diff --git a/kernel-patches/2.6.16/patches/apparmor_audit.patch b/kernel-patches/2.6.16/patches/apparmor_audit.patch deleted file mode 100644 index b038564c7..000000000 --- a/kernel-patches/2.6.16/patches/apparmor_audit.patch +++ /dev/null @@ -1,58 +0,0 @@ -From: tonyj@suse.de -Subject: Export audit subsystem for use by modules -Patch-mainline: no - -Adds necessary export symbols for audit subsystem routines. -Changes audit_log_vformat to be externally visible (analagous to vprintf) -Patch is not in mainline -- pending AppArmor code submission to lkml - -Index: linux-2.6.14/include/linux/audit.h -=================================================================== ---- linux-2.6.14.orig/include/linux/audit.h -+++ linux-2.6.14/include/linux/audit.h -@@ -73,6 +73,8 @@ - #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ - #define AUDIT_AVC_PATH 1402 /* dentry, vfsmount pair from avc */ - -+#define AUDIT_SD 1500 /* AppArmor (SubDomain) audit */ -+ - #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ - - /* Rule flags */ -@@ -265,6 +267,9 @@ extern void audit_log(struct audit_ - __attribute__((format(printf,4,5))); - - extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type); -+extern void audit_log_vformat(struct audit_buffer *ab, -+ const char *fmt, va_list args) -+ __attribute__((format(printf,2,0))); - extern void audit_log_format(struct audit_buffer *ab, - const char *fmt, ...) - __attribute__((format(printf,2,3))); -Index: linux-2.6.14/kernel/audit.c -=================================================================== ---- linux-2.6.14.orig/kernel/audit.c -+++ linux-2.6.14/kernel/audit.c -@@ -733,8 +733,8 @@ static inline int audit_expand(struct au - * room in the audit buffer, more room will be allocated and vsnprint - * will be called a second time. Currently, we assume that a printk - * can't format message larger than 1024 bytes, so we don't either. */ --static void audit_log_vformat(struct audit_buffer *ab, const char *fmt, -- va_list args) -+void audit_log_vformat(struct audit_buffer *ab, const char *fmt, -+ va_list args) - { - int len, avail; - struct sk_buff *skb; -@@ -895,3 +895,11 @@ void audit_log(struct audit_context *ctx - audit_log_end(ab); - } - } -+ -+EXPORT_SYMBOL_GPL(audit_log_start); -+EXPORT_SYMBOL_GPL(audit_log_vformat); -+EXPORT_SYMBOL_GPL(audit_log_format); -+EXPORT_SYMBOL_GPL(audit_log_untrustedstring); -+EXPORT_SYMBOL_GPL(audit_log_d_path); -+EXPORT_SYMBOL_GPL(audit_log_end); -+EXPORT_SYMBOL_GPL(audit_log); diff --git a/kernel-patches/2.6.16/patches/apparmor_namespacesem.patch b/kernel-patches/2.6.16/patches/apparmor_namespacesem.patch deleted file mode 100644 index 969cca73d..000000000 --- a/kernel-patches/2.6.16/patches/apparmor_namespacesem.patch +++ /dev/null @@ -1,36 +0,0 @@ -From: tonyj@suse.de -Subject: Export namespace semaphore -Patch-mainline: no - -Export global namespace_sem (this used to be a per namespace semaphore). -Alas, this isn't going to win _any_ points for style. -Patch is not in mainline -- pending AppArmor code submission to lkml - -Index: linux-2.6.15/fs/namespace.c -=================================================================== ---- linux-2.6.15.orig/fs/namespace.c -+++ linux-2.6.15/fs/namespace.c -@@ -46,7 +46,8 @@ static int event; - static struct list_head *mount_hashtable; - static int hash_mask __read_mostly, hash_bits __read_mostly; - static kmem_cache_t *mnt_cache; --static struct rw_semaphore namespace_sem; -+struct rw_semaphore namespace_sem; -+EXPORT_SYMBOL_GPL(namespace_sem); - - /* /sys/fs */ - decl_subsys(fs, NULL, NULL); -Index: linux-2.6.15/include/linux/namespace.h -=================================================================== ---- linux-2.6.15.orig/include/linux/namespace.h -+++ linux-2.6.15/include/linux/namespace.h -@@ -5,6 +5,9 @@ - #include - #include - -+/* exported for AppArmor (SubDomain) */ -+extern struct rw_semaphore namespace_sem; -+ - struct namespace { - atomic_t count; - struct vfsmount * root; diff --git a/kernel-patches/2.6.16/patches/apparmor_security.patch b/kernel-patches/2.6.16/patches/apparmor_security.patch deleted file mode 100644 index d4630cfd0..000000000 --- a/kernel-patches/2.6.16/patches/apparmor_security.patch +++ /dev/null @@ -1,24 +0,0 @@ -Index: b/security/Makefile -=================================================================== ---- a/security/Makefile -+++ b/security/Makefile -@@ -4,6 +4,7 @@ - - obj-$(CONFIG_KEYS) += keys/ - subdir-$(CONFIG_SECURITY_SELINUX) += selinux -+obj-$(CONFIG_SECURITY_APPARMOR) += commoncap.o apparmor/ - - # if we don't select a security model, use the default capabilities - ifneq ($(CONFIG_SECURITY),y) -Index: b/security/Kconfig -=================================================================== ---- a/security/Kconfig -+++ b/security/Kconfig -@@ -100,6 +100,7 @@ config SECURITY_SECLVL - If you are unsure how to answer this question, answer N. - - source security/selinux/Kconfig -+source security/apparmor/Kconfig - - endmenu - diff --git a/kernel-patches/2.6.16/patches/series b/kernel-patches/2.6.16/patches/series deleted file mode 100644 index 22ae747c4..000000000 --- a/kernel-patches/2.6.16/patches/series +++ /dev/null @@ -1,3 +0,0 @@ -apparmor_audit.patch -apparmor_namespacesem.patch -apparmor_security.patch diff --git