diff --git a/config-linux.md b/config-linux.md
index b4f8b7c67..ee248b2d0 100644
--- a/config-linux.md
+++ b/config-linux.md
@@ -171,6 +171,14 @@ Also known as cgroups, they are used to restrict resource usage for a container
 cgroups provide controls (through controllers) to restrict cpu, memory, IO, pids, network and RDMA resources for the container.
 For more information, see the [kernel cgroups documentation][cgroup-v1].
 
+A runtime MAY refuse to create or start a new container, or a process inside an
+existing container, if the cgroup which it is to be placed into is considered
+not fit for purpose. Examples include an existing frozen or (for a new
+container) non-empty cgroup. The reason for this is that accepting such
+configurations could cause container operation outcomes that users may not
+anticipate or understand, such as operation on one container inadvertently
+affecting other containers.
+
 ### <a name="configLinuxCgroupsPath" />Cgroups Path
 
 **`cgroupsPath`** (string, OPTIONAL) path to the cgroups.