tree-wide: 'allows to' -> 'allows one to'

As flagged by Lintian

docs/ELF_PACKAGE_METADATA.md

@@ -14,7 +14,7 @@ or parse ELF core files.*
 
 ELF binaries get stamped with a unique, build-time generated hex string identifier called `build-id`,
 [which gets embedded as an ELF note called `.note.gnu.build-id`](https://fedoraproject.org/wiki/Releases/FeatureBuildId).
-In most cases, this allows to associate a stripped binary with its debugging information.
+In most cases, this allows a stripped binary to be associated with its debugging information.
 It is used, for example, to dynamically fetch DWARF symbols from a debuginfo server, or
 to query the local package manager and find out the package metadata or, again, the DWARF
 symbols or program sources.

docs/MEMORY_PRESSURE.md

@@ -169,7 +169,7 @@ pressure handling:
   setting controls whether to enable the memory pressure protocol for the
   service in question.
 
-* The `MemoryPressureThresholdSec=` setting allows to configure the threshold
+* The `MemoryPressureThresholdSec=` setting allows configuring the threshold
   when to signal memory pressure to the services. It takes a time value
   (usually in the millisecond range) that defines a threshold per 1s time
   window: if memory allocation latencies grow beyond this threshold

man/systemd-cryptenroll.xml

@@ -331,7 +331,7 @@
         <term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term>
 
         <listitem><para>Enroll a PKCS#11 security token or smartcard (e.g. a YubiKey). Expects a PKCS#11 URI
-        that allows to find an X.509 certificate or a public key on the token. The URI must also be suitable
+        that allows finding an X.509 certificate or a public key on the token. The URI must also be suitable
         to find a related private key after changing the type of object in it. Alternatively the special
         value <literal>auto</literal> may be specified, in order to automatically determine the suitable URI
         if a single security token containing a single key pair is plugged in. The special value

src/analyze/analyze-security.c

@@ -2729,7 +2729,7 @@ static int offline_security_checks(
 
                 /* When a portable image is analyzed, the profile is what provides a good chunk of
                  * the security-related settings, but they are obviously not shipped with the image.
-                 * This allows to take them in consideration. */
+                 * This allows them to be taken into consideration. */
                 if (profile) {
                         _cleanup_free_ char *unit_name = NULL, *dropin = NULL, *profile_path = NULL;
 

src/boot/efi/secure-boot.c

@@ -33,7 +33,7 @@ SecureBootMode secure_boot_mode(void) {
 }
 
 /*
- * Custom mode allows to change secure boot certificate databases db, dbx, KEK and PK without the variable
+ * Custom mode allows the secure boot certificate databases db, dbx, KEK, and PK to be changed without the variable
  * updates being signed. When enrolling certificates to an unconfigured system (no PK present yet) writing
  * db, dbx and KEK updates without signature works fine even in standard mode. Writing PK updates without
  * signature requires custom mode in any case.

src/core/manager.c

@@ -2375,7 +2375,7 @@ int manager_load_unit_prepare(
 
         Unit *unit = manager_get_unit(m, name);
         if (unit) {
-                /* The time-based cache allows to start new units without daemon-reload,
+                /* The time-based cache allows new units to be started without daemon-reload,
                  * but if they are already referenced (because of dependencies or ordering)
                  * then we have to force a load of the fragment. As an optimization, check
                  * first if anything in the usual paths was modified since the last time

src/core/transaction.c

@@ -964,7 +964,7 @@ int transaction_add_job_and_dependencies(
 
         if (type != JOB_STOP) {
                 r = bus_unit_validate_load_state(unit, e);
-                /* The time-based cache allows to start new units without daemon-reload, but if they are
+                /* The time-based cache allows new units to be started without daemon-reload, but if they are
                  * already referenced (because of dependencies or ordering) then we have to force a load of
                  * the fragment. As an optimization, check first if anything in the usual paths was modified
                  * since the last time the cache was loaded. Also check if the last time an attempt to load

src/core/unit.c

@@ -3186,8 +3186,8 @@ int unit_add_dependency(
         if (u->manager && FLAGS_SET(u->manager->test_run_flags, MANAGER_TEST_RUN_IGNORE_DEPENDENCIES))
                 return 0;
 
-        /* Note that ordering a device unit after a unit is permitted since it allows to start its job
-         * running timeout at a specific time. */
+        /* Note that ordering a device unit after a unit is permitted since it allows its job running
+         * timeout to be started at a specific time. */
         if (FLAGS_SET(a, UNIT_ATOM_BEFORE) && other->type == UNIT_DEVICE) {
                 log_unit_warning(u, "Dependency Before=%s ignored (.device units cannot be delayed)", other->id);
                 return 0;

src/vconsole/vconsole-setup.c

@@ -390,13 +390,11 @@ static int font_load_and_wait(const char *vc, Context *c) {
 }
 
 /*
- * A newly allocated VT uses the font from the source VT. Here
- * we update all possibly already allocated VTs with the configured
- * font. It also allows to restart systemd-vconsole-setup.service,
- * to apply a new font to all VTs.
+ * A newly allocated VT uses the font from the source VT. Here we update all possibly already allocated VTs
+ * with the configured font. It also allows systemd-vconsole-setup.service to be restarted to apply a new
+ * font to all VTs.
  *
- * We also setup per-console utf8 related stuff: kbdmode, term
- * processing, stty iutf8.
+ * We also setup per-console utf8 related stuff: kbdmode, term processing, stty iutf8.
  */
 static void setup_remaining_vcs(int src_fd, unsigned src_idx, bool utf8) {
         struct console_font_op cfo = {