From 1619453b2bfe6fb91e19740ce03a6255793ea462 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed, 9 Sep 2015 16:36:48 +0200
Subject: [PATCH] sys_linux: allow setting IP_FREEBIND option in seccomp filter

This is needed when chronyd is started with no allow directive, but the
NTP server socket is opened by the allow command later.
---
 sys_linux.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys_linux.c b/sys_linux.c
index f35bc67..5ee19a2 100644
--- a/sys_linux.c
+++ b/sys_linux.c
@@ -478,7 +478,7 @@ SYS_Linux_EnableSystemCallFilter(int level)
   };
 
   const static int socket_options[][2] = {
-    { SOL_IP, IP_PKTINFO },
+    { SOL_IP, IP_PKTINFO }, { SOL_IP, IP_FREEBIND },
 #ifdef FEAT_IPV6
     { SOL_IPV6, IPV6_V6ONLY }, { SOL_IPV6, IPV6_RECVPKTINFO },
 #endif