unsort: requested by deraadt

1 files changed, 137 insertions, 137 deletions

diff --git a/lib/libc/sys/tame.2 b/lib/libc/sys/tame.2
index 5138268b7a8..49f7936ef44 100644
--- a/lib/libc/sys/tame.2
+++ b/lib/libc/sys/tame.2
@@ -1,4 +1,4 @@
-.\" $OpenBSD: tame.2,v 1.13 2015/07/23 05:44:40 doug Exp $
+.\" $OpenBSD: tame.2,v 1.14 2015/07/28 18:12:57 jmc Exp $
 .\"
 .\" Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 23 2015 $
+.Dd $Mdocdate: July 28 2015 $
 .Dt TAME 2
 .Os
 .Sh NAME
@@ -135,93 +135,6 @@ The
 .Ar flags
 are specified as a bitwise OR of the following values:
 .Bl -tag -width TAME_TMPPATH -offset indent
-.It Dv TAME_ABORT
-Deliver an unblockable
-.Dv SIGABRT
-upon violation instead of
-.Dv SIGKILL .
-.It Dv TAME_CMSG
-Allows passing of file descriptors using the
-.Xr sendmsg 2
-and
-.Xr recvmsg 2
-functions.
-.It Dv TAME_CPATH
-A number of system calls and sub-modes are allowed, which may
-create new files or directories in the filesystem:
-.Pp
-.Xr rename 2 ,
-.Xr rmdir 2 ,
-.Xr renameat 2 ,
-.Xr link 2 ,
-.Xr linkat 2 ,
-.Xr symlink 2 ,
-.Xr unlink 2 ,
-.Xr unlinkat 2 ,
-.Xr mkdir 2 ,
-.Xr mkdirat 2 .
-.It Dv TAME_DNS
-Subsequent to a successful
-.Xr open 2
-of
-.Pa /etc/resolv.conf ,
-a few system calls become able to allow DNS network transactions:
-.Pp
-.Xr sendto 2 ,
-.Xr recvfrom 2 ,
-.Xr socket 2 ,
-.Xr connect 2 .
-.It Dv TAME_GETPW
-This allows read-only opening of files in
-.Pa /etc
-for the
-.Xr getpwnam 3 ,
-.Xr getgrnam 3 ,
-.Xr getgrouplist 3 ,
-and
-.Xr initgroups 3
-family of functions.
-They may also need to operate in a
-.Xr yp 8
-environment, so a successful
-.Xr open 2
-of
-.Pa /var/run/ypbind.lock
-enables the
-.Dv TAME_INET
-flag.
-.It Dv TAME_INET
-The following system calls are allowed to operate in the
-.Dv AF_INET
-and
-.Dv AF_INET6
-domains:
-.Pp
-.Xr socket 2 ,
-.Xr listen 2 ,
-.Xr bind 2 ,
-.Xr connect 2 ,
-.Xr accept4 2 ,
-.Xr accept 2 ,
-.Xr getpeername 2 ,
-.Xr getsockname 2 ,
-.Xr setsockopt 2 ,
-.Xr getsockopt 2 .
-.Pp
-.Xr setsockopt 2
-has been reduced in functionality substantially.
-.It Dv TAME_IOCTL
-Allows a subset of
-.Xr ioctl 2
-operations:
-.Pp
-.Dv FIOCLEX ,
-.Dv FIONCLEX ,
-.Dv FIONREAD ,
-.Dv FIONBIO ,
-.Dv FIOGETOWN ,
-.Dv TIOCGWINSZ ,
-.Dv TIOCSTI .
 .It Dv TAME_MALLOC
 To allow use of the
 .Xr malloc 3
@@ -234,35 +147,6 @@ family of functions, the following system calls are permitted:
 .Xr mprotect 2 ,
 .Xr mquery 2 ,
 .Xr munmap 2 .
-.It Dv TAME_PROC
-Allows the following process relationship operations:
-.Pp
-.Xr fork 2 ,
-.Xr vfork 2 ,
-.Xr kill 2 ,
-.Xr setgroups 2 ,
-.Xr setresgid 2 ,
-.Xr setresuid 2 ,
-.It Dv TAME_RPATH
-A number of system calls are allowed if they only cause
-read-only effects on the filesystem:
-.Pp
-.Xr chdir 2 ,
-.Xr getcwd 3 ,
-.Xr openat 2 ,
-.Xr fstatat 2 ,
-.Xr faccessat 2 ,
-.Xr readlinkat 2 ,
-.Xr lstat 2 ,
-.Xr chmod 2 ,
-.Xr fchmod 2 ,
-.Xr fchmodat 2 ,
-.Xr chflags 2 ,
-.Xr chflagsat 2 ,
-.Xr chown 2 ,
-.Xr fchown 2 ,
-.Xr fchownat 2 ,
-.Xr fstat 2 .
 .It Dv TAME_RW
 The following system calls are permitted to allow most types of IO
 operations on previously allocated file descriptors, including
@@ -310,6 +194,46 @@ and
 .Dv TAME_RW .
 As a result, all functionalities of libc
 stdio works.
