Merge branch 'stable-2.6'

[ganeti-local] / doc / security.rst

diff --git a/doc/security.rst b/doc/security.rst
index 48251c0..10010ab 100644 (file)
--- a/doc/security.rst
+++ b/doc/security.rst
@@ -93,7 +93,7 @@ Remote API
 ----------
 
 Starting with Ganeti 2.0, Remote API traffic is encrypted using SSL/TLS
-by default. It supports Basic authentication as per RFC2617.
+by default. It supports Basic authentication as per :rfc:`2617`.
 
 Paths for certificate, private key and CA files required for SSL/TLS
 will be set at source configure time. Symlinks or command line
@@ -122,11 +122,11 @@ only one available before Ganeti 2.1.2.
 
 Under security model 'user' an instance is run as the user specified by
 the hypervisor parameter 'security_domain'. This makes it easy to run
-all instances as non privileged users, and allows to manually allocate
-specific users to specific instances or sets of instances. If the
-specified user doesn't have permissions a jail broken instance will need
-some local privilege escalation before being able to take over the node
-and the cluster. It's possible though for a jail broken instance to
+all instances as non privileged users, and allows one to manually
+allocate specific users to specific instances or sets of instances. If
+the specified user doesn't have permissions a jail broken instance will
+need some local privilege escalation before being able to take over the
+node and the cluster. It's possible though for a jail broken instance to
 affect other ones running under the same user.
 
 Under security model 'pool' a global cluster-level uid pool is used to