diff --git a/README.md b/README.md
index 4ca3b7b7ff7f..841752abeeff 100644
--- a/README.md
+++ b/README.md
@@ -228,7 +228,7 @@ During development, BuildKit is tested with the version of runc that is being us
 
 ### Running BuildKit without root privileges
 
-Please refer to `[docs/rootless.md]`(docs/rootless.md).
+Please refer to [`docs/rootless.md`](docs/rootless.md).
 
 ### Contributing
 
diff --git a/docs/rootless.md b/docs/rootless.md
index 38200c973526..3f5420db4c50 100644
--- a/docs/rootless.md
+++ b/docs/rootless.md
@@ -1,13 +1,13 @@
 # Rootless mode (Experimental)
 
 Requirements:
-- runc (May 30, 2018) or later
+- runc `ecd55a4135e0a26de884ce436442914f945b1e76` (May 30, 2018) or later
 - Some distros such as Debian and Arch Linux require `echo 1 > /proc/sys/kernel/unprivileged_userns_clone`
 - `newuidmap` and `newgidmap` need to be installed on the host. These commands are provided by the `uidmap` package.
 - `/etc/subuid` and `/etc/subgid` should contain >= 65536 sub-IDs. e.g. `penguin:231072:65536`.
 - To run in a Docker container with non-root `USER`, `docker run --privileged` is still required. See also Jessie's blog: https://blog.jessfraz.com/post/building-container-images-securely-on-kubernetes/
 
-Setting up rootless mode also requires some bothersome steps as follows, but we will soon have automation tool.
+Setting up rootless mode also requires some bothersome steps as follows, but you can also use [`rootlesskit`](https://github.com/AkihiroSuda/rootlesskit) for automating these steps.
 
 ## Terminal 1: