[apparmor] patch: override AF_MAX for kernels that don't support proper masking

[Kees Cook]

On Thu, Mar 03, 2011 at 01:42:13PM -0800, John Johansen wrote:
> Older versions of the apparmor kernel patches didn't handle receiving
> network tables of a larger size than expected.
> 
> Allow the parser to detect the kernel version and override the AF_MAX
> value for those kernels.
> 
> This also replaces the hack using a hardcoded limit of 36 for kernels
> missing the features flag.

Oh, nice fix. Excellent; ACK.

-Kees

-- 
Kees Cook
Ubuntu Security Team