+.It Dv TAME_RPATH
+A number of system calls are allowed if they only cause
+read-only effects on the filesystem:
+.Pp
+.Xr chdir 2 ,
+.Xr getcwd 3 ,
+.Xr openat 2 ,
+.Xr fstatat 2 ,
+.Xr faccessat 2 ,
+.Xr readlinkat 2 ,
+.Xr lstat 2 ,
+.Xr chmod 2 ,
+.Xr fchmod 2 ,
+.Xr fchmodat 2 ,
+.Xr chflags 2 ,
+.Xr chflagsat 2 ,
+.Xr chown 2 ,
+.Xr fchown 2 ,
+.Xr fchownat 2 ,
+.Xr fstat 2 .
+.It Dv TAME_WPATH
+A number of system calls are allowed and may cause
+write-effects on the filesystem:
+.Pp
+.Xr getcwd 3 ,
+.Xr openat 2 ,
+.Xr fstatat 2 ,
+.Xr faccessat 2 ,
+.Xr readlinkat 2 ,
+.Xr lstat 2 ,
+.Xr chmod 2 ,
+.Xr fchmod 2 ,
+.Xr fchmodat 2 ,
+.Xr chflags 2 ,
+.Xr chflagsat 2 ,
+.Xr chown 2 ,
+.Xr fchown 2 ,
+.Xr fchownat 2 ,
+.Xr fstat 2 ,
+.Xr fstat 2 .
 .It Dv TAME_TMPPATH
 A number of system calls are allowed to do operations in the
 .Pa /tmp
@@ -321,6 +245,40 @@ directory, including create, read, or write:
 .Xr chown 2 ,
 .Xr unlink 2 ,
 .Xr fstat 2 .
+.It Dv TAME_CPATH
+A number of system calls and sub-modes are allowed, which may
+create new files or directories in the filesystem:
+.Pp
+.Xr rename 2 ,
+.Xr rmdir 2 ,
+.Xr renameat 2 ,
+.Xr link 2 ,
+.Xr linkat 2 ,
+.Xr symlink 2 ,
+.Xr unlink 2 ,
+.Xr unlinkat 2 ,
+.Xr mkdir 2 ,
+.Xr mkdirat 2 .
+.It Dv TAME_INET
+The following system calls are allowed to operate in the
+.Dv AF_INET
+and
+.Dv AF_INET6
+domains:
+.Pp
+.Xr socket 2 ,
+.Xr listen 2 ,
+.Xr bind 2 ,
+.Xr connect 2 ,
+.Xr accept4 2 ,
+.Xr accept 2 ,
+.Xr getpeername 2 ,
+.Xr getsockname 2 ,
+.Xr setsockopt 2 ,
+.Xr getsockopt 2 .
+.Pp
+.Xr setsockopt 2
+has been reduced in functionality substantially.
 .It Dv TAME_UNIX
 The following system calls are allowed to operate in the
 .Dv AF_UNIX
@@ -336,26 +294,68 @@ domain:
 .Xr getsockname 2 ,
 .Xr setsockopt 2 ,
 .Xr getsockopt 2 .
-.It Dv TAME_WPATH
-A number of system calls are allowed and may cause
-write-effects on the filesystem:
+.It Dv TAME_DNS
+Subsequent to a successful
+.Xr open 2
+of
+.Pa /etc/resolv.conf ,
+a few system calls become able to allow DNS network transactions:
 .Pp
-.Xr getcwd 3 ,
-.Xr openat 2 ,
-.Xr fstatat 2 ,
-.Xr faccessat 2 ,
-.Xr readlinkat 2 ,
-.Xr lstat 2 ,
-.Xr chmod 2 ,
-.Xr fchmod 2 ,
-.Xr fchmodat 2 ,
-.Xr chflags 2 ,
-.Xr chflagsat 2 ,
-.Xr chown 2 ,
-.Xr fchown 2 ,
-.Xr fchownat 2 ,
-.Xr fstat 2 ,
-.Xr fstat 2 .
+.Xr sendto 2 ,
+.Xr recvfrom 2 ,
+.Xr socket 2 ,
+.Xr connect 2 .
+.It Dv TAME_GETPW
+This allows read-only opening of files in
+.Pa /etc
+for the
+.Xr getpwnam 3 ,
+.Xr getgrnam 3 ,
+.Xr getgrouplist 3 ,
+and
+.Xr initgroups 3
+family of functions.
+They may also need to operate in a
+.Xr yp 8
+environment, so a successful
+.Xr open 2
+of
+.Pa /var/run/ypbind.lock
+enables the
+.Dv TAME_INET
+flag.
+.It Dv TAME_CMSG
+Allows passing of file descriptors using the
+.Xr sendmsg 2
+and
+.Xr recvmsg 2
+functions.
+.It Dv TAME_IOCTL
+Allows a subset of
+.Xr ioctl 2
+operations:
+.Pp
+.Dv FIOCLEX ,
+.Dv FIONCLEX ,
+.Dv FIONREAD ,
+.Dv FIONBIO ,
+.Dv FIOGETOWN ,
+.Dv TIOCGWINSZ ,
+.Dv TIOCSTI .
+.It Dv TAME_PROC
+Allows the following process relationship operations:
+.Pp
+.Xr fork 2 ,
+.Xr vfork 2 ,
+.Xr kill 2 ,
+.Xr setgroups 2 ,
+.Xr setresgid 2 ,
+.Xr setresuid 2 ,
+.It Dv TAME_ABORT
+Deliver an unblockable
+.Dv SIGABRT
+upon violation instead of
+.Dv SIGKILL .
 .El
 .Sh RETURN VALUES
 .Rv -std