git: 674f15c3d5fa - stable/12 - cap_enter(2): fix CAVEATS section

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Enji Cooper <ngie_at_FreeBSD.org>
Date: Mon, 11 Apr 2022 01:19:59 UTC
The branch stable/12 has been updated by ngie:

URL: https://cgit.FreeBSD.org/src/commit/?id=674f15c3d5fa2c7905478e6f02b072ccbf3aba47

commit 674f15c3d5fa2c7905478e6f02b072ccbf3aba47
Author:     Enji Cooper <ngie@FreeBSD.org>
AuthorDate: 2020-12-11 00:26:49 +0000
Commit:     Enji Cooper <ngie@FreeBSD.org>
CommitDate: 2022-04-11 01:19:50 +0000

    cap_enter(2): fix CAVEATS section
    
    The CAVEATS section was misspelled as "CAVEAT" before this change. Fix the
    spelling to identify issues related to the section.
    
    Furthermore, given that the section order was incorrect, move the CAVEATS
    section down to the bottom of the manpage, per the conventional section
    order.
    
    MFC after:      1 week
    Reported by:    make manlint
    Sponsored by:   DellEMC Isilon
    
    (cherry picked from commit 20daf0ca6ea8ac82fa3a88f1d5e68507773c9644)
---
 lib/libc/sys/cap_enter.2 | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/lib/libc/sys/cap_enter.2 b/lib/libc/sys/cap_enter.2
index 7051a96266b9..428e0b0bcd09 100644
--- a/lib/libc/sys/cap_enter.2
+++ b/lib/libc/sys/cap_enter.2
@@ -97,19 +97,6 @@ and
 operations of the
 .Xr procctl 2
 function for similar per-process functionality.
-.Sh CAVEAT
-Creating effective process sandboxes is a tricky process that involves
-identifying the least possible rights required by the process and then
-passing those rights into the process in a safe manner.
-Consumers of
-.Fn cap_enter
-should also be aware of other inherited rights, such as access to VM
-resources, memory contents, and other process properties that should be
-considered.
-It is advisable to use
-.Xr fexecve 2
-to create a runtime environment inside the sandbox that has as few implicitly
-acquired rights as possible.
 .Sh RETURN VALUES
 .Rv -std cap_enter cap_getmode
 .Pp
@@ -162,3 +149,16 @@ These functions and the capability facility were created by
 .An "Robert N. M. Watson"
 at the University of Cambridge Computer Laboratory with support from a grant
 from Google, Inc.
+.Sh CAVEATS
+Creating effective process sandboxes is a tricky process that involves
+identifying the least possible rights required by the process and then
+passing those rights into the process in a safe manner.
+Consumers of
+.Fn cap_enter
+should also be aware of other inherited rights, such as access to VM
+resources, memory contents, and other process properties that should be
+considered.
+It is advisable to use
+.Xr fexecve 2
+to create a runtime environment inside the sandbox that has as few implicitly
+acquired rights as possible.