a/kernel-patches/2.6.16/postapply/module-deprecated/series b/kernel-patches/2.6.16/postapply/module-deprecated/series deleted file mode 100644 index d0586459c..000000000 --- a/kernel-patches/2.6.16/postapply/module-deprecated/series +++ /dev/null @@ -1 +0,0 @@ -undo_netlinkrecv.patch diff --git a/kernel-patches/2.6.16/postapply/module-deprecated/undo_netlinkrecv.patch b/kernel-patches/2.6.16/postapply/module-deprecated/undo_netlinkrecv.patch deleted file mode 100644 index a910f6ca5..000000000 --- a/kernel-patches/2.6.16/postapply/module-deprecated/undo_netlinkrecv.patch +++ /dev/null @@ -1,14 +0,0 @@ ---- linux-2.6.18.orig/security/apparmor/lsm.c -+++ linux-2.6.18/security/apparmor/lsm.c -@@ -199,9 +199,9 @@ - return cap_netlink_send(sk, skb); - } - --static int subdomain_netlink_recv(struct sk_buff *skb, int cap) -+static int subdomain_netlink_recv(struct sk_buff *skb) - { -- return cap_netlink_recv(skb, cap); -+ return cap_netlink_recv(skb); - } - - static void subdomain_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) diff --git a/kernel-patches/2.6.16/postapply/module/series b/kernel-patches/2.6.16/postapply/module/series deleted file mode 100644 index 05576291a..000000000 --- a/kernel-patches/2.6.16/postapply/module/series +++ /dev/null @@ -1,2 +0,0 @@ -undo_2.6.20_mnt_namespace.patch -undo_netlinkrecv.patch diff --git a/kernel-patches/2.6.16/postapply/module/undo_2.6.20_mnt_namespace.patch b/kernel-patches/2.6.16/postapply/module/undo_2.6.20_mnt_namespace.patch deleted file mode 100644 index efa0640ab..000000000 --- a/kernel-patches/2.6.16/postapply/module/undo_2.6.20_mnt_namespace.patch +++ /dev/null @@ -1,37 +0,0 @@ -Index: linux-2.6.18.6/security/apparmor/apparmor.h -=================================================================== ---- linux-2.6.18.6.orig/security/apparmor/apparmor.h -+++ linux-2.6.18.6/security/apparmor/apparmor.h -@@ -210,7 +210,7 @@ typedef int (*aa_iter) (struct subdomain - */ - struct aa_path_data { - struct dentry *root, *dentry; -- struct mnt_namespace *mnt_namespace; -+ struct namespace *namespace; - struct list_head *head, *pos; - int errno; - }; -Index: linux-2.6.18.6/security/apparmor/inline.h -=================================================================== ---- linux-2.6.18.6.orig/security/apparmor/inline.h -+++ linux-2.6.18.6/security/apparmor/inline.h -@@ -10,7 +10,7 @@ - #ifndef __INLINE_H - #define __INLINE_H - --#include -+#include - - static inline int __aa_is_confined(struct subdomain *sd) - { -@@ -323,8 +323,8 @@ static inline void __aa_path_begin(struc - { - data->dentry = dentry; - data->root = dget(rdentry->d_sb->s_root); -- data->mnt_namespace = current->nsproxy->mnt_ns; -- data->head = &data->mnt_namespace->list; -+ data->namespace = current->namespace; -+ data->head = &data->namespace->list; - data->pos = data->head->next; - prefetch(data->pos->next); - data->errno = 0; diff --git a/kernel-patches/2.6.16/postapply/module/undo_netlinkrecv.patch b/kernel-patches/2.6.16/postapply/module/undo_netlinkrecv.patch deleted file mode 100644 index aa1aecaf7..000000000 --- a/kernel-patches/2.6.16/postapply/module/undo_netlinkrecv.patch +++ /dev/null @@ -1,16 +0,0 @@ -Index: linux-2.6.16.29/security/apparmor/lsm.c -=================================================================== ---- linux-2.6.16.29.orig/security/apparmor/lsm.c -+++ linux-2.6.16.29/security/apparmor/lsm.c -@@ -176,9 +176,9 @@ static int apparmor_netlink_send(struct - return cap_netlink_send(sk, skb); - } - --static int apparmor_netlink_recv(struct sk_buff *skb, int cap) -+static int apparmor_netlink_recv(struct sk_buff *skb) - { -- return cap_netlink_recv(skb, cap); -+ return cap_netlink_recv(skb); - } - - static void apparmor_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) diff --git a/kernel-patches/2.6.17/patches/apparmor_audit.patch b/kernel-patches/2.6.17/patches/apparmor_audit.patch deleted file mode 100644 index 4fca6c028..000000000 --- a/kernel-patches/2.6.17/patches/apparmor_audit.patch +++ /dev/null @@ -1,58 +0,0 @@ -From: tonyj@suse.de -Subject: Export audit subsystem for use by modules -Patch-mainline: no - -Adds necessary export symbols for audit subsystem routines. -Changes audit_log_vformat to be externally visible (analagous to vprintf) -Patch is not in mainline -- pending AppArmor code submission to lkml - - ---- - include/linux/audit.h | 5 +++++ - kernel/audit.c | 6 ++++-- - 2 files changed, 9 insertions(+), 2 deletions(-) - -Index: linux-2.6.17.9/include/linux/audit.h -=================================================================== ---- linux-2.6.17.9.orig/include/linux/audit.h -+++ linux-2.6.17.9/include/linux/audit.h -@@ -96,6 +96,8 @@ - #define AUDIT_LAST_KERN_ANOM_MSG 1799 - #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */ - -+#define AUDIT_SD 1500 /* AppArmor (SubDomain) audit */ -+ - #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ - - /* Rule flags */ -@@ -357,6 +359,9 @@ extern void audit_log(struct audit_ - __attribute__((format(printf,4,5))); - - extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type); -+extern void audit_log_vformat(struct audit_buffer *ab, -+ const char *fmt, va_list args) -+ __attribute__((format(printf,2,0))); - extern void audit_log_format(struct audit_buffer *ab, - const char *fmt, ...) - __attribute__((format(printf,2,3))); -Index: