diff --git a/docs/userguide/dockervolumes.md b/docs/userguide/dockervolumes.md
index ef15fa0cbb..c08cf5c5c7 100644
--- a/docs/userguide/dockervolumes.md
+++ b/docs/userguide/dockervolumes.md
@@ -141,11 +141,18 @@ $ docker run -d -P --name web -v /src/webapp:/opt/webapp:ro training/webapp pyth
 Here we've mounted the same `/src/webapp` directory but we've added the `ro`
 option to specify that the mount should be read-only.
 
+Because of [limitations in the `mount`
+function](http://lists.linuxfoundation.org/pipermail/containers/2015-April/
+035788.html), moving subdirectories within the host's source directory can give
+access from the container to the host's file system. This requires a malicious
+user with access to host and its mounted directory. 
+
 >**Note**: The host directory is, by its nature, host-dependent. For this
 >reason, you can't mount a host directory from `Dockerfile` because built images
 >should be portable. A host directory wouldn't be available on all potential
 >hosts.
 
+
 ### Mount a host file as a data volume
 
 The `-v` flag can also be used to mount a single file  - instead of *just*