 @@ -1,14 +1,14 @@
-.\" $NetBSD: kauth.9,v 1.72 2008/11/12 12:35:54 ad Exp $
+.\" $NetBSD: kauth.9,v 1.73 2009/03/15 14:11:08 joerg Exp $
 .\"
 .\" Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
 .\" 3. The name of the author may not be used to endorse or promote products
 @@ -42,27 +42,27 @@ to implement a system-wide security poli
 It allows external modules to plug-in the authorization process.
 .Pp
 .Nm
 introduces some new concepts, namely
 .Dq scopes
 and
 .Dq listeners ,
 which will be detailed together with other useful information for kernel
 developers in this document.
 .Ss Types
 Some
 .Nm
 types include the following:
-.Bl -tag
+.Bl -tag -width kauth_listener_t
 .It kauth_cred_t
 Representing credentials that can be associated with an object.
 Includes user- and group-ids (real, effective, and save) as well as group
 membership information.
 .It kauth_scope_t
 Describes a scope.
 .It kauth_listener_t
 Describes a listener.
 .El
 .Ss Terminology
 .Nm
 operates in various
 .Dq scopes ,
 @@ -125,27 +125,27 @@ or
 or when there was no definitive decision from any of the listeners (i.e., it
 was not explicitly allowed or denied) and no security model was loaded.
 .Ss Generic Scope
 The generic scope,
 .Dq org.netbsd.kauth.generic ,
 manages generic authorization requests in the kernel.
 .Pp
 The authorization wrapper for this scope is declared as
 .Pp
 .Ft int Fn kauth_authorize_generic "kauth_cred_t cred" "kauth_action_t op" \
 "void *arg0"
 .Pp
 The following operations are available for this scope:
-.Bl -tag
+.Bl -tag -width compact
 .It Dv KAUTH_GENERIC_ISSUSER
 Checks whether the credentials belong to the super-user.
 .Pp
 Using this request is strongly discouraged and should only be done as a
 temporary place-holder, as it is breaking the separation between the
 interface for authorization requests from the back-end implementation.
 .It Dv KAUTH_GENERIC_CANSEE
 Checks whether an object with one set of credentials can access
 information about another object, possibly with a different set of
 credentials.
 .Pp
 .Ar arg0
 contains the credentials of the object looked at.
 @@ -156,76 +156,76 @@ routines.
 .El
 .Ss System Scope
 The system scope,
 .Dq org.netbsd.kauth.system ,
 manages authorization requests affecting the entire system.
 .Pp
 The authorization wrapper for this scope is declared as
 .Pp
 .Ft int Fn kauth_authorize_system "kauth_cred_t cred" \
 "kauth_action_t op" "enum kauth_system_req req" "void *arg1" "void *arg2" \
 "void *arg3"
 .Pp
 The following requests are available for this scope:
-.Bl -tag
+.Bl -tag -width compact
 .It Dv KAUTH_SYSTEM_ACCOUNTING
 Check if enabling/disabling accounting allowed.
 .It Dv KAUTH_SYSTEM_CHROOT
 .Ar req
 can be any of the following:
-.Bl -tag
+.Bl -tag -width compact
 .It Dv KAUTH_REQ_SYSTEM_CHROOT_CHROOT
 Check if calling
 .Xr chroot 2
 is allowed.
 .It Dv KAUTH_REQ_SYSTEM_CHROOT_FCHROOT
 Check if calling
 .Xr fchroot 2
 is allowed.
 .El
 .It Dv KAUTH_SYSTEM_CPU
 Check CPU-manipulation access.
 .Pp
 .Ar req
 can be any of the following:
-.Bl -tag
+.Bl -tag -width compact
 .It Dv KAUTH_REQ_SYSTEM_CPU_SETSTATE
 Set CPU state, including setting it online or offline.
 .El
 .It Dv KAUTH_SYSTEM_DEBUG
 This request concentrates several debugging-related operations.
