6.18.orig/security/Makefile
 +++ linux-2.6.18/security/Makefile
@@ -4,6 +4,7 @@
 obj-$(CONFIG_KEYS)			+= keys/
 subdir-$(CONFIG_SECURITY_SELINUX)	+= selinux
 +obj-$(CONFIG_SECURITY_APPARMOR)		+= commoncap.o apparmor/
 # if we don't select a security model, use the default capabilities
 ifneq ($(CONFIG_SECURITY),y)
 --- linux-2.6.17.orig/security/Kconfig
 +++ linux-2.6.17/security/Kconfig
@@ -106,6 +106,7 @@ config SECURITY_SECLVL
          If you are unsure how to answer this question, answer N.
 source security/selinux/Kconfig
 +source security/apparmor/Kconfig
 endmenu
--- a/kernel-patches/2.6.18/patches/series
+++ b/kernel-patches/2.6.18/patches/series
@@ -1,3 +0,0 @@
 apparmor_audit.patch
 apparmor_namespacesem.patch
 apparmor_security.patch
--- a/kernel-patches/2.6.18/postapply/module/series
+++ b/kernel-patches/2.6.18/postapply/module/series
@@ -1 +0,0 @@
 undo_2.6.20_mnt_namespace.patch
--- a/kernel-patches/2.6.18/postapply/module/undo_2.6.20_mnt_namespace.patch
+++ b/kernel-patches/2.6.18/postapply/module/undo_2.6.20_mnt_namespace.patch
@@ -1,37 +0,0 @@
 Index: linux-2.6.18.6/security/apparmor/apparmor.h
 ===================================================================
 --- linux-2.6.18.6.orig/security/apparmor/apparmor.h
 +++ linux-2.6.18.6/security/apparmor/apparmor.h
@@ -210,7 +210,7 @@ typedef int (*aa_iter) (struct subdomain
  */
 struct aa_path_data {
 	struct dentry *root, *dentry;
 -	struct mnt_namespace *mnt_namespace;
 +	struct namespace *namespace;
 	struct list_head *head, *pos;
 	int errno;
 };
 Index: linux-2.6.18.6/security/apparmor/inline.h
 ===================================================================
 --- linux-2.6.18.6.orig/security/apparmor/inline.h
 +++ linux-2.6.18.6/security/apparmor/inline.h
@@ -10,7 +10,7 @@
 #ifndef __INLINE_H
 #define __INLINE_H
 -#include <linux/mnt_namespace.h>
 +#include <linux/namespace.h>
 static inline int __aa_is_confined(struct subdomain *sd)
 {
@@ -323,8 +323,8 @@ static inline void __aa_path_begin(struc
 {
 	data->dentry = dentry;
 	data->root = dget(rdentry->d_sb->s_root);
 -	data->mnt_namespace = current->nsproxy->mnt_ns;
 -	data->head = &data->mnt_namespace->list;
 +	data->namespace = current->namespace;
 +	data->head = &data->namespace->list;
 	data->pos = data->head->next;
 	prefetch(data->pos->next);
 	data->errno = 0;
--- a/kernel-patches/2.6.19/patches/apparmor_audit.patch
+++ b/kernel-patches/2.6.19/patches/apparmor_audit.patch
@@ -1,54 +0,0 @@
 From: tonyj@suse.de
 Subject: Export audit subsystem for use by modules
 Patch-mainline: no
 Adds necessary export symbols for audit subsystem routines.
 Changes audit_log_vformat to be externally visible (analagous to vprintf)
 Patch is not in mainline -- pending AppArmor code submission to lkml
 ---
 include/linux/audit.h |    5 +++++
 kernel/audit.c        |    6 ++++--
 2 files changed, 9 insertions(+), 2 deletions(-)
 --- linux-2.6.18.orig/include/linux/audit.h
 +++ linux-2.6.18/include/linux/audit.h
@@ -100,6 +100,8 @@
 #define AUDIT_LAST_KERN_ANOM_MSG    1799
 #define AUDIT_ANOM_PROMISCUOUS      1700 /* Device changed promiscuous mode */
 +#define AUDIT_SD		1500	/* AppArmor (SubDomain) audit */
 +
 #define AUDIT_KERNEL		2000	/* Asynchronous audit record. NOT A REQUEST. */
 /* Rule flags */
@@ -466,6 +468,9 @@ extern void		    audit_log(struct audit_
 				      __attribute__((format(printf,4,5)));
 extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
 +extern void		    audit_log_vformat(struct audit_buffer *ab,
 +					      const char *fmt, va_list args)
 +			    __attribute__((format(printf,2,0)));
 extern void		    audit_log_format(struct audit_buffer *ab,
 					     const char *fmt, ...)
