svn commit: r368536 - head/lib/libc/sys

Enji Cooper ngie at FreeBSD.org
Fri Dec 11 00:26:49 UTC 2020 

Author: ngie
Date: Fri Dec 11 00:26:49 2020
New Revision: 368536
URL: https://svnweb.freebsd.org/changeset/base/368536

Log:
  cap_enter(2): fix CAVEATS section
  
  The CAVEATS section was misspelled as "CAVEAT" before this change. Fix the
  spelling to identify issues related to the section.
  
  Furthermore, given that the section order was incorrect, move the CAVEATS
  section down to the bottom of the manpage, per the conventional section
  order.
  
  MFC after:	1 week
  Reported by:	make manlint
  Sponsored by:	DellEMC Isilon

Modified:
  head/lib/libc/sys/cap_enter.2

Modified: head/lib/libc/sys/cap_enter.2
==============================================================================
--- head/lib/libc/sys/cap_enter.2	Fri Dec 11 00:25:34 2020	(r368535)
+++ head/lib/libc/sys/cap_enter.2	Fri Dec 11 00:26:49 2020	(r368536)
@@ -97,19 +97,6 @@ and
 operations of the
 .Xr procctl 2
 function for similar per-process functionality.
-.Sh CAVEAT
-Creating effective process sandboxes is a tricky process that involves
-identifying the least possible rights required by the process and then
-passing those rights into the process in a safe manner.
-Consumers of
-.Fn cap_enter
-should also be aware of other inherited rights, such as access to VM
-resources, memory contents, and other process properties that should be
-considered.
-It is advisable to use
-.Xr fexecve 2
-to create a runtime environment inside the sandbox that has as few implicitly
-acquired rights as possible.
 .Sh RETURN VALUES
 .Rv -std cap_enter cap_getmode
 .Pp
@@ -162,3 +149,16 @@ These functions and the capability facility were creat
 .An "Robert N. M. Watson"
 at the University of Cambridge Computer Laboratory with support from a grant
 from Google, Inc.
+.Sh CAVEATS
+Creating effective process sandboxes is a tricky process that involves
+identifying the least possible rights required by the process and then
+passing those rights into the process in a safe manner.
+Consumers of
+.Fn cap_enter
+should also be aware of other inherited rights, such as access to VM
+resources, memory contents, and other process properties that should be
+considered.
+It is advisable to use
+.Xr fexecve 2
+to create a runtime environment inside the sandbox that has as few implicitly
+acquired rights as possible.

More information about the svn-src-head mailing list