jail: allow jails to call settimeofday() if allow.settime is enabled

this extends the existing behaviour to allow calling settimeofday() in addition to clock_settime(). this is required for chrony, which uses settimeofday() to step the clock. Reviewed by: jamie, oshogbo, kevans, des Approved by: des (mentor), kevans (mentor) Differential Revision: <https://reviews.freebsd.org/D49846>
2026-06-09 00:32:25 -04:00 · 2025-04-20 20:15:54 +01:00 · 2025-04-20 20:15:54 +01:00 · 1589eb2e87
commit 1589eb2e87
parent c4c562eadf
1 changed files with 1 additions and 0 deletions
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@ -4217,6 +4217,7 @@ prison_priv_check(struct ucred *cred, int priv)
 		 * Conditionally allow privileged process in the jail set
 		 * machine time.
 		 */
+	case PRIV_SETTIMEOFDAY:
 	case PRIV_CLOCK_SETTIME:
 		if (cred->cr_prison->pr_allow & PR_ALLOW_SETTIME)
 			return (0);