 			    __attribute__((format(printf,2,3)));
 --- linux-2.6.18.orig/kernel/audit.c
 +++ linux-2.6.18/kernel/audit.c
@@ -954,8 +954,7 @@ static inline int audit_expand(struct au
  * will be called a second time.  Currently, we assume that a printk
  * can't format message larger than 1024 bytes, so we don't either.
  */
 -static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
 -			      va_list args)
 +void audit_log_vformat(struct audit_buffer *ab, const char *fmt, va_list args)
 {
 	int len, avail;
 	struct sk_buff *skb;
@@ -1211,3 +1210,6 @@ EXPORT_SYMBOL(audit_log_start);
 EXPORT_SYMBOL(audit_log_end);
 EXPORT_SYMBOL(audit_log_format);
 EXPORT_SYMBOL(audit_log);
 +EXPORT_SYMBOL_GPL(audit_log_vformat);
 +EXPORT_SYMBOL_GPL(audit_log_untrustedstring);
 +EXPORT_SYMBOL_GPL(audit_log_d_path);
--- a/kernel-patches/2.6.19/patches/apparmor_namespacesem.patch
+++ b/kernel-patches/2.6.19/patches/apparmor_namespacesem.patch
@@ -1,38 +0,0 @@
 From: tonyj@suse.de
 Subject: Export namespace semaphore
 Patch-mainline: no
 Export global namespace_sem (this used to be a per namespace semaphore).
 Alas, this isn't going to win _any_ points for style.
 Patch is not in mainline -- pending AppArmor code submission to lkml
 ---
 fs/namespace.c            |    3 ++-
 include/linux/namespace.h |    3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)
 --- linux-2.6.18.orig/fs/namespace.c
 +++ linux-2.6.18/fs/namespace.c
@@ -45,7 +45,8 @@ static int event;
 static struct list_head *mount_hashtable __read_mostly;
 static int hash_mask __read_mostly, hash_bits __read_mostly;
 static kmem_cache_t *mnt_cache __read_mostly;
 -static struct rw_semaphore namespace_sem;
 +struct rw_semaphore namespace_sem;
 +EXPORT_SYMBOL_GPL(namespace_sem);
 /* /sys/fs */
 decl_subsys(fs, NULL, NULL);
 --- linux-2.6.18.orig/include/linux/namespace.h
 +++ linux-2.6.18/include/linux/namespace.h
@@ -5,6 +5,9 @@
 #include <linux/mount.h>
 #include <linux/sched.h>
 +/* exported for AppArmor (SubDomain) */
 +extern struct rw_semaphore namespace_sem;
 +
 struct namespace {
 	atomic_t		count;
 	struct vfsmount *	root;
--- a/kernel-patches/2.6.19/patches/apparmor_security.patch
+++ b/kernel-patches/2.6.19/patches/apparmor_security.patch
@@ -1,22 +0,0 @@
 Index: linux-2.6.18/security/Makefile
 ===================================================================
 --- linux-2.6.18.orig/security/Makefile
 +++ linux-2.6.18/security/Makefile
@@ -4,6 +4,7 @@
 obj-$(CONFIG_KEYS)			+= keys/
 subdir-$(CONFIG_SECURITY_SELINUX)	+= selinux
 +obj-$(CONFIG_SECURITY_APPARMOR)		+= commoncap.o apparmor/
 # if we don't select a security model, use the default capabilities
 ifneq ($(CONFIG_SECURITY),y)
 --- linux-2.6.17.orig/security/Kconfig
 +++ linux-2.6.17/security/Kconfig
@@ -106,6 +106,7 @@ config SECURITY_SECLVL
          If you are unsure how to answer this question, answer N.
