apparmor/kernel-patches/2.6.25/apparmor-2.6.25.diff

---
 security/apparmor/lsm.c              |    3 ++-
 security/apparmor/module_interface.c |   22 ++++++++++++++++++----
 2 files changed, 20 insertions(+), 5 deletions(-)

--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -462,7 +462,8 @@ static int apparmor_inode_permission(str
 		/* allow traverse accesses to directories */
 		mask &= ~MAY_EXEC;
 	}
-	return aa_permission("inode_permission", inode, nd->dentry, nd->mnt,
+	return aa_permission("inode_permission", inode, nd->path.dentry,
+			     nd->path.mnt,
 			     mask, check);
 }
 
--- a/security/apparmor/module_interface.c
+++ b/security/apparmor/module_interface.c
@@ -356,15 +356,29 @@ static struct aa_profile *aa_unpack_prof
 	if (!aa_is_nameX(e, AA_STRUCTEND, NULL))
 		goto fail;
 
-	if (!aa_is_u32(e, &(profile->capabilities), NULL))
+	if (!aa_is_u32(e, &(profile->capabilities.cap[0]), NULL))
 		goto fail;
-	if (!aa_is_u32(e, &(profile->audit_caps), NULL))
+	if (!aa_is_u32(e, &(profile->audit_caps.cap[0]), NULL))
 		goto fail;
-	if (!aa_is_u32(e, &(profile->quiet_caps), NULL))
+	if (!aa_is_u32(e, &(profile->quiet_caps.cap[0]), NULL))
 		goto fail;
-	if (!aa_is_u32(e, &(profile->set_caps), NULL))
+	if (!aa_is_u32(e, &(profile->set_caps.cap[0]), NULL))
 		goto fail;
 
+	if (aa_is_nameX(e, AA_STRUCT, "caps64")) {
+		/* optional upper half of 64 bit caps */
+		if (!aa_is_u32(e, &(profile->capabilities.cap[1]), NULL))
+			goto fail;
+		if (!aa_is_u32(e, &(profile->audit_caps.cap[1]), NULL))
+			goto fail;
+		if (!aa_is_u32(e, &(profile->quiet_caps.cap[1]), NULL))
+			goto fail;
+		if (!aa_is_u32(e, &(profile->set_caps.cap[1]), NULL))
+			goto fail;
+		if (!aa_is_nameX(e, AA_STRUCTEND, NULL))
+			goto fail;
+	}
+
 	if (!aa_unpack_rlimits(e, profile))
 		goto fail;