diff --git a/listeners/listeners.go b/listeners/listeners.go
index 8150ba0..7823054 100644
--- a/listeners/listeners.go
+++ b/listeners/listeners.go
@@ -10,6 +10,8 @@ import (
 
 func initTCPSocket(addr string, tlsConfig *tls.Config) (l net.Listener, err error) {
 	if tlsConfig == nil || tlsConfig.ClientAuth != tls.RequireAndVerifyClientCert {
+		// TODO: Move this outside pkg/listeners since it's Docker-specific.
+		//       ... and slightly scary.
 		logrus.Warn("/!\\ DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\")
 	}
 	if l, err = sockets.NewTCPSocket(addr, tlsConfig); err != nil {
diff --git a/listeners/listeners_unix.go b/listeners/listeners_unix.go
index 732565a..29dd8c6 100644
--- a/listeners/listeners_unix.go
+++ b/listeners/listeners_unix.go
@@ -35,7 +35,7 @@ func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) (ls []net.List
 		}
 		ls = append(ls, l)
 	default:
-		return nil, fmt.Errorf("Invalid protocol format: %q", proto)
+		return nil, fmt.Errorf("invalid protocol format: %q", proto)
 	}
 
 	return
@@ -59,7 +59,7 @@ func listenFD(addr string, tlsConfig *tls.Config) ([]net.Listener, error) {
 	}
 
 	if len(listeners) == 0 {
-		return nil, fmt.Errorf("No sockets found. Make sure the docker daemon was started by systemd.")
+		return nil, fmt.Errorf("no sockets found via socket activation: make sure the service was started by systemd")
 	}
 
 	// default to all fds just like unix:// and tcp://
@@ -69,21 +69,22 @@ func listenFD(addr string, tlsConfig *tls.Config) ([]net.Listener, error) {
 
 	fdNum, err := strconv.Atoi(addr)
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse systemd address, should be number: %v", err)
+		return nil, fmt.Errorf("failed to parse systemd fd address: should be a number: %v", addr)
 	}
 	fdOffset := fdNum - 3
 	if len(listeners) < int(fdOffset)+1 {
-		return nil, fmt.Errorf("Too few socket activated files passed in")
+		return nil, fmt.Errorf("too few socket activated files passed in by systemd")
 	}
 	if listeners[fdOffset] == nil {
-		return nil, fmt.Errorf("failed to listen on systemd activated file at fd %d", fdOffset+3)
+		return nil, fmt.Errorf("failed to listen on systemd activated file: fd %d", fdOffset+3)
 	}
 	for i, ls := range listeners {
 		if i == fdOffset || ls == nil {
 			continue
 		}
 		if err := ls.Close(); err != nil {
-			logrus.Errorf("Failed to close systemd activated file at fd %d: %v", fdOffset+3, err)
+			// TODO: We shouldn't log inside a library. Remove this or error out.
+			logrus.Errorf("failed to close systemd activated file: fd %d: %v", fdOffset+3, err)
 		}
 	}
 	return []net.Listener{listeners[fdOffset]}, nil
@@ -91,6 +92,8 @@ func listenFD(addr string, tlsConfig *tls.Config) ([]net.Listener, error) {
 
 // allocateDaemonPort ensures that there are no containers
 // that try to use any port allocated for the docker server.
+// TODO: Move this outside pkg/listeners since it's Docker-specific, and requires
+//       libnetwork which increases the dependency tree quite drastically.
 func allocateDaemonPort(addr string) error {
 	host, port, err := net.SplitHostPort(addr)
 	if err != nil {
diff --git a/listeners/listeners_windows.go b/listeners/listeners_windows.go
index ae862fc..2099c0e 100644
--- a/listeners/listeners_windows.go
+++ b/listeners/listeners_windows.go
@@ -2,7 +2,6 @@ package listeners
 
 import (
 	"crypto/tls"
-	"errors"
 	"fmt"
 	"net"
 	"strings"
@@ -45,7 +44,7 @@ func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) (ls []net.List
 		ls = append(ls, l)
 
 	default:
-		return nil, errors.New("Invalid protocol format. Windows only supports tcp and npipe.")
+		return nil, fmt.Errorf("invalid protocol format: windows only supports tcp and npipe")
 	}
 
 	return