---
 security/apparmor/list.c     |    2 +-
 security/apparmor/main.c     |   20 +++++++++++---------
 security/apparmor/procattr.c |   13 +++++++------
 3 files changed, 19 insertions(+), 16 deletions(-)

--- a/security/apparmor/list.c
+++ b/security/apparmor/list.c
@@ -142,7 +142,7 @@ static int seq_show_profile(struct seq_f
 	    seq_printf(f, "%s (%s)\n", profile->name,
 		       PROFILE_COMPLAIN(profile) ? "complain" : "enforce");
 	else
-	    seq_printf(f, "%s:%s (%s)\n", profile->ns->name, profile->name,
+	    seq_printf(f, ":%s:%s (%s)\n", profile->ns->name, profile->name,
 		       PROFILE_COMPLAIN(profile) ? "complain" : "enforce");
 	return 0;
 }
--- a/security/apparmor/main.c
+++ b/security/apparmor/main.c
@@ -251,8 +251,10 @@ static int aa_audit_base(struct aa_profi
 		audit_log_format(ab, " profile=");
 		audit_log_untrustedstring(ab, profile->name);
 
-		audit_log_format(ab, " namespace=");
-		audit_log_untrustedstring(ab, profile->ns->name);
+		if (profile->ns != default_namespace) {
+			audit_log_format(ab, " namespace=");
+			audit_log_untrustedstring(ab, profile->ns->name);
+		}
 	}
 
 	audit_log_end(ab);
@@ -1364,15 +1366,15 @@ repeat:
 
 	if (hat_name) {
 		char *name, *profile_name;
-		/* Not Yet.  This perm check is currently done by searching
-		   for the hat profile.   When hat style profile names
-		   become more generic then this will be needed.
-		if (!(aa_match(profile->file_rules, hat_name) &
-		      AA_CHANGE_PROFILE)) {
-			error = -EACCES;
+		if (!PROFILE_COMPLAIN(profile) &&
+		    !(aa_match(profile->file_rules, hat_name, NULL)
+		      & AA_CHANGE_HAT)) {
+			/* missing permission to change_hat is treated the
+			 * same as a failed hat search */
+			error = -ENOENT;
 			goto out;
 		}
-		*/
+
 		if (previous_profile)
 			profile_name = previous_profile->name;
 		else
--- a/security/apparmor/procattr.c
+++ b/security/apparmor/procattr.c
@@ -24,15 +24,16 @@ int aa_getprocattr(struct aa_profile *pr
 		mode_len = strlen(mode_str);
 		name_len = strlen(profile->name);
 		if (profile->ns != default_namespace)
-			ns_len = strlen(profile->ns->name) + 1;
+			ns_len = strlen(profile->ns->name) + 2;
 		*len = mode_len + ns_len + name_len + 1;
 		str = kmalloc(*len, GFP_ATOMIC);
 		if (!str)
 			return -ENOMEM;
 
 		if (ns_len) {
-			memcpy(str, profile->ns->name, ns_len - 1);
-			str += ns_len - 1;
+			*str++ = ':';
+			memcpy(str, profile->ns->name, ns_len - 2);
+			str += ns_len - 2;
 			*str++ = ':';
 		}
 		memcpy(str, profile->name, name_len);
@@ -96,11 +97,11 @@ int aa_setprocattr_changeprofile(char *a
 {
 	char *name = args, *ns_name = NULL;
 
-	if (name[0] != '/') {
-		char *split = strchr(name, ':');
+	if (name[0] == ':') {
+		char *split = strchr(&name[1], ':');
 		if (split) {
 			*split = 0;
-			ns_name = name;
+			ns_name = &name[1];
 			name = split + 1;
 		}
 	}