mention landlock in the README

author: Omar Polo <op@omarpolo.com> 2021-09-19 17:08:12 +0000
committer: Omar Polo <op@omarpolo.com> 2021-09-19 17:08:12 +0000
commit: 67c49bc5c794c4375344ea010be608572d6f0070 (patch)
tree: ae9a704cc538e32e964dc49785f262b6a5061f20 /README.md
parent: 3499ce5a9ac180a805d8e507207accf8ea352f48 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/README.md b/README.md
index 6a3ac38..afce605 100644
--- a/README.md
+++ b/README.md
@@ -174,7 +174,8 @@ On FreeBSD, the listener and logger process are sandboxed with `capsicum(4)`.
 
 On Linux, a `seccomp(2)` filter is installed in the listener to allow
 only certain syscalls, see [sandbox.c](sandbox.c) for more information
-on the BPF program.
+about the BPF program.  If available, landlock is used to limit the
+portion of the file system gmid can access (requires linux 5.13+.)
 
 In any case, it's advisable to run gmid inside some sort of
 container/jail/chroot.
author	Omar Polo <op@omarpolo.com>	2021-09-19 17:08:12 +0000
committer	Omar Polo <op@omarpolo.com>	2021-09-19 17:08:12 +0000
commit	67c49bc5c794c4375344ea010be608572d6f0070 (patch)
tree	ae9a704cc538e32e964dc49785f262b6a5061f20 /README.md
parent	3499ce5a9ac180a805d8e507207accf8ea352f48 (diff)