mention landlock in the README

2021-09-19 17:08:12 +00:00 · 2021-09-19 17:08:12 +00:00 · 67c49bc5c7
parent 3499ce5a9a
commit 67c49bc5c7
1 changed files with 2 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -174,7 +174,8 @@ On FreeBSD, the listener and logger process are sandboxed with `capsicum(4)`.

 On Linux, a `seccomp(2)` filter is installed in the listener to allow
 only certain syscalls, see [sandbox.c](sandbox.c) for more information
-on the BPF program.
+about the BPF program.  If available, landlock is used to limit the
+portion of the file system gmid can access (requires linux 5.13+.)

 In any case, it's advisable to run gmid inside some sort of
 container/jail/chroot.