diff --git a/SOURCES/audit-3.0.8-drop-protecthome.patch b/SOURCES/audit-3.0.8-drop-protecthome.patch
new file mode 100644
index 0000000..a9a70de
--- /dev/null
+++ b/SOURCES/audit-3.0.8-drop-protecthome.patch
@@ -0,0 +1,26 @@
+From c426507a501efde0367a09a81e917d1d10722b78 Mon Sep 17 00:00:00 2001
+From: Sergio Correia <scorreia@redhat.com>
+Date: Thu, 31 Mar 2022 15:00:57 -0300
+Subject: [PATCH] Drop ProtectHome from auditd.service as it interferes with
+ rules
+
+Upstream: https://github.com/linux-audit/audit-userspace/commit/12cf14ed
+---
+ init.d/auditd.service | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/init.d/auditd.service b/init.d/auditd.service
+index e801281..0a4c498 100644
+--- a/init.d/auditd.service
++++ b/init.d/auditd.service
+@@ -36,7 +36,6 @@ MemoryDenyWriteExecute=true
+ LockPersonality=true
+ ProtectControlGroups=true
+ ProtectKernelModules=true
+-ProtectHome=true
+ RestrictRealtime=true
+ 
+ [Install]
+-- 
+2.35.1
+
diff --git a/SOURCES/audit-3.0.8-flex-array-workaround.patch b/SOURCES/audit-3.0.8-flex-array-workaround.patch
new file mode 100644
index 0000000..e9bd391
--- /dev/null
+++ b/SOURCES/audit-3.0.8-flex-array-workaround.patch
@@ -0,0 +1,39 @@
+diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i
+index 21aafca..8c48123 100644
+--- a/bindings/swig/src/auditswig.i
++++ b/bindings/swig/src/auditswig.i
+@@ -39,7 +39,7 @@ signed
+ #define __attribute(X) /*nothing*/
+ typedef unsigned __u32;
+ typedef unsigned uid_t;
+-%include "/usr/include/linux/audit.h"
++%include "../lib/audit.h"
+ #define __extension__ /*nothing*/
+ %include <stdint.i>
+ %include "../lib/libaudit.h"
+diff --git a/lib/audit.h b/lib/audit.h
+index 51d7f2b..b2f306d 100644
+--- a/lib/audit.h
++++ b/lib/audit.h
+@@ -514,7 +514,7 @@ struct audit_rule_data {
+ 	__u32		values[AUDIT_MAX_FIELDS];
+ 	__u32		fieldflags[AUDIT_MAX_FIELDS];
+ 	__u32		buflen;	/* total length of string fields */
+-	char		buf[];	/* string fields buffer */
++	char		buf[0];	/* string fields buffer */
+ };
+ 
+ #endif /* _LINUX_AUDIT_H_ */
+diff --git a/lib/libaudit.h b/lib/libaudit.h
+index 08b7d22..6b7408c 100644
+--- a/lib/libaudit.h
++++ b/lib/libaudit.h
+@@ -32,7 +32,7 @@ extern "C" {
+ #include <stdint.h>
+ #include <sys/socket.h>
+ #include <linux/netlink.h>
+-#include <linux/audit.h>
++#include "audit.h"
+ #include <stdarg.h>
+ #include <syslog.h>
+ 
diff --git a/SOURCES/audit-3.0.8-undo-flex-array.patch b/SOURCES/audit-3.0.8-undo-flex-array.patch
new file mode 100644
index 0000000..917eaf3
--- /dev/null
+++ b/SOURCES/audit-3.0.8-undo-flex-array.patch
@@ -0,0 +1,13 @@
+diff --git a/usr/include/libaudit.h b/usr/include/libaudit.h
+index 6b7408c..08b7d22 100644
+--- a/usr/include/libaudit.h
++++ b/usr/include/libaudit.h
+@@ -32,7 +32,7 @@ extern "C" {
+ #include <stdint.h>
+ #include <sys/socket.h>
+ #include <linux/netlink.h>
+-#include "audit.h"
++#include <linux/audit.h>
+ #include <stdarg.h>
+ #include <syslog.h>
+ 
diff --git a/SPECS/audit.spec b/SPECS/audit.spec
index 5627e4a..60f96b8 100644
--- a/SPECS/audit.spec
+++ b/SPECS/audit.spec
@@ -2,7 +2,7 @@
 Summary: User space tools for kernel auditing
 Name: audit
 Version: 3.0.7
-Release: 101%{?dist}.1
+Release: 103%{?dist}
 License: GPLv2+
 URL: http://people.redhat.com/sgrubb/audit/
 Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
@@ -11,6 +11,9 @@ Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
 Patch1: 0001-Add-ausysrulevalidate.patch
 Patch2: audit-3.0.7-gcc-flags.patch
 Patch3: audit-3.0.8-auparse-path-norm.patch
+Patch4: audit-3.0.8-drop-protecthome.patch
+Patch5: audit-3.0.8-flex-array-workaround.patch
+Patch6: audit-3.0.8-undo-flex-array.patch
 
 BuildRequires: make gcc swig
 BuildRequires: openldap-devel
@@ -95,6 +98,11 @@ cp %{SOURCE1} .
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
+
+cp /usr/include/linux/audit.h lib/
+%patch5 -p1
+
 autoreconf -fv --install
 
 # Remove the ids code, its not ready
@@ -137,6 +145,13 @@ find $RPM_BUILD_ROOT/%{_libdir}/python%{python3_version}/site-packages -name '*.
 touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
 touch -r ./audit.spec $RPM_BUILD_ROOT/usr/share/man/man5/libaudit.conf.5.gz
 
+# undo the workaround
+cur=`pwd`
+cd $RPM_BUILD_ROOT
+patch -p1 < %{PATCH6}
+find . -name '*.orig' -delete
+cd $cur
+
 %check
 make check
 # Get rid of make files so that they don't get packaged.
@@ -263,9 +278,13 @@ fi
 %attr(750,root,root) %{_sbindir}/audispd-zos-remote
 
 %changelog
-* Tue Mar 08 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-101.1
+* Mon May 02 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-103
+- Drop ProtectHome from auditd.service as it interferes with rules
+  Resolves: rhbz#2071725 - Default systemd service config blocks audit watch rules in some directories [rhel-9.1.0]
+
+* Sun Mar 13 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-102
 - Fix path normalization in auparse
-  Resolves: rhbz#2061731 - auparse missing information when used with --format-text (rhel-9.0)
+  Resolves: rhbz#2062824 - auparse missing information when used with --format-text
 
 * Tue Feb 22 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-101
 - Adjust sample-rules dir permissions