various: fix some typos and formatting issues

Signed-off-by: Steve Beattie <steve.beattie@canonical.com>

AlternativeMethodsforSystemWideRestrictions.md

@@ -21,7 +21,7 @@ Related Documentation
     -   [Application White Listing](ApplicationWhiteListing)
     -   Alternative methods to enforce system wide restrictions (This Document)
 -   [User defined policy in AppArmor](AppArmorUserDefinedPolicy)
--   [Programatic application policy in AppArmor](AppArmorProgramaticApplicationPolicy)
+-   [Programmatic application policy in AppArmor](AppArmorProgramaticApplicationPolicy)
 -   [Putting it all together](AppArmorStackingAndNSFullPolicy)
 
 Introduction

AppArmor2FeatureABI.md

@@ -74,7 +74,10 @@ eg.
   feature-file=/etc/apparmor/features-ABI
 ```
 
-Once this is set the apparmor_parser will compile all policy using the feature ABI in the /etc/apparmor/features-ABI file, unless it is explicitly overridded by passing the --features-file option directly to the apparmor_parser on the command line.
+Once this is set the apparmor_parser will compile all policy using
+the feature ABI in the /etc/apparmor/features-ABI file, unless it is
+explicitly overridden by passing the --features-file option directly
+to the apparmor_parser on the command line.
 
 ### issues
 

AppArmor_Core_Policy_Reference.md

@@ -131,9 +131,9 @@ Notes:
 -   Nesting expressions in alternations - first allowed in apparmor 2.3
 -   special characters can be matched against by escaping them with the **\\** character. eg. \\\*
     -   the escape character **\\** is matched by escaping it. eg. \\\\
--   characters can be expressed as a number using the escape character **\\** followed by the characters numner.
+-   characters can be expressed as a number using the escape character **\\** followed by the characters number.
     -   octal number representation \\001
-    -   hexidecimal number representation \\x5f
+    -   hexadecimal number representation \\x5f
 
 #### Examples using globbing to match files
 
@@ -278,7 +278,7 @@ profile attaches.
 Profile names begin with an optional namespace name (see namespaces
 below) followed by the profile name. Profile names must begin with
 either an alphanumeric character or if an attachment specification
-**/** or a variable that when expanded matches the aformentioned
+**/** or a variable that when expanded matches the aforementioned
 restrictions, and they can not begin with the sequence **//** and
 within the profile // has special meaning. Profile names can not end
 with the **/** character, nor can they end with the **,** character
@@ -477,7 +477,7 @@ As of 3.???? it is possible to make the attachment conditional upon
 the user or executable owner
 
 ```
- profile name ower=jj /example/attachment { }
+ profile name owner=jj /example/attachment { }
  profile name user=foo /example/attachment { }
 ```
 
@@ -652,7 +652,7 @@ be used with change\_hat without an explicit hat rule.
 “Hats” and local profiles are actually just standard profiles
 with special names. When a hat or Local profile is loaded, its name
 in the logs and as reported by ps -Z is the name of the parent profile
-and the name of the local profile seperated by '//'.
+and the name of the local profile separated by '//'.
 
 Example
 -------
@@ -680,7 +680,7 @@ Will show up as 4 profiles in the loaded profile listing.
  /parent/profile//foo
  /parent/profile//local.profile
  /parent/profile///bin/grep
-``` 
+```
 
 #### External Local Profiles and Hats
 
@@ -1650,7 +1650,7 @@ stacking profiles
  /program pix -> <profile> + <profile>
 ```
 
-domain hierachies - virt profiles, hat struct to represent transitions(tomoyo style)????
+domain hierarchies - virt profiles, hat struct to represent transitions(tomoyo style)????
 
 ???? change\_profile trigger rules ???? /foo w -&gt; <profile>
 
@@ -1662,7 +1662,7 @@ inherit fall back mode.
 
