docs: bring five more man pages closer to standard formatting

Also, for renice, adapt the descriptions to the behaviour: the -g,
-p and -u options do not actually need to be followed by any ID.

Signed-off-by: Benno Schulenberg <bensberg@justemail.net>

1 files changed, 49 insertions, 43 deletions

diff --git a/sys-utils/setpriv.1 b/sys-utils/setpriv.1
index 62467ad6b..f627aeb47 100644
--- a/sys-utils/setpriv.1
+++ b/sys-utils/setpriv.1
@@ -1,10 +1,10 @@
-.TH SETPRIV 1 "January 2013" "util-linux" "User Commands"
+.TH SETPRIV 1 "July 2014" "util-linux" "User Commands"
 .SH NAME
 setpriv \- run a program with different Linux privilege settings
 .SH SYNOPSIS
 .B setpriv
-.RI [ options ]
-program
+[options]
+.I program
 .RI [ arguments ]
 .SH DESCRIPTION
 Sets or queries various Linux privilege settings that are inherited across
@@ -12,50 +12,50 @@ Sets or queries various Linux privilege settings that are inherited across
 .SH OPTION
 .TP
 \fB\-d\fR, \fB\-\-dump\fR
-Dumps current privilege state.  Specify more than once to show extra, mostly
-useless, information.  Incompatible with all other options.
+Dump current privilege state.  Can be specified more than once to show extra,
+mostly useless, information.  Incompatible with all other options.
 .TP
 \fB\-\-no\-new\-privs\fR
-Sets the
-.I no_\:new_\:privs
+Set the
+.I no_new_privs
 bit.  With this bit set,
 .BR execve (2)
 will not grant new privileges.  For example, the setuid and setgid bits as well
 as file capabilities will be disabled.  (Executing binaries with these bits set
-will still work, but they will not gain privilege.  Certain LSMs, especially
-AppArmor, may result in failures to execute certain programs.) This bit is
+will still work, but they will not gain privileges.  Certain LSMs, especially
+AppArmor, may result in failures to execute certain programs.)  This bit is
 inherited by child processes and cannot be unset.  See
 .BR prctl (2)
 and
 .IR Documentation/\:prctl/\:no_\:new_\:privs.txt
 in the Linux kernel source.
 .IP
-The no_\:new_\:privs bit is supported since Linux 3.5.
+The no_new_privs bit is supported since Linux 3.5.
 .TP
-\fB\-\-inh\-caps\fR \fI(+|\-)cap\fR,\fI...\fR or \fB\-\-bounding\-set\fR \fI(+|\-)cap\fR,\fI...\fR
-Sets inheritable capabilities or capability bounding set.  See
+.B \-\-inh\-caps \fR(\fB+\fR|\fB\-\fR)\fIcap\fR... or \fB\-\-bounding\-set \fR(\fB+\fR|\fB\-\fR)\fIcap\fR...
+Set the inheritable capabilities or the capability bounding set.  See
 .BR capabilities (7).
 The argument is a comma-separated list of
-.I +cap
+.BI + cap
 and
-.I \-cap
+.BI \- cap
 entries, which add or remove an entry respectively.
-.I +all
+.B +all
 and
-.I \-all
+.B \-all
 can be used to add or remove all caps.  The set of capabilities starts out as
 the current inheritable set for
-.B \-\-\:inh\-\:caps
+.B \-\-inh\-caps
 and the current bounding set for
-.BR \-\-\:bounding\-\:set .
+.BR \-\-bounding\-set .
 If you drop something from the bounding set without also dropping it from the
 inheritable set, you are likely to become confused.  Do not do that.
 .TP
 .BR \-\-list\-caps
-Lists all known capabilities.  Must be specified alone.
+List all known capabilities.  This option must be specified alone.
 .TP
 \fB\-\-ruid\fR \fIuid\fR, \fB\-\-euid\fR \fIuid\fR, \fB\-\-reuid\fR \fIuid\fR
-Sets the real, effective, or both \fIuid\fRs.  The uid argument can be