 source security/selinux/Kconfig
 +source security/apparmor/Kconfig
 endmenu
--- a/kernel-patches/2.6.19/patches/series
+++ b/kernel-patches/2.6.19/patches/series
@@ -1,3 +0,0 @@
 apparmor_audit.patch
 apparmor_namespacesem.patch
 apparmor_security.patch
--- a/kernel-patches/2.6.19/postapply/module/series
+++ b/kernel-patches/2.6.19/postapply/module/series
@@ -1 +0,0 @@
 undo_2.6.20_mnt_namespace.patch
--- a/kernel-patches/2.6.19/postapply/module/undo_2.6.20_mnt_namespace.patch
+++ b/kernel-patches/2.6.19/postapply/module/undo_2.6.20_mnt_namespace.patch
@@ -1,37 +0,0 @@
 Index: linux-2.6.18.6/security/apparmor/apparmor.h
 ===================================================================
 --- linux-2.6.18.6.orig/security/apparmor/apparmor.h
 +++ linux-2.6.18.6/security/apparmor/apparmor.h
@@ -210,7 +210,7 @@ typedef int (*aa_iter) (struct subdomain
  */
 struct aa_path_data {
 	struct dentry *root, *dentry;
 -	struct mnt_namespace *mnt_namespace;
 +	struct namespace *namespace;
 	struct list_head *head, *pos;
 	int errno;
 };
 Index: linux-2.6.18.6/security/apparmor/inline.h
 ===================================================================
 --- linux-2.6.18.6.orig/security/apparmor/inline.h
 +++ linux-2.6.18.6/security/apparmor/inline.h
@@ -10,7 +10,7 @@
 #ifndef __INLINE_H
 #define __INLINE_H
 -#include <linux/mnt_namespace.h>
 +#include <linux/namespace.h>
 static inline int __aa_is_confined(struct subdomain *sd)
 {
@@ -323,8 +323,8 @@ static inline void __aa_path_begin(struc
 {
 	data->dentry = dentry;
 	data->root = dget(rdentry->d_sb->s_root);
 -	data->mnt_namespace = current->nsproxy->mnt_ns;
 -	data->head = &data->mnt_namespace->list;
 +	data->namespace = current->namespace;
 +	data->head = &data->namespace->list;
 	data->pos = data->head->next;
 	prefetch(data->pos->next);
 	data->errno = 0;
--- a/kernel-patches/2.6.20/patches/apparmor_audit.patch
+++ b/kernel-patches/2.6.20/patches/apparmor_audit.patch
@@ -1,54 +0,0 @@
 From: tonyj@suse.de
 Subject: Export audit subsystem for use by modules
 Patch-mainline: no
 Adds necessary export symbols for audit subsystem routines.
 Changes audit_log_vformat to be externally visible (analagous to vprintf)
 Patch is not in mainline -- pending AppArmor code submission to lkml
 ---
 include/linux/audit.h |    5 +++++
 kernel/audit.c        |    6 ++++--
 2 files changed, 9 insertions(+), 2 deletions(-)
 --- linux-2.6.18.orig/include/linux/audit.h
 +++ linux-2.6.18/include/linux/audit.h
@@ -100,6 +100,8 @@
 #define AUDIT_LAST_KERN_ANOM_MSG    1799
 #define AUDIT_ANOM_PROMISCUOUS      1700 /* Device changed promiscuous mode */
 +#define AUDIT_SD		1500	/* AppArmor (SubDomain) audit */
 +
 #define AUDIT_KERNEL		2000	/* Asynchronous audit record. NOT A REQUEST. */
 /* Rule flags */
@@ -466,6 +468,9 @@ extern void		    audit_log(struct audit_
 				      __attribute__((format(printf,4,5)));
 extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
 +extern void		    audit_log_vformat(struct audit_buffer *ab,
 +					      const char *fmt, va_list args)
 +			    __attribute__((format(printf,2,0)));
 extern void		    audit_log_format(struct audit_buffer *ab,
 					     const char *fmt, ...)
 			    __attribute__((format(printf,2,3)));
 --- linux-2.6.18.orig/kernel/audit.c
 +++ linux-2.6.18/kernel/audit.c
@@ -954,8 +954,7 @@ static inline int audit_expand(struct au
  * will be called a second time.  Currently, we assume that a printk
  * can't format message larger than 1024 bytes, so we don't either.
  */
 -static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
 -			      va_list args)
 +void audit_log_vformat(struct audit_buffer *ab, const char *fmt, va_list args)
 {
 	int len, avail;
 	struct sk_buff *skb;
@@ -1211,3 +1210,6 @@ EXPORT_SYMBOL(audit_log_start);
 EXPORT_SYMBOL(audit_log_end);
 EXPORT_SYMBOL(audit_log_format);
 EXPORT_SYMBOL(audit_log);
 +EXPORT_SYMBOL_GPL(audit_log_vformat);
 +EXPORT_SYMBOL_GPL(audit_log_untrustedstring);
 +EXPORT_SYMBOL_GPL(audit_log_d_path);
--- a/kernel-patches/2.6.20/patches/apparmor_namespacesem.patch
+++ b/kernel-patches/2.6.20/patches/apparmor_namespacesem.patch
@@ -1,38 +0,0 @@
 From: tonyj@suse.de
 Subject: Export namespace semaphore
 Patch-mainline: no
 Export global namespace_sem (this used to be a per namespace semaphore).