linux-2.6.17.9/kernel/audit.c -=================================================================== ---- linux-2.6.17.9.orig/kernel/audit.c -+++ linux-2.6.17.9/kernel/audit.c -@@ -893,8 +893,7 @@ static inline int audit_expand(struct au - * will be called a second time. Currently, we assume that a printk - * can't format message larger than 1024 bytes, so we don't either. - */ --static void audit_log_vformat(struct audit_buffer *ab, const char *fmt, -- va_list args) -+void audit_log_vformat(struct audit_buffer *ab, const char *fmt, va_list args) - { - int len, avail; - struct sk_buff *skb; -@@ -1096,3 +1095,6 @@ EXPORT_SYMBOL(audit_log_start); - EXPORT_SYMBOL(audit_log_end); - EXPORT_SYMBOL(audit_log_format); - EXPORT_SYMBOL(audit_log); -+EXPORT_SYMBOL_GPL(audit_log_vformat); -+EXPORT_SYMBOL_GPL(audit_log_untrustedstring); -+EXPORT_SYMBOL_GPL(audit_log_d_path); diff --git a/kernel-patches/2.6.17/patches/apparmor_namespacesem.patch b/kernel-patches/2.6.17/patches/apparmor_namespacesem.patch deleted file mode 100644 index 6fe66271c..000000000 --- a/kernel-patches/2.6.17/patches/apparmor_namespacesem.patch +++ /dev/null @@ -1,42 +0,0 @@ -From: tonyj@suse.de -Subject: Export namespace semaphore -Patch-mainline: no - -Export global namespace_sem (this used to be a per namespace semaphore). -Alas, this isn't going to win _any_ points for style. -Patch is not in mainline -- pending AppArmor code submission to lkml - - ---- - fs/namespace.c | 3 ++- - include/linux/namespace.h | 3 +++ - 2 files changed, 5 insertions(+), 1 deletion(-) - -Index: linux-2.6.17.9/fs/namespace.c -=================================================================== ---- linux-2.6.17.9.orig/fs/namespace.c -+++ linux-2.6.17.9/fs/namespace.c -@@ -46,7 +46,8 @@ static int event; - static struct list_head *mount_hashtable __read_mostly; - static int hash_mask __read_mostly, hash_bits __read_mostly; - static kmem_cache_t *mnt_cache __read_mostly; --static struct rw_semaphore namespace_sem; -+struct rw_semaphore namespace_sem; -+EXPORT_SYMBOL_GPL(namespace_sem); - - /* /sys/fs */ - decl_subsys(fs, NULL, NULL); -Index: linux-2.6.17.9/include/linux/namespace.h -=================================================================== ---- linux-2.6.17.9.orig/include/linux/namespace.h -+++ linux-2.6.17.9/include/linux/namespace.h -@@ -5,6 +5,9 @@ - #include - #include - -+/* exported for AppArmor (SubDomain) */ -+extern struct rw_semaphore namespace_sem; -+ - struct namespace { - atomic_t count; - struct vfsmount * root; diff --git a/kernel-patches/2.6.17/patches/apparmor_security.patch b/kernel-patches/2.6.17/patches/apparmor_security.patch deleted file mode 100644 index ef865c3ea..000000000 --- a/kernel-patches/2.6.17/patches/apparmor_security.patch +++ /dev/null @@ -1,24 +0,0 @@ -Index: linux-2.6.17.9/security/Makefile -=================================================================== ---- linux-2.6.17.9.orig/security/Makefile -+++ linux-2.6.17.9/security/Makefile -@@ -4,6 +4,7 @@ - - obj-$(CONFIG_KEYS) += keys/ - subdir-$(CONFIG_SECURITY_SELINUX) += selinux -+obj-$(CONFIG_SECURITY_APPARMOR) += commoncap.o apparmor/ - - # if we don't select a security model, use the default capabilities - ifneq ($(CONFIG_SECURITY),y) -Index: linux-2.6.17.9/security/Kconfig -=================================================================== ---- linux-2.6.17.9.orig/security/Kconfig -+++ linux-2.6.17.9/security/Kconfig -@@ -100,6 +100,7 @@ config SECURITY_SECLVL - If you are unsure how to answer this question, answer N. - - source security/selinux/Kconfig -+source security/apparmor/Kconfig - - endmenu - diff --git a/kernel-patches/2.6.17/patches/series b/kernel-patches/2.6.17/patches/series deleted file mode 100644 index 22ae747c4..000000000 --- a/kernel-patches/2.6.17/patches/series +++ /dev/null @@ -1,3 +0,0 @@ -apparmor_audit.patch -apparmor_namespacesem.patch -apparmor_security.patch diff --git a/kernel-patches/2.6.17/postapply/module-deprecated/series b/kernel-patches/2.6.17/postapply/module-deprecated/series deleted file mode 100644 index d0586459c..000000000 --- a/kernel-patches/2.6.17/postapply/module-deprecated/series +++ /dev/null @@ -1 +0,0 @@ -undo_netlinkrecv.patch diff --git a/kernel-patches/2.6.17/postapply/module-deprecated/undo_netlinkrecv.patch b/kernel-patches/2.6.17/postapply/module-deprecated/undo_netlinkrecv.patch deleted file mode 100644 index a910f6ca5..000000000 --- a/kernel-patches/2.6.17/postapply/module-deprecated/undo_netlinkrecv.patch +++ /dev/null @@ -1,14 +0,0 @@ ---- linux-2.6.18.orig/security/apparmor/lsm.c -+++ linux-2.6.18/security/apparmor/lsm.c -@@ -199,9 +199,9 @@ - return cap_netlink_send(sk, skb); - } - --static int subdomain_netlink_recv(struct sk_buff *skb, int cap) -+static int subdomain_netlink_recv(struct sk_buff *skb) - { -- return cap_netlink_recv(skb, cap); -+ return cap_netlink_recv(skb); - } - - static void subdomain_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) diff --git a/kernel-patches/2.6.17/postapply/module/series b/kernel-patches/2.6.17/postapply/module/series deleted file mode 100644 index 05576291a..000000000 --- a/kernel-patches/2.6.17/postapply/module/series +++ /dev/null @@ -1,2 +0,0 @@ -undo_2.6.20_mnt_namespace.patch -undo_netlinkrecv.patch diff --git