Use a single-font-style macro (".B", ".I") for a single argument. Remove unneeded quotation marks ("). The output from "nroff" and "groff" is unchanged, except that some '"' are now printed in regular style. Signed-off-by: Bjarni Ingi Gislason <bjarniig@xxxxxxxxx> --- man7/tcp.7 | 10 +++--- man7/time.7 | 4 +-- man7/udp.7 | 2 +- man7/udplite.7 | 4 +-- man7/unicode.7 | 2 +- man7/unix.7 | 32 ++++++++--------- man7/user_namespaces.7 | 82 +++++++++++++++++++++--------------------- man7/vdso.7 | 2 +- man7/xattr.7 | 4 +-- 9 files changed, 71 insertions(+), 71 deletions(-) diff --git a/man7/tcp.7 b/man7/tcp.7 index 643f5b2df..4c8522263 100644 --- a/man7/tcp.7 +++ b/man7/tcp.7 @@ -1005,13 +1005,13 @@ The argument for this option is a string. This option allows the caller to set the TCP congestion control algorithm to be used, on a per-socket basis. Unprivileged processes are restricted to choosing one of the algorithms in -.IR tcp_allowed_congestion_control +.I tcp_allowed_congestion_control (described above). Privileged processes .RB ( CAP_NET_ADMIN ) can choose from any of the available congestion-control algorithms (see the description of -.IR tcp_available_congestion_control +.I tcp_available_congestion_control above). .TP .BR TCP_CORK " (since Linux 2.2)" @@ -1136,7 +1136,7 @@ This option should not be used in code intended to be portable. .\" commit message. .\" This option takes an -.IR "unsigned int" +.I unsigned int as an argument. When the value is greater than 0, it specifies the maximum amount of time in milliseconds that transmitted @@ -1213,9 +1213,9 @@ argument of This flag causes the received bytes of data to be discarded, rather than passed back in a caller-supplied buffer. Since Linux 2.4.4, -.BR MSG_TRUNC +.B MSG_TRUNC also has this effect when used in conjunction with -.BR MSG_OOB +.B MSG_OOB to receive out-of-band data. .SS Ioctls The following diff --git a/man7/time.7 b/man7/time.7 index 8b99bc278..026c66017 100644 --- a/man7/time.7 +++ b/man7/time.7 @@ -129,10 +129,10 @@ UNIX systems represent time in seconds since the 1970-01-01 00:00:00 +0000 (UTC). .PP A program can determine the -.I "calendar time" +.I calendar time via the .BR clock_gettime (2) -.BR CLOCK_REALTIME +.B CLOCK_REALTIME clock, which returns time (in seconds and nanoseconds) that have elapsed since the Epoch; diff --git a/man7/udp.7 b/man7/udp.7 index bfbea29c3..7ac133304 100644 --- a/man7/udp.7 +++ b/man7/udp.7 @@ -151,7 +151,7 @@ this number, UDP starts to moderate memory usage. .TP .I pressure This value was introduced to follow the format of -.IR tcp_mem +.I tcp_mem (see .BR tcp (7)). .TP diff --git a/man7/udplite.7 b/man7/udplite.7 index f5b36f9ea..aee3ef294 100644 --- a/man7/udplite.7 +++ b/man7/udplite.7 @@ -80,7 +80,7 @@ for more information. .PP The following two options are specific to UDP-Lite. .TP -.BR UDPLITE_SEND_CSCOV +.B UDPLITE_SEND_CSCOV This option sets the sender checksum coverage and takes an .I int as argument, with a checksum coverage value in the range 0..2^16-1. @@ -95,7 +95,7 @@ Higher values are therefore silently truncated to 2^16-1. If in doubt, the current coverage value can always be queried using .BR getsockopt (2). .TP -.BR UDPLITE_RECV_CSCOV +.B UDPLITE_RECV_CSCOV This is the receiver-side analogue and uses the same argument format and value range as .BR UDPLITE_SEND_CSCOV . diff --git a/man7/unicode.7 b/man7/unicode.7 index 1cd224118..ba968e172 100644 --- a/man7/unicode.7 +++ b/man7/unicode.7 @@ -74,7 +74,7 @@ positions, one for each character. Part 1 of the standard (ISO 10646-1) defines the first 65534 code positions (0x0000 to 0xfffd), which form the -.IR "Basic Multilingual Plane" +.I Basic Multilingual Plane (BMP), that is plane 0 in group 0. Part 2 of the standard (ISO 10646-2) adds characters to group 0 outside the BMP in several diff --git a/man7/unix.7 b/man7/unix.7 index ee57c4a06..8d41878b3 100644 --- a/man7/unix.7 +++ b/man7/unix.7 @@ -141,11 +141,11 @@ should not be inspected. .IR abstract : an abstract socket address is distinguished (from a pathname socket) by the fact that -.IR sun_path[0] +.I sun_path[0] is a null byte (\(aq\\0\(aq). The socket's address in this namespace is given by the additional bytes in -.IR sun_path +.I sun_path that are covered by the specified length of the address