commit - 3499ce5a9ac180a805d8e507207accf8ea352f48
commit + 67c49bc5c794c4375344ea010be608572d6f0070
blob - 6a3ac3838201f906398badc0ad56a1d7e904255c
blob + afce605094d0463f3b5df503357832f201658698
--- README.md
+++ README.md
@@ -174,7 +174,8 @@ On FreeBSD, the listener and logger process are sandbo
 
 On Linux, a `seccomp(2)` filter is installed in the listener to allow
 only certain syscalls, see [sandbox.c](sandbox.c) for more information
-on the BPF program.
+about the BPF program.  If available, landlock is used to limit the
+portion of the file system gmid can access (requires linux 5.13+.)
 
 In any case, it's advisable to run gmid inside some sort of
 container/jail/chroot.