From 1589eb2e8764623d1c32982b52088842519dfd11 Mon Sep 17 00:00:00 2001
From: Lexi Winter <ivy@FreeBSD.org>
Date: Sun, 20 Apr 2025 20:15:54 +0100
Subject: [PATCH] jail: allow jails to call settimeofday() if allow.settime is
 enabled

this extends the existing behaviour to allow calling settimeofday() in
addition to clock_settime().  this is required for chrony, which uses
settimeofday() to step the clock.

Reviewed by:	jamie, oshogbo, kevans, des
Approved by:	des (mentor), kevans (mentor)
Differential Revision:	<https://reviews.freebsd.org/D49846>
---
 sys/kern/kern_jail.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 5dd07fbf77d..b0b0fa50e64 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -4217,6 +4217,7 @@ prison_priv_check(struct ucred *cred, int priv)
 		 * Conditionally allow privileged process in the jail set
 		 * machine time.
 		 */
+	case PRIV_SETTIMEOFDAY:
 	case PRIV_CLOCK_SETTIME:
 		if (cred->cr_prison->pr_allow & PR_ALLOW_SETTIME)
 			return (0);