fix seccomp filter for new glibc

chrony-seccomp.patch

@@ -0,0 +1,26 @@
+commit 768bce799bfe009e7dbaad5742738f7d05280d6d
+Author: Miroslav Lichvar <mlichvar@redhat.com>
+Date:   Mon Mar 13 14:26:12 2017 +0100
+
+    sys_linux: allow getpid in seccomp filter
+    
+    It seems to be used by syslog() in latest glibc.
+
+diff --git a/sys_linux.c b/sys_linux.c
+index 3dd411f..c06112a 100644
+--- a/sys_linux.c
++++ b/sys_linux.c
+@@ -467,9 +467,10 @@ SYS_Linux_EnableSystemCallFilter(int level)
+     SCMP_SYS(adjtimex), SCMP_SYS(clock_gettime), SCMP_SYS(gettimeofday),
+     SCMP_SYS(settimeofday), SCMP_SYS(time),
+     /* Process */
+-    SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getrlimit),
+-    SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn), SCMP_SYS(rt_sigprocmask),
+-    SCMP_SYS(set_tid_address), SCMP_SYS(sigreturn), SCMP_SYS(wait4),
++    SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid),
++    SCMP_SYS(getrlimit), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn),
++    SCMP_SYS(rt_sigprocmask), SCMP_SYS(set_tid_address), SCMP_SYS(sigreturn),
++    SCMP_SYS(wait4),
+     /* Memory */
+     SCMP_SYS(brk), SCMP_SYS(madvise), SCMP_SYS(mmap), SCMP_SYS(mmap2),
+     SCMP_SYS(mprotect), SCMP_SYS(mremap), SCMP_SYS(munmap), SCMP_SYS(shmdt),

chrony.spec

@@ -21,6 +21,8 @@ Source10:       https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/c
 
 # add NTP servers from DHCP when starting service
 Patch1:         chrony-service-helper.patch
+# fix seccomp filter for new glibc
+Patch2:         chrony-seccomp.patch
 
 BuildRequires:  libcap-devel libedit-devel nss-devel pps-tools-devel
 %ifarch %{ix86} x86_64 %{arm} aarch64 mipsel mips64el ppc64 ppc64le s390 s390x
@@ -58,6 +60,7 @@ clocks, system real-time clock or manual input as time references.
 %setup -q -n %{name}-%{version}%{?prerelease} -a 10
 %{?gitpatch:%patch0 -p1}
 %patch1 -p1 -b .service-helper
+%patch2 -p1 -b .seccomp
 
 %{?gitpatch: echo %{version}-%{gitpatch} > version.txt}