diff --git a/engine/security/rootless.md b/engine/security/rootless.md
index cf70144b20..543c3e0f6f 100644
--- a/engine/security/rootless.md
+++ b/engine/security/rootless.md
@@ -316,7 +316,7 @@ Or add `net.ipv4.ip_unprivileged_port_start=0` to `/etc/sysctl.conf` (or
 ### Limiting resources
 
 In Docker 19.03, rootless mode ignores cgroup-related `docker run` flags such as
-`--cpus`, `--memory`, --pids-limit`.
+`--cpus`, `--memory`, `--pids-limit`.
 
 However, you can still use the traditional `ulimit` and [`cpulimit`](https://github.com/opsengine/cpulimit),
 though they work in process-granularity rather than in container-granularity,