 .Ar req
 can be any of the following:
-.Bl -tag
+.Bl -tag -width compact
 .It Dv KAUTH_REQ_SYSTEM_DEBUG_IPKDB
 Check if using
 .Xr ipkdb 4
 is allowed.
 .El
 .It Dv KAUTH_SYSTEM_FILEHANDLE
 Check if filehandle operations allowed.
 .It Dv KAUTH_SYSTEM_MODULE
 Check if a module request is allowed.
 .Pp
 .Ar arg1
 is the command.
 .It Dv KAUTH_SYSTEM_MKNOD
 Check if creating devices is allowed.
 .It Dv KAUTH_SYSTEM_MOUNT
 Check if mount-related operations are allowed.
 .Pp
 .Ar req
 can be any of the following:
-.Bl -tag
+.Bl -tag -width compact
 .It Dv KAUTH_REQ_SYSTEM_MOUNT_GET
 Check if retrieving information about a mount is allowed.
 .Ar arg1
 is a
 .Ft struct mount *
 with the mount structure in question,
 .Ar arg2
 is a
 .Ft void *
 with file-system specific data, if any.
 .It Dv KAUTH_REQ_SYSTEM_MOUNT_NEW
 Check if mounting a new file-system is allowed.
 .Pp
 @@ -259,72 +259,72 @@ of the existing mount,
 is an
 .Ft int
 with the new mount flags, and
 .Ar arg3
 is a
 .Ft void *
 with file-system specific data, if any.
 .El
 .It Dv KAUTH_SYSTEM_PSET
 Check processor-set manipulation.
 .Pp
 .Ar req
 can be any of the following:
-.Bl -tag
+.Bl -tag -width compact
 .It Dv KAUTH_REQ_SYSTEM_PSET_ASSIGN
 Change processor-set processor assignment.
 .It Dv KAUTH_REQ_SYSTEM_PSET_BIND
 Bind an LWP to a processor-set.
 .It Dv KAUTH_REQ_SYSTEM_PSET_CREATE
 Create a processor-set.
 .It Dv KAUTH_REQ_SYSTEM_PSET_DESTROY
 Destroy a processor-set.
 .El
 .It Dv KAUTH_SYSTEM_REBOOT
 Check if rebooting is allowed.
 .It Dv KAUTH_SYSTEM_SETIDCORE
 Check if changing coredump settings for set-id processes is allowed.
 .It Dv KAUTH_SYSTEM_SWAPCTL
 Check if privileged
 .Xr swapctl 2
 requests are allowed.
 .It Dv KAUTH_SYSTEM_SYSCTL
 This requests operations related to
 .Xr sysctl 9 .
 .Ar req
 indicates the specific request and can be one of the following:
-.Bl -tag
+.Bl -tag -width compact
 .It Dv KAUTH_REQ_SYSTEM_SYSCTL_ADD
 Check if adding a
 .Xr sysctl 9
 node is allowed.
 .It Dv KAUTH_REQ_SYSTEM_SYSCTL_DELETE
 Check if deleting a
 .Xr sysctl 9
 node is allowed.
 .It Dv KAUTH_REQ_SYSTEM_SYSCTL_DESC
 Check if adding description to a
 .Xr sysctl 9
 node is allowed.
 .It Dv KAUTH_REQ_SYSTEM_SYSCTL_PRVT
 Check if accessing private
 .Xr sysctl 9
 nodes is allowed.
 .El
 .It Dv KAUTH_SYSTEM_TIME
 This request groups time-related operations.
 .Ar req
 can be any of the following:
-.Bl -tag
+.Bl -tag -width compact
 .It Dv KAUTH_REQ_SYSTEM_TIME_ADJTIME
 Check if changing the time using
 .Xr adjtime 2
 is allowed.
 .It Dv KAUTH_REQ_SYSTEM_TIME_NTPADJTIME
 Check if setting the time using
 .Xr ntp_adjtime 2
 is allowed.
 .It Dv KAUTH_REQ_SYSTEM_TIME_SYSTEM
 Check if changing the time (usually via
 .Xr settimeofday 2 )
 is allowed.
