diff --git a/tests/regression/apparmor/Makefile b/tests/regression/apparmor/Makefile
index c0aad62af..d0e4b3547 100644
--- a/tests/regression/apparmor/Makefile
+++ b/tests/regression/apparmor/Makefile
@@ -18,7 +18,7 @@ ifdef USE_SYSTEM
 				echo -lapparmor ; \
 			fi )
   ifeq ($(strip $(LIBAPPARMOR)),)
-    ERROR_MESSAGE = $(error ${nl}\
+    LIBAPPARMOR_ERROR_MESSAGE = $(error ${nl}\
 ************************************************************************${nl}\
 Unable to find libapparmor installed on this system; either${nl}\
 install libapparmor devel packages, set the LIBAPPARMOR variable${nl}\
@@ -27,13 +27,23 @@ manually, or build against in-tree libapparmor.${nl}\
   endif # LIBAPPARMOR not set
   LDLIBS += $(LIBAPPARMOR)
 
+  AA_EXEC = $(shell which aa-exec)
+  ifeq ($(AA_EXEC),)
+    AA_EXEC_ERROR_MESSAGE = $(error ${nl}\
+************************************************************************${nl}\
+Unable to find aa-exec installed on this system; either install the${nl}\
+apparmor package, set the AA_EXEC variable manually, or use the in-tree${nl}\
+aa-exec.${nl}\
+************************************************************************${nl})
+  endif # AA_EXEC not set
+
 else # !USE_SYSTEM
   # use in-tree versions
   LIBAPPARMOR_SRC := ../../../libraries/libapparmor/
   LIBAPPARMOR_INCLUDE = $(LIBAPPARMOR_SRC)/include
   LIBAPPARMOR_PATH := $(LIBAPPARMOR_SRC)/src/.libs/
   ifeq ($(realpath $(LIBAPPARMOR_PATH)/libapparmor.a),)
-        ERROR_MESSAGE = $(error ${nl}\
+        LIBAPPARMOR_ERROR_MESSAGE = $(error ${nl}\
 ************************************************************************${nl}\
 $(LIBAPPARMOR_PATH)/libapparmor.a is missing; either build against${nl}\
 the in-tree libapparmor by building it first and then trying again${nl}\
@@ -42,6 +52,17 @@ libapparmor by adding USE_SYSTEM=1 to your make command.${nl}\
 ************************************************************************${nl})
   endif
 
+  UTILS_SRC := ../../../utils
+  AA_EXEC = $(UTILS_SRC)/aa-exec
+  ifeq ($(realpath $(AA_EXEC)),)
+        AA_EXEC_ERROR_MESSAGE = $(error ${nl}\
+************************************************************************${nl}\
+$(AA_EXEC) is missing; either build the $(UTILS_SRC) directory${nl}\
+and then try again (see the top-level README for help) or use the${nl}\
+system aa-exec by adding USE_SYSTEM=1 to your make command.${nl}\
+************************************************************************${nl})
+  endif
+
   CFLAGS += -L$(LIBAPPARMOR_PATH) -I$(LIBAPPARMOR_INCLUDE)
   LDLIBS += -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread
 endif # USE_SYSTEM
@@ -152,7 +173,8 @@ endif
 
 EXEC=$(SRC:%.c=%)
 
-TESTS=access \
+TESTS=aa_exec \
+      access \
       introspect \
       capabilities \
       changeprofile \
@@ -217,9 +239,11 @@ RISKY_TESTS=
 
 .PHONY: libapparmor_check
 .SILENT: libapparmor_check
-libapparmor_check: ; $(ERROR_MESSAGE)
+libapparmor_check: ; $(LIBAPPARMOR_ERROR_MESSAGE)
 
-all: libapparmor_check $(EXEC) changehat.h uservars.inc
+aa_exec_check: ; $(AA_EXEC_ERROR_MESSAGE)
+
+all: libapparmor_check aa_exec_check $(EXEC) changehat.h uservars.inc
 
