diff --git a/docs/jailer.md b/docs/jailer.md
index 3025701260e..aae3edf9a09 100644
--- a/docs/jailer.md
+++ b/docs/jailer.md
@@ -108,7 +108,8 @@ After starting, the Jailer goes through the following operations:
   for `/usr/bin/firecracker`). Nothing is done if the path already
   exists (it should not, since `id` is supposed to be unique).
 - Copy `exec_file` to
-  `<chroot_base>/<exec_file_name>/<id>/root/<exec_file_name>`.
+  `<chroot_base>/<exec_file_name>/<id>/root/<exec_file_name>`. This ensures the
+  new process will not share memory with any other Firecracker process.
 - Set resource bounds for current process and its children through
   `--resource-limit` argument, by calling `setrlimit()` system call with the
   specific resource argument. If no limits are provided, the jailer bounds
diff --git a/src/jailer/src/env.rs b/src/jailer/src/env.rs
index 5a41a183390..6d1a4215600 100644
--- a/src/jailer/src/env.rs
+++ b/src/jailer/src/env.rs
@@ -416,8 +416,13 @@ impl Env {
         // a new PathBuf, with something like chroot_dir.join(exec_file_name) ?!
         self.chroot_dir.push(exec_file_name);
 
-        // TODO: hard link instead of copy? This would save up disk space, but hard linking is
-        // not always possible :(
+        // We do a copy instead of a hard-link for 2 reasons
+        // 1. hard-linking is not possible if the file is in another device
+        // 2. while hardlinking would save up disk space and also memory by
+        //    sharing parts of the Firecracker binary (like the executable .text
+        //    section), this latter part is not desirable in Firecracker's
+        //    threat model. Copying prevents 2 Firecracker processes from
+        //    sharing memory.
         fs::copy(&self.exec_file_path, &self.chroot_dir).map_err(|err| {
             Error::Copy(self.exec_file_path.clone(), self.chroot_dir.clone(), err)
         })?;