Author: z3bra <willyatmailoodotorg>
Date: Thu, 31 Mar 2016 06:26:10 +0000
Typos in hand-crafted containers, thanks jwilk
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/2016/03/hand-crafted-containers.txt b/2016/03/hand-crafted-containers.txt
@@ -20,7 +20,7 @@ host operating system. This isolation can happen in different places
(namespaces), be it in the network, the filesystem, the process tree, or all of
them (there are more, in fact. More on this later).
-We can differenciate three types of containers:
+We can differentiate three types of containers:
+ operating system containers
+ application containers
@@ -123,7 +123,7 @@ part here is the following:
> dynamically linked, interpreter /lib/ld-linux-x86-64.so.2
Dynamically linked binaries cannot be run on their own. Long story short,
-`/lib/ld-linux-x86-64.so.2` is a program that is implicitely called to run all
+`/lib/ld-linux-x86-64.so.2` is a program that is implicitly called to run all
the dynamic binaries on a linux system, it's called the
[linker](https://en.wikipedia.org/wiki/Dynamic_linker). So in order to have a
binary run in the chroot, you need to copy over the linker AND all the libraries
@@ -160,7 +160,7 @@ for a linker and libc in the chroot:
Let's take a look at the size of this "container". For scale, the
"[Smallest possible docker container](https://docs.docker.com/articles/baseimages/#creating-a-simple-base-image-using-scratch)"
$ du -sh rootfs
@@ -192,7 +192,7 @@ This tool is the one that will actually isolate containers. It has been created
especially for this purpose, and will let you run a process unshared from
different namespaces: mount, user, network, PID, IPC and UTS.
In the same order, each flag will separate your `command` from the given
-namespace. See `unshare(1)` for more informations:
+namespace. See `unshare(1)` for more information:
unshare -m -U -n -p -i -u <command>
@@ -227,7 +227,7 @@ You need to be familiar with the concept of
(veth) pairs here.
Virtual ethernet devices pairs acts like both ends of a tube: when a packet is
written on one end, it is also written on the other. This simple concept will
-help us get an internet acces *inside* the container, while using the network
+help us get an internet access *inside* the container, while using the network
stack of the host.
The process is easy: we will create a `veth` pair, move one end inside the