Clear AUDIT_FILTER_PREPEND flag after adding rule to list. This
fixes three problems when a rule is added with the -A syntax:
- auditctl displays filter list as "(null)"
- the rule cannot be removed using -d
- a duplicate rule can be added with -a
Signed-off-by: Amy Griffis <[EMAIL PROTECTED]>
---
kernel/auditfilter.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
6695e89ba4cf4940682769a2f3cc217564754c1f
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index ff85fee..1c47df1 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1012,6 +1012,7 @@ static inline int audit_add_rule(struct
if (entry->rule.flags & AUDIT_FILTER_PREPEND) {
list_add_rcu(&entry->list, list);
+ entry->rule.flags &= ~AUDIT_FILTER_PREPEND;
} else {
list_add_tail_rcu(&entry->list, list);
}
--
1.3.0
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