a/kernel-patches/2.6.17/postapply/module/undo_2.6.20_mnt_namespace.patch b/kernel-patches/2.6.17/postapply/module/undo_2.6.20_mnt_namespace.patch deleted file mode 100644 index efa0640ab..000000000 --- a/kernel-patches/2.6.17/postapply/module/undo_2.6.20_mnt_namespace.patch +++ /dev/null @@ -1,37 +0,0 @@ -Index: linux-2.6.18.6/security/apparmor/apparmor.h -=================================================================== ---- linux-2.6.18.6.orig/security/apparmor/apparmor.h -+++ linux-2.6.18.6/security/apparmor/apparmor.h -@@ -210,7 +210,7 @@ typedef int (*aa_iter) (struct subdomain - */ - struct aa_path_data { - struct dentry *root, *dentry; -- struct mnt_namespace *mnt_namespace; -+ struct namespace *namespace; - struct list_head *head, *pos; - int errno; - }; -Index: linux-2.6.18.6/security/apparmor/inline.h -=================================================================== ---- linux-2.6.18.6.orig/security/apparmor/inline.h -+++ linux-2.6.18.6/security/apparmor/inline.h -@@ -10,7 +10,7 @@ - #ifndef __INLINE_H - #define __INLINE_H - --#include -+#include - - static inline int __aa_is_confined(struct subdomain *sd) - { -@@ -323,8 +323,8 @@ static inline void __aa_path_begin(struc - { - data->dentry = dentry; - data->root = dget(rdentry->d_sb->s_root); -- data->mnt_namespace = current->nsproxy->mnt_ns; -- data->head = &data->mnt_namespace->list; -+ data->namespace = current->namespace; -+ data->head = &data->namespace->list; - data->pos = data->head->next; - prefetch(data->pos->next); - data->errno = 0; diff --git a/kernel-patches/2.6.17/postapply/module/undo_netlinkrecv.patch b/kernel-patches/2.6.17/postapply/module/undo_netlinkrecv.patch deleted file mode 100644 index aa1aecaf7..000000000 --- a/kernel-patches/2.6.17/postapply/module/undo_netlinkrecv.patch +++ /dev/null @@ -1,16 +0,0 @@ -Index: linux-2.6.16.29/security/apparmor/lsm.c -=================================================================== ---- linux-2.6.16.29.orig/security/apparmor/lsm.c -+++ linux-2.6.16.29/security/apparmor/lsm.c -@@ -176,9 +176,9 @@ static int apparmor_netlink_send(struct - return cap_netlink_send(sk, skb); - } - --static int apparmor_netlink_recv(struct sk_buff *skb, int cap) -+static int apparmor_netlink_recv(struct sk_buff *skb) - { -- return cap_netlink_recv(skb, cap); -+ return cap_netlink_recv(skb); - } - - static void apparmor_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) diff --git a/kernel-patches/2.6.18/patches/apparmor_audit.patch b/kernel-patches/2.6.18/patches/apparmor_audit.patch deleted file mode 100644 index 1347bfe50..000000000 --- a/kernel-patches/2.6.18/patches/apparmor_audit.patch +++ /dev/null @@ -1,54 +0,0 @@ -From: tonyj@suse.de -Subject: Export audit subsystem for use by modules -Patch-mainline: no - -Adds necessary export symbols for audit subsystem routines. -Changes audit_log_vformat to be externally visible (analagous to vprintf) -Patch is not in mainline -- pending AppArmor code submission to lkml - - ---- - include/linux/audit.h | 5 +++++ - kernel/audit.c | 6 ++++-- - 2 files changed, 9 insertions(+), 2 deletions(-) - ---- linux-2.6.18.orig/include/linux/audit.h -+++ linux-2.6.18/include/linux/audit.h -@@ -100,6 +100,8 @@ - #define AUDIT_LAST_KERN_ANOM_MSG 1799 - #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */ - -+#define AUDIT_SD 1500 /* AppArmor (SubDomain) audit */ -+ - #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ - - /* Rule flags */ -@@ -466,6 +468,9 @@ extern void audit_log(struct audit_ - __attribute__((format(printf,4,5))); - - extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type); -+extern void audit_log_vformat(struct audit_buffer *ab, -+ const char *fmt, va_list args) -+ __attribute__((format(printf,2,0))); - extern void audit_log_format(struct audit_buffer *ab, - const char *fmt, ...) - __attribute__((format(printf,2,3))); ---- linux-2.6.18.orig/kernel/audit.c -+++ linux-2.6.18/kernel/audit.c -@@ -954,8 +954,7 @@ static inline int audit_expand(struct au - * will be called a second time. Currently, we assume that a printk - * can't format message larger than 1024 bytes, so we don't either. - */ --static void audit_log_vformat(struct audit_buffer *ab, const char *fmt, -- va_list args) -+void audit_log_vformat(struct audit_buffer *ab, const char *fmt, va_list args) - { - int len, avail; - struct sk_buff *skb; -@@ -1211,3 +1210,6 @@ EXPORT_SYMBOL(audit_log_start); - EXPORT_SYMBOL(audit_log_end); - EXPORT_SYMBOL(audit_log_format); - EXPORT_SYMBOL(audit_log); -+EXPORT_SYMBOL_GPL(audit_log_vformat); -+EXPORT_SYMBOL_GPL(audit_log_untrustedstring); -+EXPORT_SYMBOL_GPL(audit_log_d_path); diff --git a/kernel-patches/2.6.18/patches/apparmor_namespacesem.patch b/kernel-patches/2.6.18/patches/apparmor_namespacesem.patch deleted file mode 100644 index 61f804b16..000000000 --- a/kernel-patches/2.6.18/patches/apparmor_namespacesem.patch +++ /dev/null @@ -1,38 +0,0 @@ -From: tonyj@suse.de -Subject: Export namespace semaphore -Patch-mainline: no - -Export global namespace_sem (this used to be a per namespace semaphore). -Alas, this isn't going to win _any_ points for style. -Patch is not in mainline -- pending AppArmor code submission to lkml - - ---- - fs/namespace.c | 3 ++- - include/linux/namespace.h | 3 +++ - 2 files changed, 5 insertions(+), 1 