diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index a28a789b638..dddb3c57472 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1763,7 +1763,7 @@ static int verify_arguments(void) {
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid namespacing settings. Mounting sysfs with --private-users requires --private-network.");
 
         if (arg_userns_mode != USER_NAMESPACE_NO && !(arg_mount_settings & MOUNT_APPLY_APIVFS_RO))
-                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot combine --private-users with read-write mounts.");
+                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot combine --private-users with read-write API VFS mounts.");
 
         if (arg_expose_ports && !arg_private_network)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot use --port= without private networking.");
@@ -2579,10 +2579,9 @@ static int setup_credentials(const char *root) {
                 if (fchmod(fd, world_readable ? 0444 : 0400) < 0)
                         return log_error_errno(errno, "Failed to adjust access mode of %s: %m", j);
 
-                if (arg_userns_mode != USER_NAMESPACE_NO) {
+                if (arg_userns_mode != USER_NAMESPACE_NO)
                         if (fchown(fd, arg_uid_shift, arg_uid_shift) < 0)
                                 return log_error_errno(errno, "Failed to adjust ownership of %s: %m", j);
-                }
         }
 
         if (chmod(q, world_readable ? 0555 : 0500) < 0)
@@ -3448,10 +3447,9 @@ static int inner_child(
         if (!arg_network_namespace_path && arg_private_network) {
                 _cleanup_close_ int netns_fd = -EBADF;
 
-                if (arg_privileged) {
+                if (arg_privileged)
                         if (unshare(CLONE_NEWNET) < 0)
                                 return log_error_errno(errno, "Failed to unshare network namespace: %m");
-                }
 
                 netns_fd = namespace_open_by_type(NAMESPACE_NET);
                 if (netns_fd < 0)
@@ -3710,7 +3708,7 @@ static int inner_child(
                         return log_error_errno(errno, "Failed to acquire controlling TTY: %m");
         }
 
-        log_debug("Inner child completed, invoking payload.");
+        log_debug("Inner child finished, invoking payload.");
 
         /* Now, explicitly close the log, so that we then can close all remaining fds. Closing the log explicitly first
          * has the benefit that the logging subsystem knows about it, and is thus ready to be reopened should we need
@@ -5088,7 +5086,7 @@ static int load_settings(void) {
                 return 0;
 
         /* We first look in the admin's directories in /etc and /run */
-        if (arg_privileged) {
+        if (arg_privileged)
                 FOREACH_STRING(i, "/etc/systemd/nspawn", "/run/systemd/nspawn") {
                         _cleanup_free_ char *j = NULL;
 
@@ -5110,7 +5108,6 @@ static int load_settings(void) {
                         if (errno != ENOENT)
                                 return log_error_errno(errno, "Failed to open %s: %m", j);
                 }
-        }
 
         if (!f) {
                 /* After that, let's look for a file next to the