changelog: add known issue for restart_on_cert_change panic

Author: AndersonQ

CHANGELOG.asciidoc

@@ -224,6 +224,145 @@ https://github.com/elastic/beats/compare/v8.18.0\...v8.18.1[View commits]
 === Beats version 8.18.0
 https://github.com/elastic/beats/compare/v8.17.4\...v8.18.0[View commits]
 
+==== Known issues
+
+- `restart_on_cert_change` causes panic due to seccomp policy. In versions 8.18.0 and later, enabling this option causes the Beat to panic on restart. This is due to the `eventfd2` syscall missing from the default seccomp policy. To fix this, add `eventfd2` to a custom seccomp policy. Check our https://www.elastic.co/docs/reference/beats/filebeat/linux-seccomp[docs] for further details on how to configure a seccomp policy.
+
+[%collapsible]
+.Click to view the policy
+====
+[source,yaml]
+----
+seccomp:
+  syscalls:
+    - action: allow
+      names:
+        - accept
+        - accept4
+        - access
+        - arch_prctl
+        - bind
+        - brk
+        - capget
+        - chmod
+        - chown
+        - clock_gettime
+        - clock_nanosleep
+        - clone
+        - clone3
+        - close
+        - connect
+        - dup
+        - dup2
+        - dup3
+        - epoll_create
+        - epoll_create1
+        - epoll_ctl
+        - epoll_pwait
+        - epoll_wait
+        - eventfd2
+        - execve
+        - exit
+        - exit_group
+        - faccessat
+        - faccessat2
+        - fchdir
+        - fchmod
+        - fchmodat
+        - fchown
+        - fchownat
+        - fcntl
+        - fdatasync
+        - flock
+        - fstat
+        - fstatfs
+        - fsync
+        - ftruncate
+        - futex
+        - getcwd
+        - getdents
+        - getdents64
+        - geteuid
+        - getgid
+        - getpeername
+        - getpid
+        - getppid
+        - getrandom
+        - getrlimit
+        - getrusage
+        - getsockname
+        - getsockopt
+        - gettid
+        - gettimeofday
+        - getuid
+        - inotify_add_watch
+        - inotify_init1
+        - inotify_rm_watch
+        - ioctl
+        - kill
+        - listen
+        - lseek
+        - lstat
+        - madvise
+        - mincore
+        - mkdirat
+        - mmap
+        - mprotect
+        - munmap
+        - nanosleep
+        - newfstatat
+        - open
+        - openat
+        - pipe
+        - pipe2
+        - poll
+        - ppoll
+        - prctl
+        - pread64
+        - pselect6
+        - pwrite64
+        - read
+        - readlink
+        - readlinkat
+        - recvfrom
+        - recvmmsg
+        - recvmsg
+        - rename
+        - renameat
+        - rseq
+        - rt_sigaction
+        - rt_sigprocmask
+        - rt_sigreturn
+        - sched_getaffinity
+        - sched_yield
+        - sendfile
+        - sendmmsg
+        - sendmsg
+        - sendto
+        - set_robust_list
+        - setitimer
+        - setrlimit
+        - setsockopt
+        - shutdown
+        - sigaltstack
+        - socket
+        - splice
+        - stat
+        - statfs
+        - sysinfo
+        - tgkill
+        - time
+        - tkill
+        - uname
+        - unlink
+        - unlinkat
+        - wait4
+        - waitid
+        - write
+        - writev
+----
+====
+
 ==== Breaking changes
 
 *Affecting all Beats*