structure. (Null bytes in the name have no special significance.) The name has no connection with filesystem pathnames. @@ -153,10 +153,10 @@ When the address of an abstract socket is returned, the returned .I addrlen is greater than -.IR "sizeof(sa_family_t)" +.I sizeof(sa_family_t) (i.e., greater than 2), and the name of the socket is contained in the first -.IR "(addrlen \- sizeof(sa_family_t))" +.I (addrlen \- sizeof(sa_family_t)) bytes of .IR sun_path . .SS Pathname sockets @@ -303,7 +303,7 @@ is an integer boolean flag. .B SO_PASSSEC Enables receiving of the SELinux security label of the peer socket in an ancillary message of type -.BR SCM_SECURITY +.B SCM_SECURITY (see below). .IP The value given as an argument to @@ -321,7 +321,7 @@ support for UNIX domain stream sockets was added .\" commit 37a9a8df8ce9de6ea73349c9ac8bdf6ba4ec4f70 in Linux 4.2. .TP -.BR SO_PEEK_OFF +.B SO_PEEK_OFF See .BR socket (7). .TP @@ -359,7 +359,7 @@ as .IR sizeof(sa_family_t) , .\" i.e., sizeof(short) or the -.BR SO_PASSCRED +.B SO_PASSCRED socket option was specified for a socket that was not explicitly bound to an address, then the socket is autobound to an abstract address. @@ -453,13 +453,13 @@ and the excess file descriptors are automatically closed in the receiving process. .IP The kernel constant -.BR SCM_MAX_FD +.B SCM_MAX_FD defines a limit on the number of file descriptors in the array. Attempting to send an array larger than this limit causes .BR sendmsg (2) to fail with the error .BR EINVAL . -.BR SCM_MAX_FD +.B SCM_MAX_FD has the value 253 (or 255 in kernels .\" commit bba14de98753cb6599a2dae0e520714b2153522d @@ -514,7 +514,7 @@ of the peer socket. The received ancillary data is a null-terminated string containing the security context. The receiver should allocate at least -.BR NAME_MAX +.B NAME_MAX bytes in the data portion of the ancillary message for this data. .IP To receive the security context, the @@ -563,7 +563,7 @@ The next call will receive the remaining five bytes of data. If the space allocated for receiving incoming ancillary data is too small then the ancillary data is truncated to the number of headers that will fit in the supplied buffer (or, in the case of an -.BR SCM_RIGHTS +.B SCM_RIGHTS file descriptor list, the list of file descriptors may be truncated). If no buffer is provided for incoming ancillary data (i.e., the .I msg_control @@ -574,7 +574,7 @@ structure supplied to is NULL), then the incoming ancillary data is discarded. In both of these cases, the -.BR MSG_CTRUNC +.B MSG_CTRUNC flag will be set in the .I msg.msg_flags value returned by @@ -722,7 +722,7 @@ above). It occurs if the number of "in-flight" file descriptors exceeds the .B RLIMIT_NOFILE resource limit and the caller does not have the -.BR CAP_SYS_RESOURCE +.B CAP_SYS_RESOURCE capability. An in-flight file descriptor is one that has been sent using .BR sendmsg (2) @@ -759,7 +759,7 @@ at any time and will be finally removed from the filesystem when the last reference to it is closed. .PP To pass file descriptors or credentials over a -.BR SOCK_STREAM +.B SOCK_STREAM socket, you must to send or receive at least one byte of nonancillary data in the same .BR sendmsg (2) @@ -807,7 +807,7 @@ there is no null terminator in .PP Applications that retrieve socket addresses can (portably) code to handle the possibility that there is no null terminator in -.IR sun_path +.I sun_path by respecting the fact that the number of valid bytes in the pathname is: .PP strnlen(addr.sun_path, addrlen \- offsetof(sockaddr_un, sun_path)) @@ -1131,7 +1131,7 @@ main(int argc, char *argv[]) .EE .PP For an example of the use of -.BR SCM_RIGHTS +.B SCM_RIGHTS see .BR cmsg (3). .SH SEE ALSO diff --git a/man7/user_namespaces.7 b/man7/user_namespaces.7 index e377e1bf0..256439b33 100644 --- a/man7/user_namespaces.7 +++ b/man7/user_namespaces.7 @@ -64,7 +64,7 @@ of the process that creates the user namespace via a call to or .BR clone (2) with the -.BR CLONE_NEWUSER +.B CLONE_NEWUSER flag. .PP The kernel imposes (since version 3.11) a limit of 32 nested levels of @@ -84,12 +84,12 @@ A process created via or .BR clone (2) without the -.BR CLONE_NEWUSER +.B CLONE_NEWUSER flag is a member of the same user namespace as its parent. A single-threaded process can join another user