diff --git a/chrony-pidfile.patch b/chrony-pidfile.patch
new file mode 100644
index 0000000..249443a
--- /dev/null
+++ b/chrony-pidfile.patch
@@ -0,0 +1,85 @@
+commit 26e08abe71fe66703e06afae1168144dd1eecf3f
+Author: Miroslav Lichvar <mlichvar@redhat.com>
+Date:   Thu Jun 7 16:43:59 2018 +0200
+
+    main: create directories before writing pidfile
+    
+    This makes it possible to save pidfile in /var/run/chrony.
+
+diff --git a/main.c b/main.c
+index a2202e9..e538cc5 100644
+--- a/main.c
++++ b/main.c
+@@ -530,9 +530,6 @@ int main
+   /* Check whether another chronyd may already be running */
+   check_pidfile();
+ 
+-  /* Write our pidfile to prevent other chronyds running */
+-  write_pidfile();
+-
+   if (!user)
+     user = CNF_GetUser();
+ 
+@@ -543,6 +540,9 @@ int main
+   /* Create directories for sockets, log files, and dump files */
+   CNF_CreateDirs(pw->pw_uid, pw->pw_gid);
+ 
++  /* Write our pidfile to prevent other instances from running */
++  write_pidfile();
++
+   PRV_Initialise();
+   LCL_Initialise();
+   SCH_Initialise();
+
+commit e50dc739d88feca6e0da034406034f3d3cf60ca4
+Author: Miroslav Lichvar <mlichvar@redhat.com>
+Date:   Thu Jun 7 16:54:59 2018 +0200
+
+    configure: move default pidfile to /var/run/chrony
+    
+    This allows chronyd to remove its pidfile on exit after dropping the
+    root privileges in order to prevent another chronyd instance from
+    failing to start, e.g. due to a wrong SELinux label from chronyd -q.
+
+diff --git a/configure b/configure
+index 25773de..c5de5ea 100755
+--- a/configure
++++ b/configure
+@@ -108,7 +108,7 @@ For better control, use the options below.
+                          since 1970-01-01 [50*365 days ago]
+   --with-user=USER       Specify default chronyd user [root]
+   --with-hwclockfile=PATH Specify default path to hwclock(8) adjtime file
+-  --with-pidfile=PATH    Specify default pidfile [/var/run/chronyd.pid]
++  --with-pidfile=PATH    Specify default pidfile [/var/run/chrony/chronyd.pid]
+   --with-rtcdevice=PATH  Specify default path to RTC device [/dev/rtc]
+   --with-sendmail=PATH   Path to sendmail binary [/usr/lib/sendmail]
+   --enable-debug         Enable debugging support
+@@ -229,7 +229,7 @@ feat_ntp_signd=0
+ ntp_era_split=""
+ default_user="root"
+ default_hwclockfile=""
+-default_pidfile="/var/run/chronyd.pid"
++default_pidfile="/var/run/chrony/chronyd.pid"
+ default_rtcdevice="/dev/rtc"
+ mail_program="/usr/lib/sendmail"
+ 
+
+commit 10150bfcab76141b3a9c33b95ad71904fe8ecca2
+Author: Miroslav Lichvar <mlichvar@redhat.com>
+Date:   Thu Jun 7 17:43:57 2018 +0200
+
+    examples: update pidfile in chronyd.service
+
+diff --git a/examples/chronyd.service b/examples/chronyd.service
+index 4ffe3b1..1777413 100644
+--- a/examples/chronyd.service
++++ b/examples/chronyd.service
+@@ -7,7 +7,7 @@ ConditionCapability=CAP_SYS_TIME
+ 
+ [Service]
+ Type=forking
+-PIDFile=/var/run/chronyd.pid
++PIDFile=/var/run/chrony/chronyd.pid
+ EnvironmentFile=-/etc/sysconfig/chronyd
+ ExecStart=/usr/sbin/chronyd $OPTIONS
+ PrivateTmp=yes
diff --git a/chrony-service-helper.patch b/chrony-service-helper.patch
index fe11392..9035356 100644
--- a/chrony-service-helper.patch
+++ b/chrony-service-helper.patch
@@ -2,7 +2,7 @@ diff -up chrony-3.1/examples/chronyd.service.service-helper chrony-3.1/examples/
 --- chrony-3.1/examples/chronyd.service.service-helper	2017-01-31 12:12:01.863772826 +0100
 +++ chrony-3.1/examples/chronyd.service	2017-01-31 12:12:30.371860064 +0100
 @@ -10,6 +10,7 @@ Type=forking
- PIDFile=/var/run/chronyd.pid
+ PIDFile=/var/run/chrony/chronyd.pid
  EnvironmentFile=-/etc/sysconfig/chronyd
  ExecStart=/usr/sbin/chronyd $OPTIONS
 +ExecStartPost=/usr/libexec/chrony-helper update-daemon
diff --git a/chrony.spec b/chrony.spec
index 947190b..b530804 100644
--- a/chrony.spec
+++ b/chrony.spec
@@ -19,8 +19,10 @@ Source4:        chrony-dnssrv@.timer
 Source10:       https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz
 %{?gitpatch:Patch0: chrony-%{version}%{?prerelease}-%{gitpatch}.patch.gz}
 
+# move pidfile to /var/run/chrony to allow chronyd to remove it on exit
+Patch1:         chrony-pidfile.patch
 # add NTP servers from DHCP when starting service
-Patch1:         chrony-service-helper.patch
+Patch2:         chrony-service-helper.patch
 
 BuildRequires:  libcap-devel libedit-devel nettle-devel pps-tools-devel
 %ifarch %{ix86} x86_64 %{arm} aarch64 mipsel mips64el ppc64 ppc64le s390 s390x
@@ -51,7 +53,8 @@ service to other computers in the network.
 %prep
 %setup -q -n %{name}-%{version}%{?prerelease} -a 10
 %{?gitpatch:%patch0 -p1}
-%patch1 -p1 -b .service-helper
+%patch1 -p1 -b .pidfile
+%patch2 -p1 -b .service-helper
 
 %{?gitpatch: echo %{version}-%{gitpatch} > version.txt}
 
@@ -62,7 +65,7 @@ md5sum -c <<-EOF | (! grep -v 'OK$')
         ba6bb05c50e03f6b5ab54a2b7914800d  examples/chrony.keys.example
         6a3178c4670de7de393d9365e2793740  examples/chrony.logrotate
         63e0781f84e89ba6029d93ef0722c4ce  examples/chrony.nm-dispatcher
-        a85246982a89910b1e2d3356b7d131d7  examples/chronyd.service
+        921b354e94f5e3db124cb50d11cd560f  examples/chronyd.service
 EOF
 
 # don't allow packaging without vendor zone