mdoc(7) police: markup overhaul.

Approved by:	re

1 files changed, 33 insertions, 19 deletions

diff --git a/share/man/man9/mac.9 b/share/man/man9/mac.9
index 1e7dfec..71a5c6e 100644
--- a/share/man/man9/mac.9
+++ b/share/man/man9/mac.9
@@ -34,8 +34,8 @@
 .\" $FreeBSD$
 .\"
 .Dd February 16, 2002
-.Os
 .Dt MAC 9
+.Os
 .Sh NAME
 .Nm mac
 .Nd TrustedBSD Mandatory Access Control framework
@@ -48,7 +48,9 @@ In the kernel configuration file:
 .Cd "options MAC_DEBUG"
 .Sh DESCRIPTION
 .Ss Introduction
-The TrustedBSD mandatory access control framework permits dynamically
+The
+.Tn TrustedBSD
+mandatory access control framework permits dynamically
 introduced system security modules to modify system security functionality.
 This can be used to support a variety of new security services, including
 traditional labeled mandatory access control models.
@@ -60,19 +62,22 @@ opportunity to modify security behavior at those MAC API entry points.
 Both consumers of the API (normal kernel services) and security modules
 must be aware of the semantics of the API calls, particularly with respect
 to synchronization primitives (such as locking).
-.Ss Note on appropriateness for production use
-The TrustedBSD MAC Framework included in
+.Ss Note on Appropriateness for Production Use
+The
+.Tn TrustedBSD
+MAC Framework included in
 .Fx 5.0
 is considered experimental, and should not be deployed in production
 environments without careful consideration of the risks associated with
 the use of experimental operating system features.
-.Ss Kernel objects supported by the framework
+.Ss Kernel Objects Supported by the Framework
 The MAC framework manages labels on a variety of types of in-kernel
 objects, including process credentials, vnodes, devfs_dirents, mount
-points, sockets, mbufs, bpf descriptors, network interfaces, ip fragment
+points, sockets, mbufs, bpf descriptors, network interfaces, IP fragment
 queues, and pipes.
-Label data on kernel objects, represented by struct label, is
-policy-unaware, and may be used in the manner seen fit by policy modules.
+Label data on kernel objects, represented by
+.Vt "struct label" ,
+is policy-unaware, and may be used in the manner seen fit by policy modules.
 .Ss API for Consumers
 The MAC API provides a large set of entry points, too broad to specifically
 document here.
@@ -102,7 +107,8 @@ API entry points, a variety of object creation and destruction calls,
 and a large set of access control check points.
 In the future, additional audit entry points will also be present.
 Module authors may choose to only implement a subset of the entry points,
-setting API function pointers in the description structure to NULL,
+setting API function pointers in the description structure to
+.Dv NULL ,
 permitting the framework to avoid calling into the module.
 .Ss Locking for Module Writers
 Module writers must be aware of the locking semantics of entry points
@@ -145,19 +151,19 @@ framework, and modifying appropriate modules to take advantage of
 the new entry points so that they may consistently enforce their
 policies.
 .Sh ENTRY POINTS
-System service and module authors should reference the FreeBSD
-Developer's Handbook for information on the MAC Framework APIs.
-.Pp
+System service and module authors should reference the
+.%T "FreeBSD Developer's Handbook"
+for information on the MAC Framework APIs.
 .Sh SEE ALSO
 .Xr acl 3 ,
 .Xr cap 3 ,
 .Xr mac 3 ,
-.Xr lomac 4 ,
 .Xr posix1e 3 ,
+.Xr lomac 4 ,
 .Xr ucred 9 ,
 .Xr vaccess 9 ,
 .Xr vaccess_acl_posix1e 9 ,
-.Xr VFS 9 ,
+.Xr VFS 9
 .Sh AUTHORS
 This man page was written by
 .An Robert Watson .
@@ -165,10 +171,14 @@ This software was contributed to the
 .Fx
 Project by Network Associates Laboratories, the Security Research
 Division of Network Associates Inc. under DARPA/SPAWAR contract
-N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research program.
+N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
 .Pp
 .An -nosplit
-The TrustedBSD MAC Framework was designed by
+The
+.Tn TrustedBSD
+MAC Framework was designed by
 .An Robert Watson ,
 and implemented by the Network Associates Laboratories Network Security
 (NETSEC), Secure Execution Environement (SEE), and Adaptive
@@ -200,12 +210,16 @@ Additional contributors include:
 and
 .An Andrew Reiter .
 .Sh HISTORY
-The TrustedBSD MAC Framework first appeared in
-.Fx 5.0
+The
+.Tn TrustedBSD
+MAC Framework first appeared in
+.Fx 5.0 .
 .Sh BUGS
 See the earlier section in this document concerning appropriateness
 for production use.
-The TrustedBSD MAC Framework is considered experimental in
+The
+.Tn TrustedBSD
+MAC Framework is considered experimental in
 .Fx .
 .Pp
 While the MAC Framework design is intended to support the containment of