diff --git a/daemon/execdriver/native/seccomp_default.go b/daemon/execdriver/native/seccomp_default.go
index dbd00312a3..1075a0b315 100644
--- a/daemon/execdriver/native/seccomp_default.go
+++ b/daemon/execdriver/native/seccomp_default.go
@@ -235,7 +235,8 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Args:   []*configs.Arg{},
 		},
 		{
-			// Probably a bad idea to let containers restart
+			// Probably a bad idea to let containers restart a syscall.
+			// Possible seccomp bypass, see: https://code.google.com/p/chromium/issues/detail?id=408827.
 			Name:   "restart_syscall",
 			Action: configs.Errno,
 			Args:   []*configs.Arg{},