 .Pp
 @@ -350,27 +350,27 @@ Check if manipulating timecounters is al
 .El
 .Ss Process Scope
 The process scope,
 .Dq org.netbsd.kauth.process ,
 manages authorization requests related to processes in the system.
 .Pp
 The authorization wrapper for this scope is declared as
 .Pp
 .Ft int Fn kauth_authorize_process "kauth_cred_t cred" \
 "kauth_action_t op" "struct proc *p" "void *arg1" "void *arg2" \
 "void *arg3"
 .Pp
 The following operations are available for this scope:
-.Bl -tag
+.Bl -tag -width compact
 .It Dv KAUTH_PROCESS_KTRACE
 Checks whether an object with one set of credentials can
 .Xr ktrace 1
 another process
 .Ar p ,
 possibly with a different set of credentials.
 .Pp
 If
 .Ar arg1
 is
 .Dv KAUTH_REQ_PROCESS_KTRACE_PERSISTENT ,
 this checks if persistent tracing can be done.
 Persistent tracing maintains the trace across a set-user-id/set-group-id
 @@ -505,135 +505,135 @@ or
 respectively.
 .El
 .Ss Network Scope
 The network scope,
 .Dq org.netbsd.kauth.network ,
 manages networking-related authorization requests in the kernel.
 .Pp
 The authorization wrapper for this scope is declared as
 .Pp
 .Ft int Fn kauth_authorize_network "kauth_cred_t cred" "kauth_action_t op" \
 "enum kauth_network_req req" "void *arg1" "void *arg2" "void *arg3"
 .Pp
 The following operations are available for this scope:
-.Bl -tag
+.Bl -tag -width compact
 .It Dv KAUTH_NETWORK_ALTQ
 Checks if an ALTQ operation is allowed.
 .Pp
 .Ar req
 indicates the ALTQ subsystem in question, and can be one of the following:
 .Pp
-.Bl -tag -compact
+.Bl -tag -compact -width compact
 .It Dv KAUTH_REQ_NETWORK_ALTQ_AFMAP
 .It Dv KAUTH_REQ_NETWORK_ALTQ_BLUE
 .It Dv KAUTH_REQ_NETWORK_ALTQ_CBQ
 .It Dv KAUTH_REQ_NETWORK_ALTQ_CDNR
 .It Dv KAUTH_REQ_NETWORK_ALTQ_CONF
 .It Dv KAUTH_REQ_NETWORK_ALTQ_FIFOQ
 .It Dv KAUTH_REQ_NETWORK_ALTQ_HFSC
 .It Dv KAUTH_REQ_NETWORK_ALTQ_JOBS
 .It Dv KAUTH_REQ_NETWORK_ALTQ_PRIQ
 .It Dv KAUTH_REQ_NETWORK_ALTQ_RED
 .It Dv KAUTH_REQ_NETWORK_ALTQ_RIO
 .It Dv KAUTH_REQ_NETWORK_ALTQ_WFQ
 .El
 .It Dv KAUTH_NETWORK_BIND
 Checks if a
 .Xr bind 2
 request is allowed.
 .Pp
 .Ar req
 allows to indicate the type of the request to structure listeners and callers
 easier.
 Supported request types:
-.Bl -tag
+.Bl -tag -width compact
 .It Dv KAUTH_REQ_NETWORK_BIND_PRIVPORT
 Checks if binding to a privileged/reserved port is allowed.
 .El
 .It Dv KAUTH_NETWORK_FIREWALL
 Checks if firewall-related operations are allowed.
 .Pp
 .Ar req
 indicates the sub-action, and can be one of the following:
-.Bl -tag
+.Bl -tag -width compact
 .It Dv KAUTH_REQ_NETWORK_FIREWALL_FW
 Modification of packet filtering rules.
 .It Dv KAUTH_REQ_NETWORK_FIREWALL_NAT
 Modification of NAT rules.
 .El
 .It Dv KAUTH_NETWORK_INTERFACE
 Checks if network interface-related operations are allowed.