 Alas, this isn't going to win _any_ points for style.
 Patch is not in mainline -- pending AppArmor code submission to lkml
 ---
 fs/namespace.c                |    3 ++-
 include/linux/mnt_namespace.h |    3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)
 --- linux-2.6.19.orig/fs/namespace.c
 +++ linux-2.6.19/fs/namespace.c
@@ -37,7 +37,8 @@ static int event;
 static struct list_head *mount_hashtable __read_mostly;
 static int hash_mask __read_mostly, hash_bits __read_mostly;
 static struct kmem_cache *mnt_cache __read_mostly;
 -static struct rw_semaphore namespace_sem;
 +struct rw_semaphore namespace_sem;
 +EXPORT_SYMBOL_GPL(namespace_sem);
 /* /sys/fs */
 decl_subsys(fs, NULL, NULL);
 --- linux-2.6.19.orig/include/linux/mnt_namespace.h
 +++ linux-2.6.19/include/linux/mnt_namespace.h
@@ -6,6 +6,9 @@
 #include <linux/sched.h>
 #include <linux/nsproxy.h>
 +/* exported for AppArmor (SubDomain) */
 +extern struct rw_semaphore namespace_sem;
 +
 struct mnt_namespace {
 	atomic_t		count;
 	struct vfsmount *	root;
--- a/kernel-patches/2.6.20/patches/apparmor_security.patch
+++ b/kernel-patches/2.6.20/patches/apparmor_security.patch
@@ -1,22 +0,0 @@
 Index: linux-2.6.18/security/Makefile
 ===================================================================
 --- linux-2.6.18.orig/security/Makefile
 +++ linux-2.6.18/security/Makefile
@@ -4,6 +4,7 @@
 obj-$(CONFIG_KEYS)			+= keys/
 subdir-$(CONFIG_SECURITY_SELINUX)	+= selinux
 +obj-$(CONFIG_SECURITY_APPARMOR)		+= commoncap.o apparmor/
 # if we don't select a security model, use the default capabilities
 ifneq ($(CONFIG_SECURITY),y)
 --- linux-2.6.17.orig/security/Kconfig
 +++ linux-2.6.17/security/Kconfig
@@ -106,6 +106,7 @@ config SECURITY_SECLVL
          If you are unsure how to answer this question, answer N.
 source security/selinux/Kconfig
 +source security/apparmor/Kconfig
 endmenu
--- a/kernel-patches/2.6.20/patches/series
+++ b/kernel-patches/2.6.20/patches/series
@@ -1,3 +0,0 @@
 apparmor_audit.patch
 apparmor_namespacesem.patch
 apparmor_security.patch
--- a/kernel-patches/README
+++ b/kernel-patches/README
@@ -1,29 +0,0 @@
 For each kernel release there is a directory named using the kernel version #
 The files managed by svn in a release directory are:
 patches/ - directory of kernel patches without the apparmor module in the
          series.  These are used to build the apparmor.patch and
          apparmor-fullseries.patch
 postapply/ - directory of patches to the module code in head of svn enabling
             it to build for a given kernel.
  current/ - patches against current branch
  nextgen/ - patches against nextgen branch
 when a release tar ball is built it will be automatically generated using
 the tip of module and module-nextgen and the release dir in the tar ball
 will be populated with:
 kernel version #
  current/ - contains the patches for the current branch of apparmor
    apparmor-Kversion#-svnversion#-fullseries.patch - single kernel patcch
    patches/ - quilt series to patch kernel including apparmor patch
  nextgen - contains the patches for the nextgen branch of apparmor
    apparmor-Kversion#-svnversion#-fullseries.patch - single kernel patch
    patches/ - quilt series to patch kernel including apparmor patch
 the fullseries kernel patches are equivalent to the quilt series flattened
 into a single patch
--- a/kernel-patches/README.release
+++ b/kernel-patches/README.release
@@ -1,12 +0,0 @@
 Contents of apparmor kernel patch release
  current/ - contains the patches for the current branch of apparmor
    apparmor-Kversion#-svnversion#-fullseries.patch - single kernel patcch
    patches/ - quilt series to patch kernel including apparmor patch
  nextgen - contains the patches for the nextgen branch of apparmor
    apparmor-Kversion#-svnversion#-fullseries.patch - single kernel patch
    patches/ - quilt series to patch kernel including apparmor patch
 the fullseries kernel patches are equivalent to the quilt series flattened
 into a single patch
--- a/kernel-patches/README.snapshot
+++ b/kernel-patches/README.snapshot
@@ -1,11 +0,0 @@
 AppArmor kernel patches
 This directory should contain 2 patches that do the same thing.  The patches
 directory contains a quilt series of distinct patches necessary to apply
 apparmor to the kernel.
