Merge branch 'for-linus' of...

};

int aa_map_resource(int resource);

int aa_task_setrlimit(struct aa_profile *profile, unsigned int resource,

		      struct rlimit *new_rlim);

int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *,

		      unsigned int resource, struct rlimit *new_rlim);

void __aa_transition_rlimits(struct aa_profile *old, struct aa_profile *new);

	*ns_name = NULL;

	if (name[0] == ':') {

		char *split = strchr(&name[1], ':');

		*ns_name = skip_spaces(&name[1]);

		if (split) {

			/* overwrite ':' with \0 */

			*split = 0;

		} else

			/* a ns name without a following profile is allowed */

			name = NULL;

		*ns_name = &name[1];

	}

	if (name && *name == 0)

		name = NULL;

	int error = 0;

	if (!unconfined(profile))

		error = aa_task_setrlimit(profile, resource, new_rlim);

		error = aa_task_setrlimit(profile, task, resource, new_rlim);

	return error;

}

{

	struct path root, tmp;

	char *res;

	int deleted, connected;

	int error = 0;

	int connected, error = 0;

	/* Get the root we want to resolve too, released below */

	if (flags & PATH_CHROOT_REL) {

	}

	spin_lock(&dcache_lock);

	/* There is a race window between path lookup here and the

	 * need to strip the " (deleted) string that __d_path applies

	 * Detect the race and relookup the path

	 *

	 * The stripping of (deleted) is a hack that could be removed

	 * with an updated __d_path

	 */

	do {

	tmp = root;

		deleted = d_unlinked(path->dentry);

	res = __d_path(path, &tmp, buf, buflen);

	} while (deleted != d_unlinked(path->dentry));

	spin_unlock(&dcache_lock);

	*name = res;

		*name = buf;

		goto out;

	}

	if (deleted) {

		/* On some filesystems, newly allocated dentries appear to the

		 * security_path hooks as a deleted dentry except without an

		 * inode allocated.

		 *

		 * Remove the appended deleted text and return as string for

		 * normal mediation, or auditing.  The (deleted) string is

		 * guaranteed to be added in this case, so just strip it.

		 */

		buf[buflen - 11] = 0;	/* - (len(" (deleted)") +\0) */

		if (path->dentry->d_inode && !(flags & PATH_MEDIATE_DELETED)) {

	/* Handle two cases:

	 * 1. A deleted dentry && profile is not allowing mediation of deleted

	 * 2. On some filesystems, newly allocated dentries appear to the

	 *    security_path hooks as a deleted dentry except without an inode

	 *    allocated.

	 */

	if (d_unlinked(path->dentry) && path->dentry->d_inode &&

	    !(flags & PATH_MEDIATE_DELETED)) {

			error = -ENOENT;

			goto out;

	}

	}

	/* Determine if the path is connected to the expected root */

	connected = tmp.dentry == root.dentry && tmp.mnt == root.mnt;

		/* released below */

		ns = aa_get_namespace(root);

	write_lock(&ns->lock);

	if (!name) {

		/* remove namespace - can only happen if fqname[0] == ':' */

		write_lock(&ns->parent->lock);

		__remove_namespace(ns);

		write_unlock(&ns->parent->lock);

	} else {

		/* remove profile */

		write_lock(&ns->lock);

		profile = aa_get_profile(__lookup_profile(&ns->base, name));

		if (!profile) {

			error = -ENOENT;

		}

		name = profile->base.hname;

		__remove_profile(profile);

	}

		write_unlock(&ns->lock);

	}

	/* don't fail removal if audit fails */

	(void) audit_policy(OP_PROF_RM, GFP_KERNEL, name, info, error);