diff --git a/config-linux.md b/config-linux.md
index 178361f34..7f135cb5b 100644
--- a/config-linux.md
+++ b/config-linux.md
@@ -718,6 +718,7 @@ The following parameters can be specified to set up seccomp:
     This field MUST NOT be set if `listenerPath` is not set.
 
 * **`syscalls`** *(array of objects, OPTIONAL)* - match a syscall in seccomp.
+    When the syscall matches multiple entries, only the first entry is effective.
     While this property is OPTIONAL, some values of `defaultAction` are not useful without `syscalls` entries.
     For example, if `defaultAction` is `SCMP_ACT_KILL` and `syscalls` is empty or unset, the kernel will kill the container process on its first syscall.
     Each entry has the following structure: