From b9f5ce83b02e765ad5a65a264e88352528d6b2b3 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Thu, 29 Apr 2021 12:35:49 +0200
Subject: [PATCH] sys_linux: allow BINDTODEVICE option in seccomp filter

Fixes: 4ef944b73436 ("socket: add support for binding sockets to device")
---
 sys_linux.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sys_linux.c b/sys_linux.c
index a33887f..be5d44d 100644
--- a/sys_linux.c
+++ b/sys_linux.c
@@ -624,6 +624,9 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
     { SOL_IP, IP_PKTINFO }, { SOL_IP, IP_FREEBIND }, { SOL_IP, IP_TOS },
 #ifdef FEAT_IPV6
     { SOL_IPV6, IPV6_V6ONLY }, { SOL_IPV6, IPV6_RECVPKTINFO },
+#endif
+#ifdef SO_BINDTODEVICE
+    { SOL_SOCKET, SO_BINDTODEVICE },
 #endif
     { SOL_SOCKET, SO_BROADCAST }, { SOL_SOCKET, SO_REUSEADDR },
 #ifdef SO_REUSEPORT