 uservars.inc: uservars.inc.source uservars.inc.system
 ifdef USE_SYSTEM
diff --git a/tests/regression/apparmor/aa_exec.sh b/tests/regression/apparmor/aa_exec.sh
new file mode 100755
index 000000000..daaefee9b
--- /dev/null
+++ b/tests/regression/apparmor/aa_exec.sh
@@ -0,0 +1,81 @@
+#! /bin/bash
+#	Copyright (C) 2015 Canonical, Ltd.
+#
+#	This program is free software; you can redistribute it and/or
+#	modify it under the terms of the GNU General Public License as
+#	published by the Free Software Foundation, version 2 of the
+#	License.
+
+#=NAME aa_exec
+#=DESCRIPTION
+# This test verifies that the aa_exec command is indeed transitioning
+# profiles as intended.
+#=END
+
+#set -x
+
+pwd=`dirname $0`
+pwd=`cd $pwd ; /bin/pwd`
+
+bin=$pwd
+
+. $bin/prologue.inc
+
+ns=aa_exec_ns
+
+genprofile_aa_exec()
+{
+	mode=""
+	if [ $# -eq 2 ]; then
+		if [ $2 -ne 0 ]; then
+			mode="(complain) "
+		fi
+	fi
+	genprofile --stdin <<EOF
+$1 ${mode}{
+  file,
+}
+
+:${ns}:${1} ${mode}{
+  file,
+}
+EOF
+}
+
+settest aa_exec_profile ${bin}/aa_exec_wrapper.sh
+
+genprofile_aa_exec "$test" 0
+runchecktest "unconfined" pass "$aa_exec" "unconfined"
+
+genprofile_aa_exec "$test" 0
+runchecktest "enforce" pass "$aa_exec -p $test" "$test (enforce)"
+
+genprofile_aa_exec "$test" 1
+runchecktest "complain" pass "$aa_exec -p $test" "$test (complain)"
+
+genprofile_aa_exec "$test" 0
+runchecktest "negative test: not unconfined" fail "$aa_exec -p $test" "unconfined"
+
+genprofile_aa_exec "$test" 0
+runchecktest "negative test: bad mode: (complain)" fail "$aa_exec -p $test" "$test (complain)"
+
+genprofile_aa_exec "$test" 0
+runchecktest "negative test: bad mode: (enforceXXX)" fail "$aa_exec -p $test" "$test (enforceXXX)"
+
+genprofile_aa_exec "$test" 0
+runchecktest "enforce (--immediate)" pass "$aa_exec -i -p $test" "$test (enforce)"
+
+genprofile_aa_exec "$test" 1
+runchecktest "complain (--immediate)" pass "$aa_exec -p $test" "$test (complain)"
+
+genprofile_aa_exec "$test" 0
+runchecktest "negative test: bad profile (--immediate)" fail "$aa_exec -ip $test" "${test}XXX (enforce)"
+
+genprofile_aa_exec "$test" 0
+runchecktest "enforce (--namespace=${ns})" pass "$aa_exec -n $ns -p $test" "$test (enforce)"
+
+genprofile_aa_exec "$test" 1
+runchecktest "complain (--namespace=${ns})" pass "$aa_exec -n $ns -p $test" "$test (complain)"
+
+genprofile_aa_exec "$test" 0
+runchecktest "negative test: bad ns (--namespace=${ns}XXX)" fail "$aa_exec -n ${ns}XXX -p $test" "$test (enforce)"
diff --git a/tests/regression/apparmor/aa_exec_wrapper.sh b/tests/regression/apparmor/aa_exec_wrapper.sh
new file mode 100755
index 000000000..a27c5666e
--- /dev/null
+++ b/tests/regression/apparmor/aa_exec_wrapper.sh
@@ -0,0 +1,28 @@
+#! /bin/bash
+#	Copyright (C) 2015 Canonical, Ltd.
+#
+#	This program is free software; you can redistribute it and/or
+#	modify it under the terms of the GNU General Public License as
+#	published by the Free Software Foundation, version 2 of the
+#	License.
+
+if [ $# -ne 2 ]; then
+	echo "FAIL: usage: $0 AA_EXEC_CMD EXPECTED_PROC_ATTR_CURRENT"
+	echo "AA_EXEC_CMD			The path to aa-exec and the arguments to pass"
+	echo "EXPECTED_PROC_ATTR_CURRENT	The expected contents of /proc/self/attr/current"
+	exit 1
+fi
+
+out=$($1 -- cat /proc/self/attr/current 2>&1)
+rc=$?
+
+if [ $rc -eq 0 ] && [ "$out" == "$2" ]; then
+	echo PASS
+	exit 0
+elif [ $rc -ne 0 ]; then
+	echo "FAIL: aa-exec exited with status ${rc}:\n${out}\n"
+	exit 1
+else
+	echo "FAIL: bad confinement context: \"$out\" != \"$2 $3\""
+	exit 1
+fi
diff --git a/tests/regression/apparmor/uservars.inc.source b/tests/regression/apparmor/uservars.inc.source
index 7fbfdec12..aff53d2d0 100644
--- a/tests/regression/apparmor/uservars.inc.source
+++ b/tests/regression/apparmor/uservars.inc.source
@@ -12,3 +12,6 @@ tmpdir=/tmp/sdtest.$$-$RANDOM
 
 # 4. Location of load system profiles for verification
 sys_profiles=/sys/kernel/security/apparmor/profiles
+
+# 5. Location of aa-exec
+aa_exec=${PWD}/../../../utils/aa-exec
diff --git a/tests/regression/apparmor/uservars.inc.system b/tests/regression/apparmor/uservars.inc.system
index d304ea709..c448a6b7f 100644
--- a/tests/regression/apparmor/uservars.inc.system
+++ b/tests/regression/apparmor/uservars.inc.system
@@ -12,3 +12,6 @@ tmpdir=/tmp/sdtest.$$-$RANDOM
 
 # 4. Location of load system profiles for verification
 sys_profiles=/sys/kernel/security/apparmor/profiles
+
+# 5. Location of aa-exec
+aa_exec=$(which aa-exec)