Comment 8 for bug 727478

The problem is that there is an off-by-one bug in the maverick kernel (already fixed in natty) for when apparmor userspace is compiled against a newer kernel with more AF entries than the kernel that apparmor_paser is bing run on. The options are to SRU a maverick kernel to fix the bug or to adjust the apparmor_parser in natty to do a kernel version check, and cap the number of AF entries appropriately. Since this could affect more than just Ubuntu, and because this only affects upgrades (ie, newer apparmor userspace compiled on maverick is just fine), it has been decided that the second option will be used, and the patch is currently under development.