commit - 7a11e8a5d3e80444a8a02dbfc0a8004ead8c72ad
commit + 76fd55f437ac4a738419dc8d16d4aaff98b58a40
blob - b1821c74be58bd4c6a91da5125eb0fe026b4bb88
blob + 7bbc2ed8f0d685235073578bec997bf20e18865e
--- README.md
+++ README.md
@@ -66,8 +66,8 @@ serves; the executor has `stdio sendfd proc exec` as p
 
 On FreeBSD, the executor process is sandboxed with `capsicum(4)`.
 
-On Linux, a `seccomp(2)` filter is installed to filter the syscalls
-allowed, see [sandbox.c](sandbox.c) for more information on the BPF
+On Linux, a `seccomp(2)` filter is installed to allow only certain
+syscalls, see [sandbox.c](sandbox.c) for more information on the BPF
 program.
 
 In any case, you are invited to run gmid inside some sort of