 .Pp
 .Ar arg1
 is (optionally) the
 .Ft struct ifnet *
 associated with the interface.
 .Ar arg2
 is (optionally) an
 .Ft int
 describing the interface-specific operation.
 .Ar arg3
 is (optionally) a pointer to the interface-specific request structure.
 .Ar req
 indicates the sub-action, and can be one of the following:
-.Bl -tag
+.Bl -tag -width compact
 .It Dv KAUTH_REQ_NETWORK_INTERFACE_GET
 Check if retrieving information from the device is allowed.
 .It Dv KAUTH_REQ_NETWORK_INTERFACE_GETPRIV
 Check if retrieving privileged information from the device is allowed.
 .It Dv KAUTH_REQ_NETWORK_INTERFACE_SET
 Check if setting parameters on the device is allowed.
 .It Dv KAUTH_REQ_NETWORK_INTERFACE_SETPRIV
 Check if setting privileged parameters on the device is allowed.
 .El
 .Pp
 Note that unless the
 .Ft struct ifnet *
 for the interface was passed in
 .Ar arg1 ,
 there's no way to tell what structure
 .Ar arg3
 is.
 .It Dv KAUTH_NETWORK_FORWSRCRT
 Checks whether status of forwarding of source-routed packets can be modified
 or not.
 .It Dv KAUTH_NETWORK_NFS
 Check is an NFS related operation is allowed.
 .Pp
 .Ar req
 can be any of the following:
-.Bl -tag
+.Bl -tag -width compact
 .It Dv KAUTH_REQ_NETWORK_NFS_EXPORT
 Check if modifying the NFS export table is allowed.
 .It Dv KAUTH_REQ_NETWORK_NFS_SVC
 Check if access to the NFS
 .Xr nfssvc 2
 syscall is allowed.
 .El
 .It Dv KAUTH_NETWORK_ROUTE
 Checks if a routing-related request is allowed.
 .Pp
 .Ar arg1
 is the
 .Ft struct rt_msghdr *
 for the request.
 .It Dv KAUTH_NETWORK_SOCKET
 Checks if a socket related operation is allowed.
 .Pp
 .Ar req
 allows to indicate the type of the request to structure listeners and callers
 easier.
 Supported request types:
-.Bl -tag
+.Bl -tag -width compact
 .It Dv KAUTH_REQ_NETWORK_SOCKET_RAWSOCK
 Checks if opening a raw socket is allowed.
 .It Dv KAUTH_REQ_NETWORK_SOCKET_OPEN
 Checks if opening a socket is allowed.
 .Ar arg1 , arg2 ,
 and
 .Ar arg3
 are all
 .Ft int
 parameters describing the domain, socket type, and protocol,
 respectively.
 .It Dv KAUTH_REQ_NETWORK_SOCKET_CANSEE
 Checks if looking at the socket passed is allowed.
 @@ -648,27 +648,27 @@ describing the socket.
 The machine-dependent (machdep) scope,
 .Dq org.netbsd.kauth.machdep ,
 manages machine-dependent authorization requests in the kernel.
 .Pp
 The authorization wrapper for this scope is declared as
 .Pp
 .Ft int Fn kauth_authorize_machdep "kauth_cred_t cred" "kauth_action_t op" \
 "void *arg0" "void *arg1" "void *arg2" "void *arg3"
 .Pp
 The actions on this scope provide a set that may or may not affect all
 platforms.
 Below is a list of available actions, along with which platforms are affected
 by each.
-.Bl -tag
+.Bl -tag -width compact
 .It Dv KAUTH_MACHDEP_IOPERM_GET
 Request to get the I/O permission level.
 Affects
 .Em amd64 ,
 .Em i386 ,
 .Em xen .
 .It Dv KAUTH_MACHDEP_IOPERM_SET
 Request to set the I/O permission level.
 Affects
 .Em amd64 ,
 .Em i386 ,
 .Em xen .
 .It Dv KAUTH_MACHDEP_IOPL
 @@ -733,27 +733,27 @@ this scope provides authorization wrappe
 "struct tty *tty"
 .Pp
 Authorizes requests for
 .Em terminal devices
 on the system.
