Clear AUDIT_FILTER_PREPEND flag after adding rule to list. This fixes three problems when a rule is added with the -A syntax: - auditctl displays filter list as "(null)" - the rule cannot be removed using -d - a duplicate rule can be added with -a Signed-off-by: Amy Griffis <amy.griffis(a)hp.com&gt; --- kernel/auditfilter.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) 6695e89ba4cf4940682769a2f3cc217564754c1f diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index ff85fee..1c47df1 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1012,6 +1012,7 @@ static inline int audit_add_rule(struct if (entry->rule.flags & AUDIT_FILTER_PREPEND) { list_add_rcu(&entry->list, list); + entry->rule.flags &= ~AUDIT_FILTER_PREPEND; } else { list_add_tail_rcu(&entry->list, list); } -- 1.3.0