diff --git a/docs/debugging.rst b/docs/debugging.rst
index 0166cb67..059041bf 100644
--- a/docs/debugging.rst
+++ b/docs/debugging.rst
@@ -110,7 +110,7 @@ is doing. For example, to trace ``openat(), read()`` calls::
 
   $ strace -e trace=openat,read -o strace.log -f /app/bin/<application-binary>
 
-`Perf <https://perf.wiki.kernel.org/index.php/Main_Page>`_ requires
+`Perf <https://perfwiki.github.io/main/>`_ requires
 access to ``--filesystem=/sys`` to run::
 
   $ flatpak run --command=perf --filesystem=/sys --filesystem=$(pwd) --devel $FLATPAK_ID record -v -- <command>
diff --git a/docs/sandbox-permissions.rst b/docs/sandbox-permissions.rst
index c432ce7a..54a42e58 100644
--- a/docs/sandbox-permissions.rst
+++ b/docs/sandbox-permissions.rst
@@ -222,7 +222,8 @@ to them with ``--filesystem`` will have no effect::
 
 The entire ``/run`` is not allowed and all subpaths of ``/run`` except
 ``/run/flatpak, /run/host`` is allowed to be exposed via
-``--filesystem``.
+``--filesystem``. Additionally, if ``/var/run`` on host is a symlink to
+``../run``, exposing it or a subpath of it, is not allowed.
 
 Additionally the following directories from host need to be explicitly
 requested with ``--filesystem`` and are not available with