diff --git a/Dockerfile b/Dockerfile
index 4c48c20..c57a515 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,6 +9,13 @@ RUN apt-get install -yq keepass2 xdotool paxctl \
     && rm -rf /var/lib/apt/lists
 
 # make KeePass2 grsec friendly
+#
+# To build the Docker image, I currently had to disable the following grsec protections:
+# # grep -E "chroot_deny_chmod|chroot_deny_mknod|chroot_caps" /etc/sysctl.d/grsec.conf
+# kernel.grsecurity.chroot_deny_chmod = 0
+# kernel.grsecurity.chroot_deny_mknod = 0
+# kernel.grsecurity.chroot_caps = 0 (relates to a systemd package)
+#
 # m: Disable MPROTECT // grsec: denied RWX mmap of <anonymous mapping>
 # (runtime only, since xattrs are not preserved in Docker's final image)
 # RUN setfattr -n user.pax.flags -v "m" /usr/bin/mono-sgen