@@ -1,6 +1,6 @@

 #

 # Automatically generated file; DO NOT EDIT.

-# Linux/x86 4.19.1 Kernel Configuration

+# Linux/x86 4.19.6 Kernel Configuration

 #

 #

@@ -5367,9 +5367,9 @@ CONFIG_INTEGRITY_AUDIT=y

 # CONFIG_EVM is not set

 # CONFIG_DEFAULT_SECURITY_SELINUX is not set

 # CONFIG_DEFAULT_SECURITY_SMACK is not set

-# CONFIG_DEFAULT_SECURITY_APPARMOR is not set

-CONFIG_DEFAULT_SECURITY_DAC=y

-CONFIG_DEFAULT_SECURITY=""

+CONFIG_DEFAULT_SECURITY_APPARMOR=y

+# CONFIG_DEFAULT_SECURITY_DAC is not set

+CONFIG_DEFAULT_SECURITY="apparmor"

 CONFIG_XOR_BLOCKS=m

 CONFIG_ASYNC_CORE=m

 CONFIG_ASYNC_MEMCPY=m

@@ -5525,7 +5525,6 @@ CONFIG_CRYPTO_DES=m

 # CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set

 # CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set

 # CONFIG_CRYPTO_SM4 is not set

-# CONFIG_CRYPTO_SPECK is not set

 # CONFIG_CRYPTO_TEA is not set

 # CONFIG_CRYPTO_TWOFISH is not set

 # CONFIG_CRYPTO_TWOFISH_X86_64 is not set

@@ -1,6 +1,6 @@

 #

 # Automatically generated file; DO NOT EDIT.

-# Linux/x86 4.19.1 Kernel Configuration

+# Linux/x86 4.19.6 Kernel Configuration

 #

 #

@@ -935,6 +935,7 @@ CONFIG_IPV6_MULTIPLE_TABLES=y

 # CONFIG_IPV6_MROUTE is not set

 # CONFIG_IPV6_SEG6_LWTUNNEL is not set

 # CONFIG_IPV6_SEG6_HMAC is not set

+# CONFIG_NETLABEL is not set

 # CONFIG_NETWORK_SECMARK is not set

 CONFIG_NET_PTP_CLASSIFY=y

 # CONFIG_NETWORK_PHY_TIMESTAMPING is not set

@@ -1173,6 +1174,7 @@ CONFIG_IP_NF_TARGET_CLUSTERIP=m

 CONFIG_IP_NF_TARGET_ECN=m

 CONFIG_IP_NF_TARGET_TTL=m

 CONFIG_IP_NF_RAW=m

+# CONFIG_IP_NF_SECURITY is not set

 CONFIG_IP_NF_ARPTABLES=m

 CONFIG_IP_NF_ARPFILTER=m

 CONFIG_IP_NF_ARP_MANGLE=m

@@ -1204,6 +1206,7 @@ CONFIG_IP6_NF_TARGET_REJECT=m

 # CONFIG_IP6_NF_TARGET_SYNPROXY is not set

 CONFIG_IP6_NF_MANGLE=m

 CONFIG_IP6_NF_RAW=m

+# CONFIG_IP6_NF_SECURITY is not set

 CONFIG_IP6_NF_NAT=m

 CONFIG_IP6_NF_TARGET_MASQUERADE=m

 # CONFIG_IP6_NF_TARGET_NPT is not set

@@ -2930,6 +2933,7 @@ CONFIG_FSNOTIFY=y

 CONFIG_DNOTIFY=y

 CONFIG_INOTIFY_USER=y

 CONFIG_FANOTIFY=y

+# CONFIG_FANOTIFY_ACCESS_PERMISSIONS is not set

 CONFIG_QUOTA=y

 # CONFIG_QUOTA_NETLINK_INTERFACE is not set

 CONFIG_PRINT_QUOTA_WARNING=y

@@ -3007,6 +3011,7 @@ CONFIG_PNFS_BLOCK=m

 CONFIG_PNFS_FLEXFILE_LAYOUT=m

 CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org"

