From 18cef50ebedc538e0be42a10b022150510a24911 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 12 Jun 2014 15:36:39 +0200
Subject: [PATCH] doc update

---
 NEWS              | 1 +
 doc/sample.config | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/NEWS b/NEWS
index 5a63666c..f89cc6a5 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,7 @@
   authentication methods). That feature is disabled by default as it
   requires the security module to keep state for each connected user.
 - Corrected escaping of URL-encoded passwords. Patch by Hexchain Tong.
+- Seccomp is now compiled-in by default, and can be enabled at runtime.
 - ocpasswd: Added --delete parameter.
 
 
diff --git a/doc/sample.config b/doc/sample.config
index ae0b4780..c32dd983 100644
--- a/doc/sample.config
+++ b/doc/sample.config
@@ -16,6 +16,11 @@ auth = "plain[./sample.passwd]"
 # to generate password entries.
 #auth = "plain[/etc/ocserv/ocpasswd]"
 
+# Whether to enable seccomp worker isolation. That restricts the number of 
+# system calls allowed to a worker process, in order to reduce damage from a
+# bug in the worker process. It is available on Linux systems at a performance cost.
+#use-seccomp = true
+
 # Whether to enable the authentication method's session control (i.e., PAM).
 # That requires more resources on the server, and makes cookies one-time-use;
 # thus don't enable unless you need it.