commit - 7a11e8a5d3e80444a8a02dbfc0a8004ead8c72ad
commit + 76fd55f437ac4a738419dc8d16d4aaff98b58a40
blob - b1821c74be58bd4c6a91da5125eb0fe026b4bb88
blob + 7bbc2ed8f0d685235073578bec997bf20e18865e
--- README.md
+++ README.md
On FreeBSD, the executor process is sandboxed with `capsicum(4)`.
-On Linux, a `seccomp(2)` filter is installed to filter the syscalls
-allowed, see [sandbox.c](sandbox.c) for more information on the BPF
+On Linux, a `seccomp(2)` filter is installed to allow only certain
+syscalls, see [sandbox.c](sandbox.c) for more information on the BPF
program.
In any case, you are invited to run gmid inside some sort of