 # CONFIG_NFS_V4_1_MIGRATION is not set

+CONFIG_NFS_V4_SECURITY_LABEL=y

 CONFIG_NFS_USE_LEGACY_DNS=y

 CONFIG_NFS_DEBUG=y

 CONFIG_NFSD=m

@@ -3016,6 +3021,7 @@ CONFIG_NFSD_V4=y

 # CONFIG_NFSD_BLOCKLAYOUT is not set

 # CONFIG_NFSD_SCSILAYOUT is not set

 # CONFIG_NFSD_FLEXFILELAYOUT is not set

+# CONFIG_NFSD_V4_SECURITY_LABEL is not set

 # CONFIG_NFSD_FAULT_INJECTION is not set

 CONFIG_GRACE_PERIOD=m

 CONFIG_LOCKD=m

@@ -3102,17 +3108,32 @@ CONFIG_KEYS_COMPAT=y

 # CONFIG_ENCRYPTED_KEYS is not set

 # CONFIG_KEY_DH_OPERATIONS is not set

 # CONFIG_SECURITY_DMESG_RESTRICT is not set

-# CONFIG_SECURITY is not set

-# CONFIG_SECURITYFS is not set

+CONFIG_SECURITY=y

+CONFIG_SECURITYFS=y

+CONFIG_SECURITY_NETWORK=y

 CONFIG_PAGE_TABLE_ISOLATION=y

+# CONFIG_SECURITY_NETWORK_XFRM is not set

+CONFIG_SECURITY_PATH=y

 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y

 CONFIG_HARDENED_USERCOPY=y

 CONFIG_HARDENED_USERCOPY_FALLBACK=y

 # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set

 # CONFIG_FORTIFY_SOURCE is not set

 # CONFIG_STATIC_USERMODEHELPER is not set

-CONFIG_DEFAULT_SECURITY_DAC=y

-CONFIG_DEFAULT_SECURITY=""

+# CONFIG_SECURITY_SELINUX is not set

+# CONFIG_SECURITY_SMACK is not set

+# CONFIG_SECURITY_TOMOYO is not set

+CONFIG_SECURITY_APPARMOR=y

+CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1

+CONFIG_SECURITY_APPARMOR_HASH=y

+CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y

+# CONFIG_SECURITY_APPARMOR_DEBUG is not set

+# CONFIG_SECURITY_LOADPIN is not set

+# CONFIG_SECURITY_YAMA is not set

+# CONFIG_INTEGRITY is not set

+CONFIG_DEFAULT_SECURITY_APPARMOR=y

+# CONFIG_DEFAULT_SECURITY_DAC is not set

+CONFIG_DEFAULT_SECURITY="apparmor"

 CONFIG_XOR_BLOCKS=m

 CONFIG_CRYPTO=y

@@ -3211,7 +3232,7 @@ CONFIG_CRYPTO_MD5=y

 # CONFIG_CRYPTO_RMD160 is not set

 # CONFIG_CRYPTO_RMD256 is not set

 # CONFIG_CRYPTO_RMD320 is not set

-CONFIG_CRYPTO_SHA1=m

+CONFIG_CRYPTO_SHA1=y

 # CONFIG_CRYPTO_SHA1_SSSE3 is not set

 # CONFIG_CRYPTO_SHA256_SSSE3 is not set

 # CONFIG_CRYPTO_SHA512_SSSE3 is not set

@@ -3258,7 +3279,6 @@ CONFIG_CRYPTO_DES=m

 # CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set

 # CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set

 # CONFIG_CRYPTO_SM4 is not set

-# CONFIG_CRYPTO_SPECK is not set

 # CONFIG_CRYPTO_TEA is not set

 # CONFIG_CRYPTO_TWOFISH is not set

 # CONFIG_CRYPTO_TWOFISH_X86_64 is not set

@@ -1,6 +1,6 @@

 #

 # Automatically generated file; DO NOT EDIT.

-# Linux/x86 4.19.1 Kernel Configuration

+# Linux/x86 4.19.6 Kernel Configuration

 #

 #

@@ -4452,9 +4452,9 @@ CONFIG_INTEGRITY_AUDIT=y

 # CONFIG_EVM is not set

 # CONFIG_DEFAULT_SECURITY_SELINUX is not set

 # CONFIG_DEFAULT_SECURITY_SMACK is not set

-# CONFIG_DEFAULT_SECURITY_APPARMOR is not set

-CONFIG_DEFAULT_SECURITY_DAC=y

-CONFIG_DEFAULT_SECURITY=""

+CONFIG_DEFAULT_SECURITY_APPARMOR=y

+# CONFIG_DEFAULT_SECURITY_DAC is not set

+CONFIG_DEFAULT_SECURITY="apparmor"

