ocserv: added option to use seccomp

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

net/ocserv/Config.in

@@ -7,6 +7,10 @@ config OCSERV_PAM
 	bool "enable PAM"
 	default n
 
+config OCSERV_SECCOMP
+	bool "enable seccomp"
+	default n
+
 config OCSERV_PROTOBUF
 	bool "use external libprotobuf"
 	default y

net/ocserv/Makefile

@@ -22,6 +22,7 @@ PKG_FIXUP:=autoreconf
 
 PKG_CONFIG_DEPENDS:= \
 	CONFIG_OCSERV_PAM \
+	CONFIG_OCSERV_SECCOMP \
 	CONFIG_OCSERV_PROTOBUF \
 
 include $(INCLUDE_DIR)/package.mk
@@ -37,7 +38,7 @@ define Package/ocserv
   TITLE:=OpenConnect VPN server
   URL:=http://www.infradead.org/ocserv/
   MAINTAINER:=Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
-  DEPENDS:= +OCSERV_HTTP_PARSER:libhttp-parser +libgnutls +certtool +libncurses +libreadline +OCSERV_PAM:libpam +OCSERV_PROTOBUF:libprotobuf-c +kmod-tun
+  DEPENDS:= +OCSERV_HTTP_PARSER:libhttp-parser +OCSERV_SECCOMP:libseccomp +libgnutls +certtool +libncurses +libreadline +OCSERV_PAM:libpam +OCSERV_PROTOBUF:libprotobuf-c +kmod-tun
   USERID:=ocserv=72:ocserv=72
 endef
 
@@ -62,6 +63,10 @@ ifneq ($(CONFIG_OCSERV_PAM),y)
 CONFIGURE_ARGS += --without-pam
 endif
 
+ifneq ($(CONFIG_OCSERV_SECCOMP),y)
+CONFIGURE_ARGS += --disable-seccomp
+endif
+
 ifneq ($(CONFIG_OCSERV_PROTOBUF),y)
 CONFIGURE_ARGS += --without-protobuf
 endif

net/ocserv/files/ocserv.conf.template

@@ -18,6 +18,8 @@ auth = "|AUTH|"
 # A banner to be displayed on clients
 banner = "Welcome to OpenWRT"
 
+isolate-workers = true
+
 # When the server has a dynamic DNS address (that may change),
 # should set that to true to ask the client to resolve again on
 # reconnects.