namespace with .BR setns (2) if it has the -.BR CAP_SYS_ADMIN +.B CAP_SYS_ADMIN in that namespace; upon doing so, it gains a full set of capabilities in that namespace. .PP @@ -98,7 +98,7 @@ A call to or .BR unshare (2) with the -.BR CLONE_NEWUSER +.B CLONE_NEWUSER flag makes the new child process (for .BR clone (2)) or the caller (for @@ -106,7 +106,7 @@ or the caller (for a member of the new user namespace created by the call. .PP The -.BR NS_GET_PARENT +.B NS_GET_PARENT .BR ioctl (2) operation can be used to discover the parental relationship between user namespaces; see @@ -118,7 +118,7 @@ between user namespaces; see The child process created by .BR clone (2) with the -.BR CLONE_NEWUSER +.B CLONE_NEWUSER flag starts out with a complete set of capabilities in the new user namespace. Likewise, a process that creates a new user namespace using @@ -153,7 +153,7 @@ A call to or .BR setns (2) using the -.BR CLONE_NEWUSER +.B CLONE_NEWUSER flag sets the "securebits" flags (see .BR capabilities (7)) @@ -252,25 +252,25 @@ and mount the following types of filesystems: .RS 4 .PD 0 .IP * 2 -.IR /proc +.I /proc (since Linux 3.8) .IP * -.IR /sys +.I /sys (since Linux 3.8) .IP * -.IR devpts +.I devpts (since Linux 3.9) .IP * .BR tmpfs (5) (since Linux 3.9) .IP * -.IR ramfs +.I ramfs (since Linux 3.9) .IP * -.IR mqueue +.I mqueue (since Linux 3.9) .IP * -.IR bpf +.I bpf .\" commit b2197755b2633e164a439682fb05a9b5ea48f706 (since Linux 4.4) .PD @@ -283,7 +283,7 @@ allows (since Linux 4.6) that process to the mount the cgroup version 2 filesystem and cgroup version 1 named hierarchies (i.e., cgroup filesystems mounted with the -.BR """none,name=""" +.RB """" none,name= """" option). .PP Holding @@ -296,7 +296,7 @@ filesystems. .PP Note however, that mounting block-based filesystems can be done only by a process that holds -.BR CAP_SYS_ADMIN +.B CAP_SYS_ADMIN in the initial user namespace. .\" .\" ============================================================ @@ -314,7 +314,7 @@ Actions on the nonuser namespace require capabilities in the corresponding user namespace. .PP If -.BR CLONE_NEWUSER +.B CLONE_NEWUSER is specified along with other .B CLONE_NEW* flags in a single @@ -353,7 +353,7 @@ required capability in that user namespace. .PP The -.BR NS_GET_USERNS +.B NS_GET_USERNS .BR ioctl (2) operation can be used to discover the user namespace that owns a nonuser namespace; see @@ -366,9 +366,9 @@ When a user namespace is created, it starts out without a mapping of user IDs (group IDs) to the parent user namespace. The -.IR /proc/[pid]/uid_map +.I /proc/[pid]/uid_map and -.IR /proc/[pid]/gid_map +.I /proc/[pid]/gid_map files (available since Linux 3.5) .\" commit 22d917d80e842829d0ca0a561967d728eb1d6303 expose the mappings for user and group IDs @@ -379,7 +379,7 @@ written to (once) to define the mappings. .PP The description in the following paragraphs explains the details for .IR uid_map ; -.IR gid_map +.I gid_map is exactly the same, but each instance of "user ID" is replaced by "group ID". .PP @@ -387,9 +387,9 @@ The .I uid_map file exposes the mapping of user IDs from the user namespace of the process -.IR pid +.I pid to the user namespace of the process that opened -.IR uid_map +.I uid_map (but see a qualification to this point below). In other words, processes that are in different user namespaces will potentially see different values when reading from a particular @@ -418,7 +418,7 @@ IDs to which the user IDs specified by field one map. How field two is interpreted depends on whether the process that opened .I uid_map and the process -.IR pid +.I pid are in the same user namespace, as follows: .RS .IP a) 3 @@ -479,12 +479,12 @@ maps to a range starting at 0 in the (nonexistent) parent namespace, and the length of the range is the largest 32-bit unsigned integer. This leaves 4294967295 (the 32-bit signed \-1 value) unmapped. This is deliberate: -.IR "(uid_t)\ \-1" +.I (uid_t)\ \-1 is used in several interfaces (e.g., .BR setreuid (2)) as a way to specify "no user ID". Leaving -.IR "(uid_t)\ \-1" +.I (uid_t)\ \-1 unmapped and unusable guarantees that there will be no confusion when using these interfaces. .