 ##### New transition mode cx
 
-The new cx permision is like px except it specifies a transition to
+The new cx permission is like px except it specifies a transition to
 a child (also known as local) profile. Just as with px, cx specifies
 transitioning to a profile who's name matches the executable, except
 instead of searching the global profile set, only the local profiles
@@ -1730,7 +1730,7 @@ Example:
 }
 ```
 
-Using cx in a named profile transition is a convience and is
+Using cx in a named profile transition is a convenience and is
 equivalent to specifying px with the parent profile name properly
 prepended. ie. the cx line from the above example is equivalent to
 
@@ -2410,7 +2410,7 @@ permissions from another rule.
 
 -   create - permission to create a socket of the domain, type, protocol specified.
 -   shutdown - permission to shutdown the socket.
--   listen\[=X\] - permission to listen on a socket of the domain, type, protocl specified. If the optional backlog parameter is specified it limits the maximum size that can be pasted to listen.
+-   listen\[=X\] - permission to listen on a socket of the domain, type, protocol specified. If the optional backlog parameter is specified it limits the maximum size that can be pasted to listen.
 -   bind - permission to bind to an address that matches the source address expression. If no source address is specified it will bind to any address.
 -   connect - permission to connect the socket to an address that matches the dest address expression. If the destination address is not specified it can connect to any address.
 -   accept - permission to accept connections from an address that matches the dest address expression. If the desitionation address is not specified connections from any address may be accepted.
@@ -2878,10 +2878,10 @@ profiles ruleset.
 
 #### Revalidation - Interaction of IPC with other rules
 
-Ipc rule interact with file and network rules so it is important to
+IPC rules interact with file and network rules so it is important to
 understand how they interact. When a file or network object is being
 created, or opened the file or network rules are applied, creating
-a labeling on the opened resouce (object). When data, an open file
+a labeling on the opened resource (object). When data, an open file
 or network object is passed between tasks ipc rules are applied, to
 determine if the data or object can be passed. However if there is not
 an ipc rule governing the interaction (either positive or negative)
@@ -2936,7 +2936,7 @@ an applications rlimits (man 2 setrlimit) also known as ulimits
 applications rlimits, and it will only control those limits that
 there is a specific rule for in the confining profile.
 
-AppArmor leverages linux's rlimits and as such does not provide
+AppArmor leverages Linux's rlimits and as such does not provide
 an additional auditing than would normally occur. Also AppArmor's
 rlimits only every reduce an applications current rlimits, they can
 not be used to raise the value of any limit that has been set.
@@ -2959,7 +2959,7 @@ AppArmor's rlimit control does not affect an applications soft limits
 beyond ensuring that they are less than or equal to the applications
 hard limits.
 
-Audit of rlimits only happend when a task tries to set its rlimits,
+Audit of rlimits only happened when a task tries to set its rlimits,
 as the enforcement of the rlimit is not done by AppArmor.
 
 AppArmor 2.7 adds the ability to control the setting of rlimits with
@@ -3122,11 +3122,11 @@ change\_profile
 
 ### change\_profile on exec
 
--   conveneience form of change\_profile
+-   convenience form of change\_profile
 -   profile transition is delayed until exec time
-    -   equivalent to change\_profile + stubprofile with px rule to destination
+    -   equivalent to change\_profile + stub profile with px rule to destination
 -   overrides x rules
--   elminates the need for stub profiles
+-   eliminates the need for stub profiles
 
 confined vs. unconfined
 
@@ -3220,7 +3220,7 @@ first.
 
 Change\_profile provides a one way transition, that allows an
 application to go through a setup phase and then when setup is done,
-transition to a profile with less privledge. Any resources mapped
+transition to a profile with less privilege. Any resources mapped
 or opened during the startup phase may still be accessible after the
 profile change but the new profile will restrict the opening of new
 resources, and will even limit some of the resources opened before
@@ -3233,8 +3233,8 @@ be limited.
 Change\_profile is best used in situations where an application goes
 through a trusted setup phase and then can lower its privlege level.
 
-Change\_hat is designed to be used in situations where privlege
-is temporarily dropped and then reaquired after a time. As such
+Change\_hat is designed to be used in situations where privilege
+is temporarily dropped and then re-acquired after a time. As such
 change\_hat is restricted to where it can be safely used. Since
 change\_hat stores the return secret key in the applications memory
 the phase of reduced privilege should not have direct access to