diff --git a/doc/man/zathurarc.5.rst b/doc/man/zathurarc.5.rst
index 1ee368f..3d7f84a 100644
--- a/doc/man/zathurarc.5.rst
+++ b/doc/man/zathurarc.5.rst
@@ -967,6 +967,9 @@ zathura
   * printing
   * bookmarks and history
 
+  The strict sandbox mode is still experimental with some libc implementations.
+  Currently supported and tested libc implementations: glibc
+
   No feature regressions are expected when using normal sandbox mode.
 
   When running under WSL, the default is "none" since seccomp is not supported in
diff --git a/zathura/seccomp-filters.c b/zathura/seccomp-filters.c
index 503e807..1f2b173 100644
--- a/zathura/seccomp-filters.c
+++ b/zathura/seccomp-filters.c
@@ -106,13 +106,16 @@ seccomp_enable_basic_filter(void)
   DENY_RULE(uselib);
   DENY_RULE(vmsplice);
 
-  /*TODO
+  /*
    *
    * In case this basic filter is actually triggered, print a clear error message to report this
    *   The syscalls here should never be executed by an unprivileged process
    *
    * */
 
+  girara_debug("Using a basic seccomp filter to blacklist privileged system calls! \
+          Errors reporting 'bad system call' may be an indicator of compromise");
+
   /* applying filter... */
   if (seccomp_load(ctx) >= 0) {
     /* free ctx after the filter has been loaded into the kernel */