\" @@ -508,7 +508,7 @@ Similar rules apply for files. .PP The lines written to -.IR uid_map +.I uid_map .RI ( gid_map ) must conform to the following rules: .IP * 3 @@ -556,7 +556,7 @@ In order for a process to write to the file, all of the following requirements must be met: .IP 1. 3 The writing process must have the -.BR CAP_SETUID +.B CAP_SETUID .RB ( CAP_SETGID ) capability in the user namespace of the process .IR pid . @@ -572,9 +572,9 @@ in the parent user namespace. One of the following two cases applies: .RS .IP * 3 -.IR Either +.I Either the writing process has the -.BR CAP_SETUID +.B CAP_SETUID .RB ( CAP_SETGID ) capability in the .I parent @@ -586,7 +586,7 @@ the process can make mappings to arbitrary user IDs (group IDs) in the parent user namespace. .RE .IP * 3 -.IR Or +.I Or otherwise all of the following restrictions apply: .RS .IP + 3 @@ -662,7 +662,7 @@ will permanently disable in a user namespace and allow writing to .I /proc/[pid]/gid_map without having the -.BR CAP_SETGID +.B CAP_SETGID capability in the parent user namespace. .\" .\" ============================================================ @@ -692,11 +692,11 @@ Note that regardless of the value in the file (and regardless of the process's capabilities), calls to .BR setgroups (2) are also not permitted if -.IR /proc/[pid]/gid_map +.I /proc/[pid]/gid_map has not yet been set. .PP A privileged process (one with the -.BR CAP_SYS_ADMIN +.B CAP_SYS_ADMIN capability in the namespace) may write either of the strings .RI \(dq allow \(dq or @@ -734,7 +734,7 @@ The default value of this file in the initial user namespace is .RI \(dq allow \(dq. .PP Once -.IR /proc/[pid]/gid_map +.I /proc/[pid]/gid_map has been written to (which has the effect of enabling .BR setgroups (2) @@ -744,12 +744,12 @@ it is no longer possible to disallow by writing .RI \(dq deny \(dq to -.IR /proc/[pid]/setgroups +.I /proc/[pid]/setgroups (the write fails with the error .BR EPERM ). .PP A child user namespace inherits the -.IR /proc/[pid]/setgroups +.I /proc/[pid]/setgroups setting from its parent. .PP If the @@ -778,7 +778,7 @@ This means that dropping groups using might allow a process file access that it did not formerly have. Before the existence of user namespaces this was not a concern, since only a privileged process (one with the -.BR CAP_SETGID +.B CAP_SETGID capability) could call .BR setgroups (2). However, with the introduction of user namespaces, @@ -819,9 +819,9 @@ In most such cases, an unmapped user ID is converted to the overflow user ID (group ID); the default value for the overflow user ID (group ID) is 65534. See the descriptions of -.IR /proc/sys/kernel/overflowuid +.I /proc/sys/kernel/overflowuid and -.IR /proc/sys/kernel/overflowgid +.I /proc/sys/kernel/overflowgid in .BR proc (5). .PP @@ -839,7 +839,7 @@ and the System V IPC "ctl" .B IPC_STAT operations, credentials exposed by -.IR /proc/[pid]/status +.I /proc/[pid]/status and the files in .IR /proc/sysvipc/* , credentials returned via the @@ -881,7 +881,7 @@ the new program is executed, but the process's effective user (group) ID is left unchanged. (This mirrors the semantics of executing a set-user-ID or set-group-ID program that resides on a filesystem that was mounted with the -.BR MS_NOSUID +.B MS_NOSUID flag, as described in .BR mount (2).) .\" diff --git a/man7/vdso.7 b/man7/vdso.7 index 8375df527..025ac1c56 100644 --- a/man7/vdso.7 +++ b/man7/vdso.7 @@ -99,7 +99,7 @@ tag. This is used only for locating the vsyscall entry point and is frequently omitted or set to 0 (meaning it's not available). This tag is a throwback to the initial vDSO work (see -.IR History +.I History below) and its use should be avoided. .SS File format Since the vDSO is a fully formed ELF image, you can do symbol lookups on it. diff --git a/man7/xattr.7 b/man7/xattr.7 index 5b0a56a1f..5a62642dd 100644 --- a/man7/xattr.7 +++ b/man7/xattr.7 @@ -60,7 +60,7 @@ of the file owner and file group. .SS Extended attribute namespaces Attribute names are null-terminated strings. The attribute name is always specified in the fully qualified -.IR namespace.attribute +.I namespace.attribute form, for example, .IR user.mime_type , .IR trusted.md5sum , @@ -80,7 +80,7 @@ Currently, the .IR system , .IR trusted , and -.IR user +.I user extended attribute classes are defined as described below. Additional classes may be added in the future. .SS Extended security attributes -- 2.20.1