diff --git a/apparmor.changes b/apparmor.changes
index 34606da..e5c2abe 100644
--- a/apparmor.changes
+++ b/apparmor.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Jan 11 18:14:47 CET 2018 - kukuk@suse.de
+
+- disable write cache if filesystem is read-only and don't bail
+  out (bsc#1069906, bsc#1074429)
+
 -------------------------------------------------------------------
 Thu Jan  4 13:20:20 UTC 2018 - suse-beta@cboltz.de
 
diff --git a/apparmor.spec b/apparmor.spec
index b7c0da5..232ba95 100644
--- a/apparmor.spec
+++ b/apparmor.spec
@@ -70,6 +70,9 @@ Patch8:         32-bit-no-uid.diff
 # make cache write failures a warning instead of an error - (patch from https://gitlab.com/apparmor/apparmor/merge_requests/49 2018-01-04)
 Patch9:         parser-write-cache-warn-only.diff
 
+# Disable write cache if filesystem is read-only, don't abort
+Patch10:        disable-cache-on-ro-fs.diff
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix /lib/apparmor
@@ -172,7 +175,7 @@ The documentation is in the apparmor-admin_en package.
 
 %package -n perl-apparmor
 Summary:        Perl interface for libapparmor functions
-License:        GPL-2.0 and LGPL-2.1+
+License:        GPL-2.0 AND LGPL-2.1+
 Group:          Development/Libraries/Perl
 Requires:       libapparmor1 = %{version}
 Requires:       perl = %{perl_version}
@@ -189,7 +192,7 @@ applications interfacing with AppArmor.
 
 %package -n python-apparmor
 Summary:        Python 2 interface for libapparmor functions
-License:        GPL-2.0 and LGPL-2.1+
+License:        GPL-2.0 AND LGPL-2.1+
 Group:          Development/Libraries/Python
 BuildRequires:  python
 Requires:       libapparmor1 = %{version}
@@ -208,7 +211,7 @@ applications interfacing with AppArmor.
 
 %package -n python3-apparmor
 Summary:        Python 3 interface for libapparmor functions
-License:        GPL-2.0 and LGPL-2.1+
+License:        GPL-2.0 AND LGPL-2.1+
 Group:          Development/Libraries/Python
 Requires:       libapparmor1 = %{version}
 Requires:       python = %{py3_ver}
@@ -225,7 +228,7 @@ applications interfacing with AppArmor.
 
 %package -n ruby-apparmor
 Summary:        Ruby interface for libapparmor functions
-License:        GPL-2.0 and LGPL-2.1+
+License:        GPL-2.0 AND LGPL-2.1+
 Group:          Development/Languages/Ruby
 Requires:       libapparmor1 = %{version}
 Requires:       ruby = %(rpm -q --qf '%%{version}' ruby)
@@ -240,7 +243,7 @@ applications interfacing with AppArmor.
 
 %package abstractions
 Summary:        AppArmor abstractions and directory structure
-License:        GPL-2.0 and LGPL-2.1+
+License:        GPL-2.0 AND LGPL-2.1+
 Group:          Productivity/Security
 Requires:       apparmor-parser(CAP_SYSLOG)
 BuildArch:      noarch
@@ -259,7 +262,7 @@ SubDomain.
 
 %package profiles
 Summary:        AppArmor profiles that are loaded into the apparmor kernel module
-License:        GPL-2.0 and LGPL-2.1+
+License:        GPL-2.0 AND LGPL-2.1+
 Group:          Productivity/Security
 Requires:       apparmor-abstractions >= %{version}
 Requires:       apparmor-parser(CAP_SYSLOG)
@@ -278,7 +281,7 @@ SubDomain.
 
 %package utils
 Summary:        AppArmor User-Level Utilities Useful for Creating AppArmor Profiles
-License:        GPL-2.0 and LGPL-2.1+
+License:        GPL-2.0 AND LGPL-2.1+
 Group:          Productivity/Security
 Requires:       libapparmor1 = %{version}
 # some of the tools are still perl-based (aa-decode and aa-notify)
@@ -307,7 +310,7 @@ It is part of a suite of tools that used to be named SubDomain.
 
 %package -n tomcat_apparmor
 Summary:        Tomcat 6 plugin for AppArmor change_hat
-License:        GPL-2.0 and LGPL-2.1+
+License:        GPL-2.0 AND LGPL-2.1+
 Group:          System/Libraries
 Requires:       libapparmor1 = %{version}
 Requires:       tomcat6
@@ -325,7 +328,7 @@ created for individual URL processing or per servlet.
 
 %package -n pam_apparmor
 Summary:        PAM module for AppArmor change_hat
-License:        GPL-2.0 and LGPL-2.1+
+License:        GPL-2.0 AND LGPL-2.1+
 Group:          Productivity/Security
 BuildRequires:  pam-devel
 PreReq:         pam
@@ -359,6 +362,7 @@ SubDomain.
 %patch7
 %patch8 -p1
 %patch9 -p1
+%patch10 -p0
 
 %build
 export SUSE_ASNEEDED=0
diff --git a/disable-cache-on-ro-fs.diff b/disable-cache-on-ro-fs.diff
new file mode 100644
index 0000000..e0a63a4
--- /dev/null
+++ b/disable-cache-on-ro-fs.diff
@@ -0,0 +1,11 @@
+--- parser/parser_main.c
++++ parser/parser_main.c	2018/01/11 16:52:00
+@@ -1124,7 +1124,7 @@
+ 		retval = aa_policy_cache_new(&policy_cache, features,
+ 					     AT_FDCWD, cacheloc, max_caches);
+ 		if (retval) {
+-			if (errno != ENOENT && errno != EEXIST) {
++			if (errno != ENOENT && errno != EEXIST && errno != EROFS) {
+ 				PERROR(_("Failed setting up policy cache (%s): %s\n"),
+ 				       cacheloc, strerror(errno));
+ 				return 1;