For frameworks like AppArmor that restrict which system calls a process may make, it would be useful to be able to give them a rule along the lines of "these restrictions are only in place after listen() has been called", so that initial setup could be done without the restrictions.