deletion(-) - ---- linux-2.6.18.orig/fs/namespace.c -+++ linux-2.6.18/fs/namespace.c -@@ -45,7 +45,8 @@ static int event; - static struct list_head *mount_hashtable __read_mostly; - static int hash_mask __read_mostly, hash_bits __read_mostly; - static kmem_cache_t *mnt_cache __read_mostly; --static struct rw_semaphore namespace_sem; -+struct rw_semaphore namespace_sem; -+EXPORT_SYMBOL_GPL(namespace_sem); - - /* /sys/fs */ - decl_subsys(fs, NULL, NULL); ---- linux-2.6.18.orig/include/linux/namespace.h -+++ linux-2.6.18/include/linux/namespace.h -@@ -5,6 +5,9 @@ - #include - #include - -+/* exported for AppArmor (SubDomain) */ -+extern struct rw_semaphore namespace_sem; -+ - struct namespace { - atomic_t count; - struct vfsmount * root; diff --git a/kernel-patches/2.6.18/patches/apparmor_security.patch b/kernel-patches/2.6.18/patches/apparmor_security.patch deleted file mode 100644 index 3f3140a2b..000000000 --- a/kernel-patches/2.6.18/patches/apparmor_security.patch +++ /dev/null @@ -1,22 +0,0 @@ -Index: linux-2.6.18/security/Makefile -=================================================================== ---- linux-2.6.18.orig/security/Makefile -+++ linux-2.6.18/security/Makefile -@@ -4,6 +4,7 @@ - - obj-$(CONFIG_KEYS) += keys/ - subdir-$(CONFIG_SECURITY_SELINUX) += selinux -+obj-$(CONFIG_SECURITY_APPARMOR) += commoncap.o apparmor/ - - # if we don't select a security model, use the default capabilities - ifneq ($(CONFIG_SECURITY),y) ---- linux-2.6.17.orig/security/Kconfig -+++ linux-2.6.17/security/Kconfig -@@ -106,6 +106,7 @@ config SECURITY_SECLVL - If you are unsure how to answer this question, answer N. - - source security/selinux/Kconfig -+source security/apparmor/Kconfig - - endmenu - diff --git a/kernel-patches/2.6.18/patches/series b/kernel-patches/2.6.18/patches/series deleted file mode 100644 index 22ae747c4..000000000 --- a/kernel-patches/2.6.18/patches/series +++ /dev/null @@ -1,3 +0,0 @@ -apparmor_audit.patch -apparmor_namespacesem.patch -apparmor_security.patch diff --git a/kernel-patches/2.6.18/postapply/module/series b/kernel-patches/2.6.18/postapply/module/series deleted file mode 100644 index 048ec4b31..000000000 --- a/kernel-patches/2.6.18/postapply/module/series +++ /dev/null @@ -1 +0,0 @@ -undo_2.6.20_mnt_namespace.patch diff --git a/kernel-patches/2.6.18/postapply/module/undo_2.6.20_mnt_namespace.patch b/kernel-patches/2.6.18/postapply/module/undo_2.6.20_mnt_namespace.patch deleted file mode 100644 index efa0640ab..000000000 --- a/kernel-patches/2.6.18/postapply/module/undo_2.6.20_mnt_namespace.patch +++ /dev/null @@ -1,37 +0,0 @@ -Index: linux-2.6.18.6/security/apparmor/apparmor.h -=================================================================== ---- linux-2.6.18.6.orig/security/apparmor/apparmor.h -+++ linux-2.6.18.6/security/apparmor/apparmor.h -@@ -210,7 +210,7 @@ typedef int (*aa_iter) (struct subdomain - */ - struct aa_path_data { - struct dentry *root, *dentry; -- struct mnt_namespace *mnt_namespace; -+ struct namespace *namespace; - struct list_head *head, *pos; - int errno; - }; -Index: linux-2.6.18.6/security/apparmor/inline.h -=================================================================== ---- linux-2.6.18.6.orig/security/apparmor/inline.h -+++ linux-2.6.18.6/security/apparmor/inline.h -@@ -10,7 +10,7 @@ - #ifndef __INLINE_H - #define __INLINE_H - --#include -+#include - - static inline int __aa_is_confined(struct subdomain *sd) - { -@@ -323,8 +323,8 @@ static inline void __aa_path_begin(struc - { - data->dentry = dentry; - data->root = dget(rdentry->d_sb->s_root); -- data->mnt_namespace = current->nsproxy->mnt_ns; -- data->head = &data->mnt_namespace->list; -+ data->namespace = current->namespace; -+ data->head = &data->namespace->list; - data->pos = data->head->next; - prefetch(data->pos->next); - data->errno = 0; diff --git a/kernel-patches/2.6.19/patches/apparmor_audit.patch b/kernel-patches/2.6.19/patches/apparmor_audit.patch deleted file mode 100644 index 1347bfe50..000000000 --- a/kernel-patches/2.6.19/patches/apparmor_audit.patch +++ /dev/null @@ -1,54 +0,0 @@ -From: tonyj@suse.de -Subject: Export audit subsystem for use by modules -Patch-mainline: no - -Adds necessary export symbols for audit subsystem routines. -Changes audit_log_vformat to be externally visible (analagous to vprintf) -Patch is not in mainline -- pending AppArmor code submission to lkml - - ---- - include/linux/audit.h | 5 +++++ - kernel/audit.c | 6 ++++-- - 2 files changed, 9 insertions(+), 2 deletions(-) - ---- linux-2.6.18.orig/include/linux/audit.h -+++ linux-2.6.18/include/linux/audit.h -@@ -100,6 +100,8 @@ - #define AUDIT_LAST_KERN_ANOM_MSG 1799 - #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */ - -+#define AUDIT_SD 1500 /* AppArmor (SubDomain) audit */ -+ - #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ - - /* Rule flags */ -@@ -466,6 +468,9 @@ extern void audit_log(struct audit_ - __attribute__((format(printf,4,5))); - - extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type); -+extern void audit_log_vformat(struct audit_buffer *ab, -+ const char *fmt, va_list args) -+ __attribute__((format(printf,2,0))); - extern void audit_log_format(struct audit_buffer *ab, - const char *fmt, ...) - __attribute__((format(printf,2,3))); ---- linux-2.6.18.orig/kernel/audit.c -+++ linux-2.6.18/kernel/audit.c -@@ -954,8 +954,7 @@ static inline int audit_expand(struct au - * will be called a second time. Currently, we assume that a printk - * can't format message larger than 1024 bytes, so we don't either. - */ --static void audit_log_vformat(struct audit_buffer *ab, const char *fmt, -- va_list args) -+void audit_log_vformat(struct audit_buffer *ab, const char *fmt, va_list args) - { - int len, avail; - struct sk_buff *skb; -@@ -1211,3 +1210,6 @@ EXPORT_SYMBOL(audit_log_start); - EXPORT_SYMBOL(audit_log_end); - EXPORT_SYMBOL(audit_log_format); - EXPORT_SYMBOL(audit_log); -+EXPORT_SYMBOL_GPL(audit_log_vformat); -+EXPORT_SYMBOL_GPL(audit_log_untrustedstring); -+EXPORT_SYMBOL_GPL(audit_log_d_path); diff --git a/kernel-patches/2.6.19/patches/apparmor_namespacesem.patch b/kernel-patches/2.6.19/patches/apparmor_namespacesem.patch deleted file mode 100644 index 61f804b16..000000000 --- a/kernel-patches/2.6.19/patches/apparmor_namespacesem.patch +++ /dev/null @@ -1,38 +0,0 @@ -From: tonyj@suse.de -Subject: Export namespace semaphore -Patch-mainline: no - -Export global namespace_sem (this used to be a per namespace semaphore). -Alas, this isn't going to win _any_ points for style. -Patch is not in mainline -- pending AppArmor code submission to lkml - - ---- - fs/namespace.c | 3 ++- - include/linux/namespace.h | 3 +++ - 2 files changed, 5 insertions(+), 1 deletion(-) - ---- linux-2.6.18.orig/fs/namespace.c -+++ linux-2.6.18/fs/namespace.c -@@ -45,7 +45,8 @@ static int event; - static struct list_head *mount_hashtable __read_mostly; - static int hash_mask __read_mostly, hash_bits __read_mostly; - static kmem_cache_t *mnt_cache __read_mostly; --static struct rw_semaphore namespace_sem; -+struct rw_semaphore namespace_sem; -+EXPORT_SYMBOL_GPL(namespace_sem); - - /* /sys/fs */ - decl_subsys(fs, NULL, NULL); ---- linux-2.6.18.orig/include/linux/namespace.h -+++ linux-2.6.18/include/linux/namespace.h -@@ -5,6 +5,9 @@ - #include - #include - -+/* exported for AppArmor (SubDomain) */ -+extern struct rw_semaphore namespace_sem; -+ - struct namespace { - atomic_t count; - struct vfsmount * root; diff --git a/kernel-patches/2.6.19/patches/apparmor_security.patch b/kernel-patches/2.6.19/patches/apparmor_security.patch deleted file mode 100644 index 3f3140a2b..000000000 --- a/kernel-patches/2.6.19/patches/apparmor_security.patch +++ /dev/null @@ -1,22 +0,0 @@ -Index: linux-2.6.18/security/Makefile -=================================================================== ---- linux-2.6.18.orig/security/Makefile -+++ linux-2.6.18/security/Makefile -@@ -4,6 +4,7 @@ - - obj-$(CONFIG_KEYS) += keys/ - subdir-$(CONFIG_SECURITY_SELINUX) += selinux -+obj-$(CONFIG_SECURITY_APPARMOR) += commoncap.o apparmor/ - - # if we don't select a security model, use the default capabilities - ifneq ($(CONFIG_SECURITY),y) ---- linux-2.6.17.orig/security/Kconfig -+++ linux-2.6.17/security/Kconfig -@@ -106,6 +106,7 @@ config SECURITY_SECLVL - If you are unsure how to answer this question, answer N. - - source security/selinux/Kconfig -+source security/apparmor/Kconfig - - endmenu - diff --git a/kernel-patches/2.6.19/patches/series b/kernel-patches/2.6.19/patches/series deleted file mode 100644 index 22ae747c4..000000000 --- a/kernel-patches/2.6.19/patches/series +++ /dev/null @@ -1,3 +0,0 @@ -apparmor_audit.patch -apparmor_namespacesem.patch -apparmor_security.patch diff --git a/kernel-patches/2.6.19/postapply/module/series b/kernel-patches/2.6.19/postapply/module/series deleted file mode 100644 index 048ec4b31..000000000 --- a/kernel-patches/2.6.19/postapply/module/series +++ /dev/null @@ -1 +0,0 @@ -undo_2.6.20_mnt_namespace.patch diff --git a/kernel-patches/2.6.19/postapply/module/undo_2.6.20_mnt_namespace.patch b/kernel-patches/2.6.19/postapply/module/undo_2.6.20_mnt_namespace.patch deleted file mode 100644 index efa0640ab..000000000 --- a/kernel-patches/2.6.19/postapply/module/undo_2.6.20_mnt_namespace.patch +++ /dev/null @@ -1,37 +0,0 @@ -Index: linux-2.6.18.6/security/apparmor/apparmor.h -=================================================================== ---- linux-2.6.18.6.orig/security/apparmor/apparmor.h -+++ linux-2.6.18.6/security/apparmor/apparmor.h -@@ -210,7 +210,7 @@ typedef int (*aa_iter) (struct subdomain - */ - struct aa_path_data { - struct dentry *root, *dentry; -- struct mnt_namespace *mnt_namespace; -+ struct namespace *namespace; - struct list_head *head, *pos; - int errno; - }; -Index: linux-2.6.18.6/security/apparmor/inline.h -=================================================================== ---- linux-2.6.18.6.orig/security/apparmor/inline.h -+++ linux-2.6.18.6/security/apparmor/inline.h -@@ -10,7 +10,7 @@ - #ifndef __INLINE_H - #define __INLINE_H - --#include -+#include - - static inline int __aa_is_confined(struct subdomain *sd) - { -@@ -323,8 +323,8 @@ static inline void __aa_path_begin(struc - { - data->dentry = dentry; - data->root = dget(rdentry->d_sb->s_root); -- data->mnt_namespace = current->nsproxy->mnt_ns; -- data->head = &data->mnt_namespace->list; -+ data->namespace = current->namespace; -+ data->head = &data->namespace->list; - data->pos = data->head->next; - prefetch(data->pos->next); - data->errno = 0; diff --git a/kernel-patches/2.6.20/patches/apparmor_audit.patch