Index: Makefile
==================================================================
--- Makefile
+++ Makefile
@@ -22,11 +22,11 @@
 	'$(srcdir)/generate-mime-types' '$(MIMETYPES)' > filed-mime-types.h.new || \
 		'$(srcdir)/generate-mime-types' '$(srcdir)/mime.types' > filed-mime-types.h.new
 	mv filed-mime-types.h.new filed-mime-types.h
 
 filed.seccomp.h: $(srcdir)/filed.seccomp $(srcdir)/generate-seccomp-filter
-	$(srcdir)/generate-seccomp-filter filed.seccomp x86_64 "" i386 "" > filed.seccomp.h.new
+	$(srcdir)/generate-seccomp-filter $(srcdir)/filed.seccomp x86_64 "" i386 "" > filed.seccomp.h.new
 	mv filed.seccomp.h.new filed.seccomp.h
 
 install: filed $(srcdir)/filed.1
 	test -d "$(DESTDIR)$(mandir)/man1" || mkdir -p "$(DESTDIR)$(mandir)/man1"
 	test -d "$(DESTDIR)$(bindir)" || mkdir -p "$(DESTDIR)$(bindir)"

Index: README
==================================================================
--- README
+++ README
@@ -77,10 +77,15 @@
    5. Differing "index.html" handling (CFLAGS, -DFILED_DONT_REDIRECT_DIRECTORIES=1)
         Normally "filed" redirects users who request a directory to the
         index.html file in that directory so that no memory allocations are
         required;  This option lets the server generate the new path.
 
+   6. Enable seccomp (CFLAGS, -DFILED_DO_SECCOMP=1)
+        Linux supports limiting the system calls that a process can make.
+        This is called seccomp (SECure COMPuting).  Currently not all
+        platforms have been tested with this so it is disabled by default.
+
    6. MIME Types (MIMETYPES)
 	For single-file convenience "filed" compiles the mapping of file
 	extensions (the string in the filename following its last dot ("."))
 	into the executable.  This mapping comes from a file in the format of
 		type1   type1_extension1 type1_extension2...

Index: build/build-precompiled
==================================================================
--- build/build-precompiled
+++ build/build-precompiled
@@ -42,11 +42,11 @@
 				*-musl-*|*-musl)
 					make_extra=("${make_extra[@]}" FILED_EXTRA_LDFLAGS="-static")
 					;;
 			esac
 
-			make "${make_extra[@]}"
+			make "${make_extra[@]}" > filed.log 2>&1 </dev/null || mv filed.log filed-failed.log
 		) &
 	done
 done
 
 # Wait for that to get done
@@ -56,10 +56,14 @@
 mkdir -p compiled
 for binary in workdir-buildPrecompiled-*/filed; do
 	platform="$(echo "${binary}" | sed 's@^.*-platform-@@;s@/.*$@@')"
 	mv "${binary}" "compiled/filed-${version}-${platform}"
 done
+for errorLog in workdir-buildPrecompiled-*/filed-failed.log; do
+	platform="$(echo "${errorLog}" | sed 's@^.*-platform-@@;s@/.*$@@')"
+	mv "${errorLog}" "compiled/filed-${version}-${platform}-error.log"
+done
 
 # Cleanup
 rm -rf workdir-buildPrecompiled-*
 
 exit 0

Index: filed.c
==================================================================
--- filed.c
+++ filed.c
@@ -23,11 +23,10 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 #include <sys/sendfile.h>
 #include <sys/socket.h>
 #include <sys/types.h>
-#include <sys/prctl.h>
 #include <arpa/inet.h>
 #include <sys/mman.h>
 #include <sys/stat.h>
 #include <sys/wait.h>
 #include <pthread.h>
@@ -605,11 +604,11 @@
 
 	filed_log_msg("START");
 
 	return(0);
 }
-#endif
+#endif /* FILED_DONT_LOG */
 
 #ifdef FILED_DONT_TIMEOUT
 #define filed_sockettimeout_thread_init() 0
 #define filed_sockettimeout_init() 0
 #define filed_sockettimeout_accept(x) /**/
@@ -726,10 +725,12 @@
 	int count;
 	int valid;
 	int time_interval = 30;
 	int check_period = 90;
 
+	filed_sockettimeout_time = time(NULL);
+
 	while (1) {
 		for (count = 0; count < (check_period / time_interval); count++) {
 			sleep_time.tv_sec = time_interval;
 			sleep_time.tv_nsec = 0;
 			nanosleep(&sleep_time, NULL);
@@ -754,11 +755,11 @@
 
 			expiration_time = filed_sockettimeout_sockstatus[idx].expiration_time;
 
 			thread_id = filed_sockettimeout_sockstatus[idx].thread_id;
 
-			if (expiration_time > now) {
+			if (expiration_time > filed_sockettimeout_time) {
 				continue;
 			}
 
 			filed_sockettimeout_close(idx, 1);
 
@@ -807,16 +808,20 @@
 		return(-1);
 	}
 
 	return(0);
 }
-#endif
+#endif /* FILED_DONT_TIMEOUT */
 
+#ifndef FILED_DO_SECCOMP
+#define filed_init_seccomp() 0
+#else
 #include <linux/seccomp.h>
 #include <linux/filter.h>
 #include <linux/audit.h>
 #include <sys/ptrace.h>
+#include <sys/prctl.h>
 #include <stddef.h>
 
 static int filed_init_seccomp(void) {
 	struct sock_fprog filter;
 	struct sock_filter rules[] = {
@@ -838,10 +843,11 @@
 		return(-1);
 	}
 
 	return(0);
 }
+#endif /* FILED_DO_SECCOMP */
 
 /* Format time per RFC2616 */
 static char *filed_format_time(char *buffer, size_t buffer_len, const time_t timeinfo) {
 	struct tm timeinfo_tm, *timeinfo_tm_p;
 
@@ -1704,11 +1710,11 @@
 	return;
 }
 
 /* Add a getopt option */
 static void filed_getopt_long_setopt(struct option *opt, const char *name, int has_arg, int val) {
-	opt->name     = name;
+	opt->name     = (const char *) name;
 	opt->has_arg  = has_arg;
 	opt->flag     = NULL;
 	opt->val      = val;
 
 	return;
@@ -1817,10 +1823,13 @@
 	int init_ret, chroot_ret, setuid_ret, lookup_ret, chdir_ret;
 	int setuid_enabled = 0, daemon_enabled = 0;
 	int ch;
 	int fd;
 
+	/* Set default value */
+	thread_options.fake_newroot = NULL;
+
 	/* Process arguments */
 	filed_getopt_long_setopt(&options[0], "port", required_argument, 'p');
 	filed_getopt_long_setopt(&options[1], "threads", required_argument, 't');
 	filed_getopt_long_setopt(&options[2], "cache", required_argument, 'c');
 	filed_getopt_long_setopt(&options[3], "bind", required_argument, 'b');