diff --git a/nixos/modules/security/grsecurity.nix b/nixos/modules/security/grsecurity.nix
index 4b9a11cf6dc..6b4dbe8e11f 100644
--- a/nixos/modules/security/grsecurity.nix
+++ b/nixos/modules/security/grsecurity.nix
@@ -97,7 +97,7 @@ in
 
     # Configure system tunables
     boot.kernel.sysctl = {
-      # Removed under grsecurity
+      # Read-only under grsecurity
       "kernel.kptr_restrict" = mkForce null;
     } // optionalAttrs config.nix.useSandbox {
       # chroot(2) restrictions that conflict with sandboxed Nix builds