diff --git a/docs/configuration.md b/docs/configuration.md
index e5e50ea..d8d6ec2 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -72,3 +72,7 @@ In order to allow full networking support in Nomad, the `containernetworking-plu
 ```
 
 If the path is not set up correctly or the dependency is missing, the following error will be shown in Nomad: `failed to find plugin "bridge" in path [/opt/cni/bin]`
+
+### Use gVisor as a sandbox
+
+We recommend using gVisor as a sandbox for the execution environments. First, [install gVisor following the official documentation](https://gvisor.dev/docs/user_guide/install/) and second, adapt the `/etc/docker/daemon.json` with reasonable defaults as shown in our [example configuration for Docker](./resources/docker.daemon.json).
diff --git a/docs/resources/client.example.hcl b/docs/resources/client.example.hcl
index 0b75c70..63c7f9c 100644
--- a/docs/resources/client.example.hcl
+++ b/docs/resources/client.example.hcl
@@ -9,12 +9,9 @@ client {
 
 plugin "docker" {
     config {
+        allow_runtimes = ["runsc"]
         gc {
             image_delay = "0s"
         }
-
-        # auth {
-            # config = "/root/.docker/config.json"
-        # }
     }
 }
diff --git a/docs/resources/docker.daemon.json b/docs/resources/docker.daemon.json
new file mode 100644
index 0000000..43accc3
--- /dev/null
+++ b/docs/resources/docker.daemon.json
@@ -0,0 +1,10 @@
+{
+  "default-runtime": "runsc",
+  "runtimes": {
+    "runsc": {
+      "path": "/usr/bin/runsc",
+      "runtimeArgs": [
+      ]
+    }
+  }
+}