From 2f553b1ec5c854cff36e7670f07627fc1c93bd32 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Sat, 25 Jun 2011 16:57:07 +0100
Subject: [PATCH] --- yaml --- r: 260931 b: refs/heads/master c:
 25e75dff519bcce2cb35023105e7df51d7b9e691 h: refs/heads/master i:   260929:
 d806434d51115f17ed024db97b8767361dffd89c   260927:
 bd72944a6e4dcc2c64be52a29514e0931ae57ca3 v: v3

---
 [refs]                        | 2 +-
 trunk/security/apparmor/lsm.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/[refs] b/[refs]
index 411ca5616ea0..f975b6d7595f 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 04fdc099f9c80c7775dbac388fc97e156d4d47e7
+refs/heads/master: 25e75dff519bcce2cb35023105e7df51d7b9e691
diff --git a/trunk/security/apparmor/lsm.c b/trunk/security/apparmor/lsm.c
index 3d2fd141dff7..37832026e58a 100644
--- a/trunk/security/apparmor/lsm.c
+++ b/trunk/security/apparmor/lsm.c
@@ -127,7 +127,7 @@ static int apparmor_capget(struct task_struct *target, kernel_cap_t *effective,
 	*inheritable = cred->cap_inheritable;
 	*permitted = cred->cap_permitted;
 
-	if (!unconfined(profile)) {
+	if (!unconfined(profile) && !COMPLAIN_MODE(profile)) {
 		*effective = cap_intersect(*effective, profile->caps.allow);
 		*permitted = cap_intersect(*permitted, profile->caps.allow);
 	}