3 files changed, 9 insertions, 1 deletions

diff --git a/doc/doc.RPKI.RP.rcynic b/doc/doc.RPKI.RP.rcynic
index 0b609778..4bd95ae1 100644
--- a/doc/doc.RPKI.RP.rcynic
+++ b/doc/doc.RPKI.RP.rcynic
@@ -430,7 +430,7 @@ Experimental. Attempts to work around OpenSSL's strong preference for self-
 signed trust anchors.
 
 We're not going to explain this one in any further detail. If you really want
-to know what it does, Use The Source.
+to know what it does, Use The Source, Luke.
 
 Do not even consider enabling this option unless you are intimately familiar
 with both X.509 and the internals of OpenSSL's X509_verify_cert() function and
diff --git a/doc/doc.RPKI.RP.rcynicChroot b/doc/doc.RPKI.RP.rcynicChroot
index a07dd357..b9d70d3d 100644
--- a/doc/doc.RPKI.RP.rcynicChroot
+++ b/doc/doc.RPKI.RP.rcynicChroot
@@ -38,6 +38,14 @@ vendors or due to hidden use of dynamic loading by other libraries at runtime.
 Once again, the Makefiles attempt to do the correct thing for your environment
 if they know what it is, but they might get it wrong.
 
+You may also find that the dynamic loader looks in a different place than you
+(and the Makefiles) would expect when running within the chroot jail. For
+example, you might think that library /usr/local/lib/libfoo.so being installed
+into a jail named /var/rcynic should go into /var/rcynic/usr/local/lib/
+libfoo.so, but we've seen cases where the dynamic loader ended up expecting to
+find it in /var/rcynic/lib/libfoo.so. Getting this right may require a bit of
+trial and error.
+
 You'll need a chroot wrapper program. As mentioned above, rcynic-cron can act
 as that wrapper program; if this works for you, we recommend it, because it
 works the same way on all platforms and doesn't require additional external
diff --git a/doc/manual.pdf b/doc/manual.pdf
index 163894d4..a00153bb 100644
--- a/doc/manual.pdf
+++ b/doc/manual.pdf