 The fullseries patch is the quilt series combined into a single patch.
 The apparmor patches name convention is
 apparmor-${KERNEL_VERSION}-v${APPARMOR_MODULE_REPO_VERSION}.patch
--- a/kernel-patches/gen-k-patches.sh
+++ b/kernel-patches/gen-k-patches.sh
@@ -1,124 +0,0 @@
 #!/bin/bash
 # a brain dead script to provide kernel patches from the apparmor svn module
 # for snapshot releases
 # gen-k-patches.sh linux-2.6.16.43 ~/immunix/forge-svn/trunk/module/apparmor/ ~/immunix/forge-svn/trunk/kernel-patches/2.6.16 ~/linux-kernels/
 usage()
 {
    echo "Usage: $0 kernelsource module patches destination"
    exit 0
 }
 # $1 - module dir
 get_repo_version()
 {
    local origWD=`pwd`
    cd "$1"
    if [ -x /usr/bin/svn ] ; then
 	REPO_VERSION=`/usr/bin/svn info . 2> /dev/null | grep "^Last Changed Rev:" | sed "s/^Last Changed Rev: //"`
    fi
    if [ -z ${REPO_VERSION} ] ; then
 	REPO_VERSION="unknown"
    fi
    cd "${origWD}"
    echo "Done Getting Repo version ${REPO_VERSION}"
 }
 cleanup()
 {
 # ????
 echo "cleanup"
 }
 add_files()
 {
    local f
    for f in $1/* ; do
 	if [ -d "$f" ] ; then
 	    add_files "$f" "$2"
 	else
 	    quilt add security/apparmor/${f#$2}
 	fi
    done
 }
 # $1 - kernel dir
 # $2 - dir with patches
 # $3 - module
 # $4 - kernel ver #
 # $5 - svn ver #
 # $6 - destination
 patches_for_kernel()
 {
    local WD=`pwd`
    if [ -d $2/patches ] ; then
 	cp -r $2/patches $6/
 	cp -r $2/../README.snapshot $6/
 	cp -r $2/patches $1
    else
 	mkdir $6/patches
    fi
    cd $1
    quilt push -a
    quilt new apparmor.diff
    add_files $3 $3
    cp -r $3 security/apparmor
    quilt refresh
    if [ -d $2/postapply/module ] ; then
 	mv patches/series patches/series.bak
 	cp -r $2/postapply/module/* patches/
 	cp patches/series.bak patches/series
 	cat $2/postapply/module/series >>patches/series
 	quilt push -a
    fi
    echo "creating patches in $6"
    quilt diff -p ab --combine apparmor.diff >foo
    echo "AppArmor kernel patches for repo version $5" >$6/patches/apparmor-$4-v$5.diff
    diffstat foo >>$6/patches/apparmor-$4-v$5.diff
    cat foo >>$6/patches/apparmor-$4-v$5.diff
    cat patches/series.bak | sed "s/apparmor.diff/apparmor-$4-v$5.diff/" > $6/patches/series
    quilt diff -p ab --combine - >foo
    echo "AppArmor kernel patches for repo version $5" >$6/apparmor-$4-v$5-fullseries.diff
    diffstat foo >>$6/apparmor-$4-v$5-fullseries.diff
    cat foo >>$6/apparmor-$4-v$5-fullseries.diff
    quilt pop -a
    rm -rf foo
    rm -rf security/apparmor
    rm -rf patches
    rm -rf .pc
    cd $WD
 }
 VERSION=`expr "$1" : '.*\(2\.6\.[^ /\t]*\)' `
 if [ -z ${VERSION} ]; then
    echo "script expects a kernelsource dir with embedded version tag."
    echo " eg. linux-2.6.16rc1"
    exit 1;
 fi
 if ! [ -e "$4/$VERSION" ] ; then
    echo "Making destination $4/$VERSION"
    mkdir "$4/$VERSION"
 else
    echo "Destination $4/$VERSION already exists"
 fi
 get_repo_version $2
 patches_for_kernel $1 $3 $2 $VERSION $REPO_VERSION "$4/$VERSION"
 WD=`pwd`
 cd $4
 tar --exclude=.svn -cf "apparmor-kernel-patches-$VERSION.tar" "$VERSION"
 gzip "apparmor-kernel-patches-$VERSION.tar"
 cd $WD
		`@@ -1,2 +0,0 @@`
			`undo_2.6.20_mnt_namespace.patch`
			`undo_netlinkrecv.patch`