From de9f0ca9a8118b135cd83f76f5a3a69015e64056 Mon Sep 17 00:00:00 2001
From: Torben Hansen <50673096+torben-hansen@users.noreply.github.com>
Date: Fri, 6 Sep 2024 14:47:00 -0700
Subject: [PATCH] Add comment about snaspafe in SANDBOXING

---
 SANDBOXING.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/SANDBOXING.md b/SANDBOXING.md
index 0f3eb70051..f2d5b97ae1 100644
--- a/SANDBOXING.md
+++ b/SANDBOXING.md
@@ -120,6 +120,11 @@ Once initialized, this mechanism does not require system calls in the steady
 state, though note the configured page will be inherited across privilege
 transitions.
 
+### Snapsafe protection
+
+Similar considerations to fork protection. The Snapsafe protection
+implementation maps a page that can trip sandboxes.
+
 ## C and C++ standard library
 
 BoringSSL depends on the C and C++ standard libraries which, themselves, do not