01/01: website: services-in-containers: Fix typos, improve wording.

[Ludovic Court�s]

civodul pushed a commit to branch master
in repository guix-artwork.

commit 510b0bcc56f15b79c32c7c46ddc2b56afe6c4455
Author: Ludovic Courtès <address@hidden>
Date:   Thu Apr 13 23:34:23 2017 +0200

    website: services-in-containers: Fix typos, improve wording.
    
    * website/posts/running-services-in-containers.md: Fix typos and issues
    reported by Leo & Ricardo.
---
 website/posts/running-services-in-containers.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/website/posts/running-services-in-containers.md 
b/website/posts/running-services-in-containers.md
index d1b064d..67671b0 100644
--- a/website/posts/running-services-in-containers.md
+++ b/website/posts/running-services-in-containers.md
@@ -1,5 +1,5 @@
 title: Running system services in containers
-date: 2017-04-13 14:45
+date: 2017-04-14 14:45
 author: Ludovic Courtès
 tags: system services containers shepherd
 ---
@@ -15,7 +15,7 @@ feature.
 #### The problem
 
 Our computers run many programs that talk to the Internet, and the
-Internet is a unsafe place as we all know—with states and assorted
+Internet is an unsafe place as we all know—with states and assorted
 organizations
 [collecting “zero-day exploits”](https://www.wired.com/2014/04/obama-zero-day/)
 to exploit them as they see fit.  One of the big tasks of operating
@@ -37,18 +37,18 @@ languages, as is the case for Guix and GuixSD.  Projects 
that have been
 using C are even considering a complete rewrite,
 [as is the case for 
Tor](https://lists.torproject.org/pipermail/tor-dev/2017-March/012088.html).
 Of course the switch away from memory-unsafe languages won’t happen
-overnight, but it’s good to see this becoming more consensual.
+overnight, but it’s good to see a consensus emerging.
 
 The operating system side of things is less bright.  Although the
 [principle of least authority 
(POLA)](https://en.wikipedia.org/wiki/Principle_of_least_authority)
-has been well-known in operating system circles for a long time, it has
-remained foreign to Unix and GNU/Linux.  Processes run with the full
+has been well-known in operating system circles for a long time, it
+remains foreign to Unix and GNU/Linux.  Processes run with the full
 authority of their user.  On top of that, until recent changes to the
 Linux kernel, resources were global and there was essentially a unique
 view of the file system, of the process hierarchy, and so on.  So when a
 remote-code-execution vulnerability affects a system service—like
 [in the BitlBee instant messaging gateway 
(CVE-2016-10188)](https://bugs.bitlbee.org/ticket/1281)
-running on my laptop—an attacker can potentially do a lot on your
+running on my laptop—an attacker could potentially do a lot on your
 machine.
 
 Fortunately, many daemons have built-in mechanisms to work around this
@@ -92,7 +92,7 @@ term is sometimes used to denote much larger tooling and 
practices built
 around namespaces.)  Why not use that to better isolate system services?
 
 Apparently this idea has been floating around.  systemd has been
-[considering extending its “unit files”](https://lwn.net/Articles/706025/)
+[considering to extend its “unit files”](https://lwn.net/Articles/706025/)
 to include directives instructing systemd to run daemons in separate
 namespaces.  GuixSD uses
 [the Shepherd](https://www.gnu.org/software/shepherd) instead of
@@ -102,7 +102,7 @@ we had been considering for a while.
 In fact, adding the ability to run system services in containers was a
 low-hanging fruit: we already had
 
[`call-with-container`](https://www.gnu.org/software/guix/news/container-provisioning-with-guix.html)
-to run code in containers, so all we needed to do
+to run code in containers, so all we needed to do was to
 [provide a containerized service 
starter](https://git.savannah.gnu.org/cgit/guix.git/commit/?id=63302a4e55241a41eab4c21d7af9fbd0d5817459)
 that uses `call-with-container`.