+Set the real, effective, or both uids.  The \fIuid\fR argument can be
 given as textual login name.
 .IP
 Setting
@@ -66,53 +66,59 @@ does not change capabilities, although the exec call at the end might change
 capabilities.  This means that, if you are root, you probably want to do
 something like:
 .IP
-\-\-reuid=1000 \-\-\:regid=1000 \-\-\:caps=\-\:all
+\-\-reuid=1000 \-\-regid=1000 \-\-caps=\-all
 .TP
 \fB\-\-rgid\fR \fIgid\fR, \fB\-\-egid\fR \fIgid\fR, \fB\-\-regid\fR \fIgid\fR
-Sets the real, effective, or both \fIgid\fRs.  The gid argument can be
+Set the real, effective, or both gids.  The \fIgid\fR argument can be
 given as textual group name.
 .IP
-For safety, you must specify one of \-\-\:keep\-\:groups,
-\-\-\:clear\-\:groups, or \-\-\:groups if you set any primary
+For safety, you must specify one of
+.BR \-\-keep\-groups ,
+.BR \-\-clear\-groups ", or"
+.B \-\-groups
+if you set any primary
 .IR gid .
 .TP
-.BR \-\-clear\-groups
-Clears supplementary groups.
+.B \-\-clear\-groups
+Clear supplementary groups.
 .TP
-\fB\-\-keep\-groups\fR
-Preserves supplementary groups.  Only useful in conjunction with \-\-rgid,
-\-\-egid, or \-\-regid.
+.B \-\-keep\-groups
+Preserve supplementary groups.  Only useful in conjunction with
+.BR \-\-rgid ,
+.BR \-\-egid ", or"
+.BR \-\-regid .
 .TP
-\fB\-\-groups\fR \fIgroup\fR,\fI...\fR
-Sets supplementary groups.
+.B \-\-groups \fIgroup\fR...
+Set supplementary groups.  The argument is a comma-separated list.
 .TP
-\fB\-\-securebits\fR \fI(+|\-)securebit\fR,\fI...\fR
-Sets or clears securebits.  The valid securebits are
+.B \-\-securebits \fR(\fB+\fR|\fB\-\fR)\fIsecurebit\fR...
+Set or clear securebits.  The argument is a comma-separated list.
+The valid securebits are
 .IR noroot ,
-.IR noroot_\:locked ,
-.IR no_\:setuid_\:fixup ,
-.IR no_\:setuid_\:fixup_\:locked ,
+.IR noroot_locked ,
+.IR no_setuid_fixup ,
+.IR no_setuid_fixup_locked ,
 and
-.IR keep_\:caps_\:locked .
-.I keep_\:caps
+.IR keep_caps_locked .
+.I keep_caps
 is cleared by
 .BR execve (2)
 and is therefore not allowed.
 .TP
 \fB\-\-selinux\-label\fR \fIlabel\fR
-Requests a particular SELinux transition (using a transition on exec, not
+Request a particular SELinux transition (using a transition on exec, not
 dyntrans).  This will fail and cause
 .BR setpriv (1)
 to abort if SELinux is not in use, and the transition may be ignored or cause
 .BR execve (2)
 to fail at SELinux's whim.  (In particular, this is unlikely to work in
 conjunction with
-.IR no_\:new_\:privs .)
+.IR no_new_privs .)
 This is similar to
 .BR runcon (1).
 .TP
 \fB\-\-apparmor\-profile\fR \fIprofile\fR
-Requests a particular AppArmor profile (using a transition on exec).  This will
+Request a particular AppArmor profile (using a transition on exec).  This will
 fail and cause
 .BR setpriv (1)
 to abort if AppArmor is not in use, and the transition may be ignored or cause
@@ -132,8 +138,8 @@ will not be run and
 will return with exit code 127.
 .PP
 Be careful with this tool \-\- it may have unexpected security consequences.
-For example, setting no_\:new_\:privs and then execing a program that is
-SELinux\-\:confined (as this tool would do) may prevent the SELinux
+For example, setting no_new_privs and then execing a program that is
+SELinux\-confined (as this tool would do) may prevent the SELinux
 restrictions from taking effect.
 .SH SEE ALSO
 .BR prctl (2),