 The third argument,
 .Ar tty ,
 is the terminal device in question.
 It is passed to the listener as
 .Ar arg0 .
 The second argument,
 .Ar op ,
 is the action and can be one of the following:
-.Bl -tag
+.Bl -tag -width compact
 .It Dv KAUTH_DEVICE_TTY_OPEN
 Open the terminal device pointed to by
 .Ar tty .
 .It Dv KAUTH_DEVICE_TTY_PRIVSET
 Set privileged settings on the terminal device pointed to by
 .Ar tty .
 .It Dv KAUTH_DEVICE_TTY_STI
 Use the
 .Dq TIOCSTI
 device
 .Xr ioctl 2 ,
 allowing to inject characters into the terminal buffer, simulating terminal
 input.
 @@ -802,27 +802,27 @@ These have the potential of resulting in
 It passes
 .Dv KAUTH_DEVICE_RAWIO_PASSTHRU
 as the action to the listener, and accepts three arguments.
 .Ar dev ,
 passed as
 .Ar arg1
 to the listener, is the device for which the request is made.
 .Ar mode ,
 passed as
 .Ar arg0
 to the listener, is a generic representation of the access mode requested.
 It can be one or more (binary-OR'd) of the following:
 .Pp
-.Bl -tag -offset indent -compact
+.Bl -tag -width compact -offset indent -compact
 .It KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READ
 .It KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READCONF
 .It KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_WRITE
 .It KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_WRITECONF
 .El
 .Pp
 .Ar data ,
 passed as
 .Ar arg2
 to the listener, is device-specific data that may be associated with the
 request.
 .Ss Credentials Scope
 The credentials scope,
 @@ -836,27 +836,27 @@ It is a
 scope, allowing hooking operations such as initialization of new credentials,
 credential inheritance during a fork, and copying and freeing of credentials.
 The main purpose for this scope is to give a security model a way to control
 the aforementioned operations, especially in cases where the credentials
 hold security model-private data.
 .Pp
 Notifications are made using the following function, which is internal to
 .Nm :
 .Pp
 .Ft int Fn kauth_cred_hook "kauth_cred_t cred" "kauth_action_t action" \
 "void *arg0" "void *arg1"
 .Pp
 With the following actions:
-.Bl -tag
+.Bl -tag -width compact
 .It Dv KAUTH_CRED_COPY
 The credentials are being copied.
 .Ar cred
 are the credentials of the lwp context doing the copy, and
 .Ar arg0
 and
 .Ar arg1
 are both
 .Ft kauth_cred_t
 representing the
 .Dq from
 and
 .Dq to
 @@ -884,27 +884,27 @@ are being initialized.
 .El
 .Pp
 Since this is a notify-only scope, all listeners are required to return
 .Dv KAUTH_RESULT_ALLOW .
 .Ss Credentials Accessors and Mutators
 .Nm
 has a variety of accessor and mutator routines to handle
 .Ft kauth_cred_t
 objects.
 .Pp
 The following routines can be used to access and modify the user- and
 group-ids in a
 .Ft kauth_cred_t :
-.Bl -tag
+.Bl -tag -width compact
 .It Ft uid_t Fn kauth_cred_getuid "kauth_cred_t cred"
 Returns the real user-id from
 .Ar cred .
 .It Ft uid_t Fn kauth_cred_geteuid "kauth_cred_t cred"
 Returns the effective user-id from
 .Ar cred .
 .It Ft uid_t Fn kauth_cred_getsvuid "kauth_cred_t cred"
 Returns the saved user-id from
 .Ar cred .
 .It Ft void Fn kauth_cred_setuid "kauth_cred_t cred" "uid_t uid"
 Sets the real user-id in
 .Ar cred
 to
 @@ -941,27 +941,27 @@ to
 .It Ft void Fn kauth_cred_setsvgid "kauth_cred_t cred" "gid_t gid"
 Sets the saved group-id in
 .Ar cred
 to
 .Ar gid .
