Fix formatting change date

blog/2017/10/23/seccomp-and-you/index.markdown

@@ -55,7 +55,7 @@ means allowing time(), and similar calls, and sleep() along with Time::HiRes.
   - ruby_timer_thread
     This one is a special ruby specific profile.  It allows ruby to create a thread that
 it uses internally, and only allows that thread creation with a specific set of flags,
-CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID
+`CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID`
 This prevents it from doing arbitrary fork() calls, while still allowing the interpreter
 to run.  It also allows for pipe2 to be called to create communication between the two
 threads.
@@ -81,13 +81,14 @@ There's also some other profiles like ruby_timer_thread specifically for allowin
 to do similar things to ruby (create a thread, use epoll, etc.).
 
 
-=== Handling flags to syscalls
+Handling flags to syscalls
+==========================
 
 The way the rules are defined allow syscalls like open() to not need special handling.
 Since many syscalls can take flags, it's useful to be able to limit the flags they can
 take.
 
-  {syscall => 'openat', permute_rules => [['2', '==', \'open_modes']]},
+    {syscall => 'openat', permute_rules => [['2', '==', \'open_modes']]},
 
 Inside A::ESA::Seccomp you can define a syscall like the above, to take a set of
 automatically generated rules from a permutation.  In this cases it's called 'open_modes'.