b/kernel-patches/2.6.20/patches/apparmor_audit.patch deleted file mode 100644 index 1347bfe50..000000000 --- a/kernel-patches/2.6.20/patches/apparmor_audit.patch +++ /dev/null @@ -1,54 +0,0 @@ -From: tonyj@suse.de -Subject: Export audit subsystem for use by modules -Patch-mainline: no - -Adds necessary export symbols for audit subsystem routines. -Changes audit_log_vformat to be externally visible (analagous to vprintf) -Patch is not in mainline -- pending AppArmor code submission to lkml - - ---- - include/linux/audit.h | 5 +++++ - kernel/audit.c | 6 ++++-- - 2 files changed, 9 insertions(+), 2 deletions(-) - ---- linux-2.6.18.orig/include/linux/audit.h -+++ linux-2.6.18/include/linux/audit.h -@@ -100,6 +100,8 @@ - #define AUDIT_LAST_KERN_ANOM_MSG 1799 - #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */ - -+#define AUDIT_SD 1500 /* AppArmor (SubDomain) audit */ -+ - #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ - - /* Rule flags */ -@@ -466,6 +468,9 @@ extern void audit_log(struct audit_ - __attribute__((format(printf,4,5))); - - extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type); -+extern void audit_log_vformat(struct audit_buffer *ab, -+ const char *fmt, va_list args) -+ __attribute__((format(printf,2,0))); - extern void audit_log_format(struct audit_buffer *ab, - const char *fmt, ...) - __attribute__((format(printf,2,3))); ---- linux-2.6.18.orig/kernel/audit.c -+++ linux-2.6.18/kernel/audit.c -@@ -954,8 +954,7 @@ static inline int audit_expand(struct au - * will be called a second time. Currently, we assume that a printk - * can't format message larger than 1024 bytes, so we don't either. - */ --static void audit_log_vformat(struct audit_buffer *ab, const char *fmt, -- va_list args) -+void audit_log_vformat(struct audit_buffer *ab, const char *fmt, va_list args) - { - int len, avail; - struct sk_buff *skb; -@@ -1211,3 +1210,6 @@ EXPORT_SYMBOL(audit_log_start); - EXPORT_SYMBOL(audit_log_end); - EXPORT_SYMBOL(audit_log_format); - EXPORT_SYMBOL(audit_log); -+EXPORT_SYMBOL_GPL(audit_log_vformat); -+EXPORT_SYMBOL_GPL(audit_log_untrustedstring); -+EXPORT_SYMBOL_GPL(audit_log_d_path); diff --git a/kernel-patches/2.6.20/patches/apparmor_namespacesem.patch b/kernel-patches/2.6.20/patches/apparmor_namespacesem.patch deleted file mode 100644 index fe7a315ac..000000000 --- a/kernel-patches/2.6.20/patches/apparmor_namespacesem.patch +++ /dev/null @@ -1,38 +0,0 @@ -From: tonyj@suse.de -Subject: Export namespace semaphore -Patch-mainline: no - -Export global namespace_sem (this used to be a per namespace semaphore). -Alas, this isn't going to win _any_ points for style. -Patch is not in mainline -- pending AppArmor code submission to lkml - - ---- - fs/namespace.c | 3 ++- - include/linux/mnt_namespace.h | 3 +++ - 2 files changed, 5 insertions(+), 1 deletion(-) - ---- linux-2.6.19.orig/fs/namespace.c -+++ linux-2.6.19/fs/namespace.c -@@ -37,7 +37,8 @@ static int event; - static struct list_head *mount_hashtable __read_mostly; - static int hash_mask __read_mostly, hash_bits __read_mostly; - static struct kmem_cache *mnt_cache __read_mostly; --static struct rw_semaphore namespace_sem; -+struct rw_semaphore namespace_sem; -+EXPORT_SYMBOL_GPL(namespace_sem); - - /* /sys/fs */ - decl_subsys(fs, NULL, NULL); ---- linux-2.6.19.orig/include/linux/mnt_namespace.h -+++ linux-2.6.19/include/linux/mnt_namespace.h -@@ -6,6 +6,9 @@ - #include - #include - -+/* exported for AppArmor (SubDomain) */ -+extern struct rw_semaphore namespace_sem; -+ - struct mnt_namespace { - atomic_t count; - struct vfsmount * root; diff --git a/kernel-patches/2.6.20/patches/apparmor_security.patch b/kernel-patches/2.6.20/patches/apparmor_security.patch deleted file mode 100644 index 3f3140a2b..000000000 --- a/kernel-patches/2.6.20/patches/apparmor_security.patch +++ /dev/null @@ -1,22 +0,0 @@ -Index: linux-2.6.18/security/Makefile -=================================================================== ---- linux-2.6.18.orig/security/Makefile -+++ linux-2.6.18/security/Makefile -@@ -4,6 +4,7 @@ - - obj-$(CONFIG_KEYS) += keys/ - subdir-$(CONFIG_SECURITY_SELINUX) += selinux -+obj-$(CONFIG_SECURITY_APPARMOR) += commoncap.o apparmor/ - - # if we don't select a security model, use the default capabilities - ifneq ($(CONFIG_SECURITY),y) ---- linux-2.6.17.orig/security/Kconfig -+++ linux-2.6.17/security/Kconfig -@@ -106,6 +106,7 @@ config SECURITY_SECLVL - If you are unsure how to answer this question, answer N. - - source security/selinux/Kconfig -+source security/apparmor/Kconfig - - endmenu - diff --git a/kernel-patches/2.6.20/patches/series b/kernel-patches/2.6.20/patches/series deleted file mode 100644 index 22ae747c4..000000000 --- a/kernel-patches/2.6.20/patches/series +++ /dev/null @@ -1,3 +0,0 @@ -apparmor_audit.patch -apparmor_namespacesem.patch -apparmor_security.patch diff --git a/kernel-patches/README b/kernel-patches/README deleted file mode 100644 index bfb13a049..000000000 --- a/kernel-patches/README +++ /dev/null @@ -1,29 +0,0 @@ -For each kernel release there is a directory named using the kernel version # - -The files managed by svn in a release directory are: - -patches/ - directory of kernel patches without the apparmor module in the - series. These are used to build the apparmor.patch and - apparmor-fullseries.patch -postapply/ - directory of patches to the module code in head of svn enabling - it to build for a given kernel. - current/ - patches against current branch - nextgen/ - patches against nextgen branch - - -when a release tar ball is built it will be automatically generated using -the tip of module and module-nextgen and the release dir in the tar ball -will be populated with: - -kernel version # - current/ - contains the patches for the current branch of apparmor - apparmor-Kversion#-svnversion#-fullseries.patch - single kernel patcch - patches/ - quilt series to patch kernel including apparmor patch - - nextgen - contains the patches for the nextgen branch of apparmor - apparmor-Kversion#-svnversion#-fullseries.patch - single kernel patch - patches/ - quilt series to patch kernel including apparmor patch - -the fullseries kernel patches are equivalent to the quilt series flattened -into a single patch - diff --git a/kernel-patches/README.release b/kernel-patches/README.release deleted file mode 100644 index ba14ca62a..000000000 --- a/kernel-patches/README.release +++ /dev/null @@ -1,12 +0,0 @@ -Contents of apparmor kernel patch release - - current/ - contains the patches for the current branch of apparmor - apparmor-Kversion#-svnversion#-fullseries.patch - single kernel patcch - patches/ - quilt series to patch kernel including apparmor patch - - nextgen - contains the patches for the nextgen branch of apparmor - apparmor-Kversion#-svnversion#-fullseries.patch - single kernel patch - patches/ - quilt series to patch kernel including apparmor patch - -the fullseries kernel patches are equivalent to the quilt series flattened -into a single patch diff --git a/kernel-patches/README.snapshot b/kernel-patches/README.snapshot deleted file mode 100644 index 8d59b36c0..000000000 --- a/kernel-patches/README.snapshot +++ /dev/null @@ -1,11 +0,0 @@ -AppArmor kernel patches - -This directory should contain 2 patches that do the same thing. The patches -directory contains a quilt series of distinct patches necessary to apply -apparmor to the kernel. - -The fullseries patch is the quilt series combined into a single patch. - -The apparmor patches name convention is - -apparmor-${KERNEL_VERSION}-v${APPARMOR_MODULE_REPO_VERSION}.patch diff --git a/kernel-patches/gen-k-patches.sh b/kernel-patches/gen-k-patches.sh deleted file mode 100755 index 51e9ff472..000000000 --- a/kernel-patches/gen-k-patches.sh +++ /dev/null @@ -1,124 +0,0 @@ -#!/bin/bash - -# a brain dead script to provide kernel patches from the apparmor svn module -# for snapshot releases - -# gen-k-patches.sh linux-2.6.16.43 ~/immunix/forge-svn/trunk/module/apparmor/ ~/immunix/forge-svn/trunk/kernel-patches/2.6.16 ~/linux-kernels/ - -usage() -{ - echo "Usage: $0 kernelsource module patches destination" - exit 0 -} - -# $1 - module dir -get_repo_version() -{ - local origWD=`pwd` - cd "$1" - if [ -x /usr/bin/svn ] ; then - REPO_VERSION=`/usr/bin/svn info . 2> /dev/null | grep "^Last Changed Rev:" | sed "s/^Last Changed Rev: //"` - fi - if [ -z ${REPO_VERSION} ] ; then - REPO_VERSION="unknown" - fi - cd "${origWD}" - echo "Done Getting Repo version ${REPO_VERSION}" -} - -cleanup() -{ -# ???? -echo "cleanup" -} - - -add_files() -{ - local f - for f in $1/* ; do - if [ -d "$f" ] ; then - add_files "$f" "$2" - else - quilt add security/apparmor/${f#$2} - fi - done -} - -# $1 - kernel dir -# $2 - dir with patches -# $3 - module -# $4 - kernel ver # -# $5 - svn ver # -# $6 - destination -patches_for_kernel() -{ - local WD=`pwd` - if [ -d $2/patches ] ; then - cp -r $2/patches $6/ - cp -r $2/../README.snapshot $6/ - cp -r $2/patches $1 - - else - mkdir $6/patches - fi - - cd $1 - quilt push -a - - quilt new apparmor.diff - add_files $3 $3 - cp -r $3 security/apparmor - quilt refresh - if [ -d $2/postapply/module ] ; then - mv patches/series patches/series.bak - cp -r $2/postapply/module/* patches/ - cp patches/series.bak patches/series - cat $2/postapply/module/series >>patches/series - quilt push -a - fi - - echo "creating patches in $6" - quilt diff -p ab --combine apparmor.diff >foo - echo "AppArmor kernel patches for repo version $5" >$6/patches/apparmor-$4-v$5.diff - diffstat foo >>$6/patches/apparmor-$4-v$5.diff - cat foo >>$6/patches/apparmor-$4-v$5.diff - cat patches/series.bak | sed "s/apparmor.diff/apparmor-$4-v$5.diff/" > $6/patches/series - - quilt diff -p ab --combine - >foo - echo "AppArmor kernel patches for repo version $5" >$6/apparmor-$4-v$5-fullseries.diff - diffstat foo >>$6/apparmor-$4-v$5-fullseries.diff - cat foo >>$6/apparmor-$4-v$5-fullseries.diff - - quilt pop -a - rm -rf foo - rm -rf security/apparmor - rm -rf patches - rm -rf .pc - cd $WD -} - -VERSION=`expr "$1" : '.*\(2\.6\.[^ /\t]*\)' ` -if [ -z ${VERSION} ]; then - echo "script expects a kernelsource dir with embedded version tag." - echo " eg. linux-2.6.16rc1" - exit 1; -fi - - -if ! [ -e "$4/$VERSION" ] ; then - echo "Making destination $4/$VERSION" - mkdir "$4/$VERSION" -else - echo "Destination $4/$VERSION already exists" -fi - -get_repo_version $2 - -patches_for_kernel $1 $3 $2 $VERSION $REPO_VERSION "$4/$VERSION" - -WD=`pwd` -cd $4 -tar --exclude=.svn -cf "apparmor-kernel-patches-$VERSION.tar" "$VERSION" -gzip "apparmor-kernel-patches-$VERSION.tar" -cd $WD