sys_linux: allow setting IP_FREEBIND option in seccomp filter

This is needed when chronyd is started with no allow directive, but the
NTP server socket is opened by the allow command later.

diff --git a/sys_linux.c b/sys_linux.c
index f35bc679281b85e9ecddd4d048197261f3a37678..5ee19a2eca6f5bbe48c1b8c07ebedda8a800b39d 100644 (file)
--- a/sys_linux.c
+++ b/sys_linux.c
@@ -478,7 +478,7 @@ SYS_Linux_EnableSystemCallFilter(int level)
   };
 
   const static int socket_options[][2] = {
-    { SOL_IP, IP_PKTINFO },
+    { SOL_IP, IP_PKTINFO }, { SOL_IP, IP_FREEBIND },
 #ifdef FEAT_IPV6
     { SOL_IPV6, IPV6_V6ONLY }, { SOL_IPV6, IPV6_RECVPKTINFO },
 #endif