remove double t from targeted, add missing r to arbitrary
And fix few more typos along the way in comments and man pages.

Remove workaround for ancient HTML generation code.

Use `\(em', not `--'.

Refill sentences and tweak wording where appropriate while here.

branches: 1.20.8; 1.20.12;
Merge riastradh-drm2 to HEAD.

Use Mt for email addresses.

branches: 1.18.6; 1.18.10;
Improvements in secmodel(9). Document secmodel_register(9), _deregister(9)
and _eval(9).

Add secmodel_extensions(9), and indicate the new sysctl(7) to let
ordinary users control the CPU affinity (user_set_cpu_affinity).

branches: 1.17.6;
Remove boilerplate in CODE REFERENCES on file paths.
Describe in intro(9) how to read paths in the CODE REFERENCES section.

New sentence, new line.

Fix securelevel listener function name.

Provide -width for tag lists.
XXX The examples need to be reworked to fit the terminal width

branches: 1.13.2;
Remove LKMs and switch to the module framework, pass 1.

Proposed on tech-kern@.

Fix a typo.

branches: 1.11.10; 1.11.12; 1.11.14;
remove 'unknown keyword' error (use -tag or -hyphen, not both)

Forgot to add notes about secmodel_register() and secmodel_register() in
previous commit -- added now.

Update instructions on writing a new security model to include some notes
about LKMs and private data in credentials.

Fix mdoc (Lt -> Gt).

Remove advertising clause from all of my stuff.

branches: 1.6.2;
Maintain list of security models we ship with NetBSD in secmodel(9), and
some tiny markup fix in secmodel_bsd44(9).

Add SYNOPSIS, after consulting wiz@, thanks!

Update kauth(9) that was forgotten in the big secmodel commit, and some
markup fixes.

Refer to the secmodel_{bsd44,overlay}(9) man-pages and the examples
directory.

Bump date.

Quote HTML characters. Use standard headers. Remove trailing comma.

First take at security model abstraction.

- Add a few scopes to the kernel: system, network, and machdep.

- Add a few more actions/sub-actions (requests), and start using them as
opposed to the KAUTH_GENERIC_ISSUSER place-holders.

- Introduce a basic set of listeners that implement our "traditional"
security model, called "bsd44". This is the default (and only) model we
have at the moment.

- Update all relevant documentation.

- Add some code and docs to help folks who want to actually use this stuff:

* There's a sample overlay model, sitting on-top of "bsd44", for
fast experimenting with tweaking just a subset of an existing model.

This is pretty cool because it's *really* straightforward to do stuff
you had to use ugly hacks for until now...

* And of course, documentation describing how to do the above for quick
reference, including code samples.

All of these changes were tested for regressions using a Python-based
testsuite that will be (I hope) available soon via pkgsrc. Information
about the tests, and how to write new ones, can be found on:

http://kauth.linbsd.org/kauthwiki

NOTE FOR DEVELOPERS: *PLEASE* don't add any code that does any of the
following:

- Uses a KAUTH_GENERIC_ISSUSER kauth(9) request,
- Checks 'securelevel' directly,
- Checks a uid/gid directly.

(or if you feel you have to, contact me first)

This is still work in progress; It's far from being done, but now it'll
be a lot easier.

Relevant mailing list threads:

http://mail-index.netbsd.org/tech-security/2006/01/25/0011.html
http://mail-index.netbsd.org/tech-security/2006/03/24/0001.html
http://mail-index.netbsd.org/tech-security/2006/04/18/0000.html
http://mail-index.netbsd.org/tech-security/2006/05/15/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/01/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/25/0000.html

Many thanks to YAMAMOTO Takashi, Matt Thomas, and Christos Zoulas for help
stablizing kauth(9).

Full credit for the regression tests, making sure these changes didn't break
anything, goes to Matt Fleming and Jaime Fournier.

Happy birthday Randi! :)