 CONFIG_XOR_BLOCKS=m

 CONFIG_ASYNC_CORE=m

 CONFIG_ASYNC_MEMCPY=m

@@ -4609,7 +4609,6 @@ CONFIG_CRYPTO_DES=m

 # CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set

 # CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set

 # CONFIG_CRYPTO_SM4 is not set

-# CONFIG_CRYPTO_SPECK is not set

 # CONFIG_CRYPTO_TEA is not set

 # CONFIG_CRYPTO_TWOFISH is not set

 # CONFIG_CRYPTO_TWOFISH_X86_64 is not set

@@ -1,6 +1,6 @@

 #

 # Automatically generated file; DO NOT EDIT.

-# Linux/arm64 4.19.1 Kernel Configuration

+# Linux/arm64 4.19.6 Kernel Configuration

 #

 #

@@ -5639,9 +5639,9 @@ CONFIG_INTEGRITY_AUDIT=y

 # CONFIG_EVM is not set

 # CONFIG_DEFAULT_SECURITY_SELINUX is not set

 # CONFIG_DEFAULT_SECURITY_SMACK is not set

-# CONFIG_DEFAULT_SECURITY_APPARMOR is not set

-CONFIG_DEFAULT_SECURITY_DAC=y

-CONFIG_DEFAULT_SECURITY=""

+CONFIG_DEFAULT_SECURITY_APPARMOR=y

+# CONFIG_DEFAULT_SECURITY_DAC is not set

+CONFIG_DEFAULT_SECURITY="apparmor"

 CONFIG_XOR_BLOCKS=m

 CONFIG_ASYNC_CORE=m

 CONFIG_ASYNC_MEMCPY=m

@@ -5763,7 +5763,6 @@ CONFIG_CRYPTO_DES=m

 # CONFIG_CRYPTO_SEED is not set

 # CONFIG_CRYPTO_SERPENT is not set

 # CONFIG_CRYPTO_SM4 is not set

-# CONFIG_CRYPTO_SPECK is not set

 # CONFIG_CRYPTO_TEA is not set

 # CONFIG_CRYPTO_TWOFISH is not set

@@ -2,7 +2,7 @@

 Summary:        Kernel

 Name:           linux-esx

 Version:        4.19.6

-Release:        1%{?dist}

+Release:        2%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org/

 Group:          System Environment/Kernel

@@ -35,6 +35,10 @@ Patch22:        4.18-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-defaul

 # Fix CVE-2017-1000252

 Patch24:        kvm-dont-accept-wrong-gsi-values.patch

 Patch25:        4.18-0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.patch

+# Out-of-tree patches from AppArmor:

+Patch26:        4.17-0001-apparmor-patch-to-provide-compatibility-with-v2.x-ne.patch

+Patch27:        4.17-0002-apparmor-af_unix-mediation.patch

+Patch28:        4.17-0003-apparmor-fix-use-after-free-in-sk_peer_label.patch

 BuildArch:     x86_64

 BuildRequires: bc

@@ -90,6 +94,9 @@ The Linux package contains the Linux kernel doc files

 %patch22 -p1

 %patch24 -p1

 %patch25 -p1

+%patch26 -p1

+%patch27 -p1

+%patch28 -p1

 %build

 # patch vmw_balloon driver

@@ -186,6 +193,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 /usr/src/linux-headers-%{uname_r}

 %changelog

+*   Fri Jan 04 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.6-2

+-   Add out-of-tree patches from AppArmor and enable it by default.

 *   Mon Dec 10 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.6-1

 -   Update to version 4.19.6

 *   Thu Nov 29 2018 Alexey Makhalov <amakhalov@vmware.com> 4.19.1-3

@@ -2,7 +2,7 @@

 Summary:        Kernel

 Name:           linux-secure

 Version:        4.19.6

-Release:        1%{?kat_build:.%kat_build}%{?dist}

+Release:        2%{?kat_build:.%kat_build}%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org/

 Group:          System Environment/Kernel

@@ -234,6 +234,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 /usr/src/linux-headers-%{uname_r}

 %changelog

+*   Fri Jan 04 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.6-2

+-   Enable AppArmor by default.

 *   Mon Dec 10 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.6-1

 -   Update to version 4.19.6

 *   Thu Nov 15 2018 Ajay Kaher <akaher@vmware.com> 4.19.1-2

@@ -2,7 +2,7 @@

 Summary:        Kernel

 Name:           linux

 Version:        4.19.6

-Release:        4%{?kat_build:.%kat_build}%{?dist}

+Release:        5%{?kat_build:.%kat_build}%{?dist}

 License:    	GPLv2

 URL:        	http://www.kernel.org/

 Group:        	System Environment/Kernel

@@ -386,6 +386,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg

 %endif

 %changelog

+*   Fri Jan 04 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.6-5

+-   Enable AppArmor by default.

 *   Wed Jan 02 2019 Alexey Makhalov <amakhalov@vmware.com> 4.19.6-4

 -   .config: added Compulab fitlet2 device drivers

 -   .config_aarch64: added gpio sysfs support