 .It Ft u_int Fn kauth_cred_getrefcnt "kauth_cred_t cred"
 Return the reference count for
 .Ar cred .
 .El
 .Pp
 The following routines can be used to access and modify the group
 list in a
 .Ft kauth_cred_t :
-.Bl -tag
+.Bl -tag -width compact
 .It Ft int Fn kauth_cred_ismember_gid "kauth_cred_t cred" "gid_t gid" \
 "int *resultp"
 Checks if the group-id
 .Ar gid
 is a member in the group list of
 .Ar cred .
 .Pp
 If it is,
 .Ar resultp
 will be set to one, otherwise, to zero.
 .Pp
 The return value is an error code, or zero for success.
 .It Ft u_int Fn kauth_cred_ngroups "kauth_cred_t cred"
 @@ -1024,44 +1024,44 @@ provides an interface to allow attaching
 credentials.
 .Pp
 The use of this interface has two parts that can be divided to direct and
 indirect control of the private-data.
 Directly controlling the private data is done by using the below routines,
 while the indirect control is often dictated by events such as process
 fork, and is handled by listening on the credentials scope (see above).
 .Pp
 Attaching private data to credentials works by registering a key to serve
 as a unique identifier, distinguishing various sets of private data that
 may be associated with the credentials.
 Registering, and deregistering, a key is done by using these routines:
 .Pp
-.Bl -tag
+.Bl -tag -width compact
 .It Ft int Fn kauth_register_key "const char *name" "kauth_key_t *keyp"
 Register new key for private data for
 .Ar name
 (usually, the security model name).
 .Ar keyp
 will be used to return the key to be used in further calls.
 .Pp
 The function returns 0 on success and an error code (see
 .Xr errno 2 )
 on failure.
 .It Ft int Fn kauth_deregister_key "kauth_key_t key"
 Deregister private data key
 .Ar key .
 .El
 .Pp
 Once registered, private data may be manipulated by the following routines:
-.Bl -tag
+.Bl -tag -width compact
 .It Ft void Fn kauth_cred_setdata "kauth_cred_t cred" "kauth_key_t key" \
 "void *data"
 Set private data for
 .Ar key
 in
 .Ar cred
 to be
 .Ar data .
 .It Ft void * Fn kauth_cred_getdata "kauth_cred_t cred" "kauth_key_t key"
 Retrieve private data for
 .Ar key
 in
 .Ar cred .
 @@ -1077,27 +1077,27 @@ with the
 private data.
 .Ss Credential Inheritance and Reference Counting
 .Nm
 provides an interface for handling shared credentials.
 .Pp
 When a
 .Ft kauth_cred_t
 is first allocated, its reference count is set to 1.
 However, with time, its reference count can grow as more objects (processes,
 LWPs, files, etc.) reference it.
 .Pp
 The following routines are available for managing credentials reference
 counting:
-.Bl -tag
+.Bl -tag -width compact
 .It Ft void Fn kauth_cred_hold "kauth_cred_t cred"
 Increases reference count to
 .Ar cred
 by one.
 .It Ft void Fn kauth_cred_free "kauth_cred_t cred"
 Decreases the reference count to
 .Ar cred
 by one.
 .Pp
 If the reference count dropped to zero, the memory used by
 .Ar cred
 will be freed.
 .El
 @@ -1112,41 +1112,41 @@ When called, it references the parent's
 and calls the credentials scope's hook with the
 .Dv KAUTH_CRED_FORK
 action to allow security model-specific handling of the inheritance
 to take place.
 .Ss Credentials Memory Management
 Data-structures for credentials, listeners, and scopes are allocated from
 memory pools managed by the
 .Xr pool 9
 subsystem.
 .Pp
 The
 .Ft kauth_cred_t
 objects have their own memory management routines:
-.Bl -tag
+.Bl -tag -width compact
 .It Ft kauth_cred_t Fn kauth_cred_alloc "void"
 Allocates a new
 .Ft kauth_cred_t ,
 initializes its lock, and sets its reference count to one.
