From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed, 9 Sep 2015 14:36:48 +0000 (+0200)
Subject: sys_linux: allow setting IP_FREEBIND option in seccomp filter
X-Git-Tag: 2.2-pre1~41
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1619453b2bfe6fb91e19740ce03a6255793ea462;p=thirdparty%2Fchrony.git

sys_linux: allow setting IP_FREEBIND option in seccomp filter

This is needed when chronyd is started with no allow directive, but the
NTP server socket is opened by the allow command later.
---

diff --git a/sys_linux.c b/sys_linux.c
index f35bc679..5ee19a2e 100644
--- a/sys_linux.c
+++ b/sys_linux.c
@@ -478,7 +478,7 @@ SYS_Linux_EnableSystemCallFilter(int level)
   };
 
   const static int socket_options[][2] = {
-    { SOL_IP, IP_PKTINFO },
+    { SOL_IP, IP_PKTINFO }, { SOL_IP, IP_FREEBIND },
 #ifdef FEAT_IPV6
     { SOL_IPV6, IPV6_V6ONLY }, { SOL_IPV6, IPV6_RECVPKTINFO },
 #endif