edits

Author: aevesdocker

_vale/config/vocabularies/Docker/accept.txt

@@ -79,7 +79,6 @@ Postgres
 PowerShell
 Python
 S3
-Seccomp
 SQLite
 Slack
 Snyk
@@ -93,7 +92,6 @@ Traefik
 Ubuntu
 Unix
 VMware
-VM
 Wasm
 Windows
 WireMock
@@ -122,6 +120,7 @@ Zsh
 [Rr]eal-time
 [Rr]untimes?
 [Ss]andbox(ed)?
+[Ss]eccomp
 [Ss]wappable
 [Ss]warm
 [Ss]ysfs

content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md

@@ -21,7 +21,7 @@ Enhanced Container Isolation ensures stronger container isolation and also locks
 
 > [!NOTE]
 >
-> ECI is in addition to other container security techniques used by Docker. For example, reduced Linux Capabilities, Seccomp, AppArmor.
+> ECI is in addition to other container security techniques used by Docker. For example, reduced Linux Capabilities, seccomp, and AppArmor.
 
 ## Who is it for?
 

content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/config.md

@@ -176,7 +176,7 @@ A couple of caveats:
 
 * The `allowDerivedImages` setting only applies to local-only images built from
   an allowed image. That is, the derived image must not be present in a remote
-  repository because if it were, you would just list it's name in the `imageList`.
+  repository because if it were, you would just list its name in the `imageList`.
 
 * For derived image checking to work, the parent image (i.e., the image in the
   `imageList`) must be present locally (i.e., must have been explicitly pulled
@@ -329,9 +329,8 @@ Whether to configure the list as an allow or deny list depends on the use case.
 | `feedback`             | Send feedback to Docker |
 | `init`                 | Creates Docker-related starter files |
 | `manifest`             | Manages Docker image manifests |
-| `plugins`              | Manages plugins |
+| `plugin`              | Manages plugins |
 | `sbom`                 | View Software Bill of Materials (SBOM) |
-| `scan`                 | Docker Scan |
 | `scout`                | Docker Scout |
 | `trust`                | Manage trust on Docker images |
 

content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/features-benefits.md

@@ -55,7 +55,7 @@ container-to-host and cross-container isolation.
 
 Privileged containers `docker run --privileged ...` are insecure because they
 give the container full access to the Linux kernel. That is, the container runs
-as true root with all capabilities enabled, Seccomp and AppArmor restrictions
+as true root with all capabilities enabled, seccomp and AppArmor restrictions
 are disabled, all hardware devices are exposed, for example.
 
 Organizations aiming to secure Docker Desktop on developers' machines face challenges with privileged containers. These containers, whether running benign or malicious workloads, can gain control of the Linux kernel within the Docker Desktop VM, potentially altering security related settings, for example registry

content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/how-eci-works.md

@@ -51,10 +51,10 @@ container and the Linux kernel inside the Docker Desktop VM.
 
 For more information, see [Key features and benefits](features-benefits.md).
 
-### Enhanced Container Isolation versus Docker Userns-Remap Mode
+### Enhanced Container Isolation versus user namespeace remapping
 
 The Docker Engine includes a feature called [userns-remap mode](/engine/security/userns-remap/)
-that enables the user-namespace in all containers. However it suffers from a few
+that enables the user namespace in all containers. However it suffers from a few
 [limitations](/engine/security/userns-remap/) and it's
 not supported within Docker Desktop.
 

content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/limitations.md

@@ -50,17 +50,15 @@ Windows hosts and access Docker from within.
 ### ECI protection for Docker builds with the "docker" driver
 
 Prior to Docker Desktop 4.30, `docker build` commands that use the buildx
-`docker` driver (the default) are not protected by ECI (i.e., the build runs
-rootful inside the Docker Desktop VM).
+`docker` driver (the default) are not protected by ECI, in other words the build runs
+rootful inside the Docker Desktop VM.
 
 Starting with Docker Desktop 4.30, `docker build` commands that use the buildx
-`docker` driver are protected by ECI (i.e., the build runs rootless inside
-the Docker Desktop VM), except when Docker Desktop is configured to use WSL 2
+`docker` driver are protected by ECI, except when Docker Desktop is configured to use WSL 2
 (on Windows hosts).
 
 Note that `docker build` commands that use the `docker-container` driver are
-always protected by ECI (i.e., the build runs inside a rootless Docker
-container). 
+always protected by ECI. 
 
 ### Docker Build and Buildx have some restrictions