 .El
 .Ss Conversion Routines
 Sometimes it might be necessary to convert a
 .Ft kauth_cred_t
 to userland's view of credentials, a
 .Ft struct uucred ,
 or vice versa.
 .Pp
 The following routines are available for these cases:
-.Bl -tag
+.Bl -tag -width compact
 .It Ft void Fn kauth_uucred_to_cred "kauth_cred_t cred" "const struct uucred *uucred"
 Convert userland's view of credentials to a
 .Ft kauth_cred_t .
 .Pp
 This includes effective user- and group-ids, a number of groups, and a group
 list.
 The reference count is set to one.
 .Pp
 Note that
 .Nm
 will try to copy as many groups as can be held inside a
 .Ft kauth_cred_t .
 .It Ft void Fn kauth_cred_to_uucred "struct uucred *uucred" "const kauth_cred_t cred"
 @@ -1164,27 +1164,27 @@ will try to copy as many groups as can b
 .It Ft int Fn kauth_cred_uucmp "kauth_cred_t cred" "struct uucred *uucred"
 Compares
 .Ar cred
 with the userland credentials in
 .Ar uucred .
 .Pp
 Common values that will be compared are effective user- and group-ids, and
 the group list.
 .El
 .Ss Miscellaneous Routines
 Other routines provided by
 .Nm
 are:
-.Bl -tag
+.Bl -tag -width compact
 .It Ft void Fn kauth_cred_clone "kauth_cred_t cred1" "kauth_cred_t cred2"
 Clone credentials from
 .Ar cred1
 to
 .Ar cred2 ,
 except for the lock and reference count.
 .Pp
 .It Ft kauth_cred_t Fn kauth_cred_dup "kauth_cred_t cred"
 Duplicate
 .Ar cred .
 .Pp
 What this routine does is call
 .Fn kauth_cred_alloc
 @@ -1211,27 +1211,27 @@ will be done.
 .It Ft kauth_cred_t Fn kauth_cred_get "void"
 Return the credentials associated with the current LWP.
 .El
 .Ss Scope Management
 .Nm
 provides routines to manage the creation and deletion of scopes on the
 system.
 .Pp
 Note that the built-in scopes, the
 .Dq generic
 scope and the
 .Dq process
 scope, can't be deleted.
-.Bl -tag
+.Bl -tag -width compact
 .It Ft kauth_scope_t Fn kauth_register_scope "const char *id" \
 "kauth_scope_callback_t cb" "void *cookie"
 Register a new scope on the system.
 .Ar id
 is the name of the scope, usually in reverse DNS-like notation.
 For example,
 .Dq org.netbsd.kauth.myscope .
 .Ar cb
 is the default listener, to which authorization requests for this scope
 will be dispatched to.
 .Ar cookie
 is optional user-data that will be passed to all listeners
 during authorization on the scope.
 @@ -1250,27 +1250,27 @@ are authorization callbacks that are cal
 request in the scope which they belong to.
 .Pp
 When an authorization request is made, all listeners associated with
 a scope are called to allow, deny, or defer the request.
 .Pp
 It is enough for one listener to deny the request in order for the
 request to be denied; but all listeners are called during an authorization
 process none-the-less.
 All listeners are required to allow the request for it to be granted,
 and in a case where all listeners defer the request -- leaving the decision
 for other listeners -- the request is denied.
 .Pp
 The following KPI is provided for the management of listeners:
-.Bl -tag
+.Bl -tag -width compact
 .It Ft kauth_listener_t Fn kauth_listen_scope "const char *id" \
 "kauth_scope_callback_t cb" "void *cookie"
 Create a new listener on the scope with the id
 .Ar id ,
 setting the default listener to
 .Ar cb .
 .Ar cookie
 is optional user-data that will be passed to the listener when called
 during an authorization request.
 .It Ft void Fn kauth_unlisten_scope "kauth_listener_t listener"
 Removes
 .Ar listener
 from the scope which it belongs to, ensuring it won't be called again,