FIx some malformed XML in option descriptions

E.g. these were using "<para>" at the *end* of a description. The real WTF is that this is possible at all...
author: Eelco Dolstra <edolstra@gmail.com> 2019-05-13 09:15:17 +0200
committer: Eelco Dolstra <edolstra@gmail.com> 2019-05-13 09:15:17 +0200
commit: de9e23846968417d129adc03c21d3e28aa977496 (patch)
tree: f2dfe94efad03c940ae71e53004f122410987080 /nixos/modules/security/misc.nix
parent: 59a733edae6c08ec88d007a0ebcdcdb8f906e3ff (diff)
1 files changed, 2 insertions, 16 deletions
diff --git a/nixos/modules/security/misc.nix b/nixos/modules/security/misc.nix
index ecf22bf81c59..bf474ac0a546 100644
--- a/nixos/modules/security/misc.nix
+++ b/nixos/modules/security/misc.nix
@@ -13,23 +13,17 @@ with lib;
       default = true;
       description = ''
         Whether to allow creation of user namespaces.
-        </para>
 
-        <para>
         The motivation for disabling user namespaces is the potential
         presence of code paths where the kernel's permission checking
         logic fails to account for namespacing, instead permitting a
         namespaced process to act outside the namespace with the same
         privileges as it would have inside it.  This is particularly
         damaging in the common case of running as root within the namespace.
-        </para>
 
-        <para>
         When user namespace creation is disallowed, attempting to create a
         user namespace fails with "no space left on device" (ENOSPC).
         root may re-enable user namespace creation at runtime.
-        </para>
-        <para>
       '';
     };
 
@@ -48,21 +42,15 @@ with lib;
         Whether to allow SMT/hyperthreading.  Disabling SMT means that only
         physical CPU cores will be usable at runtime, potentially at
         significant performance cost.
-        </para>
 
-        <para>
         The primary motivation for disabling SMT is to mitigate the risk of
         leaking data between threads running on the same CPU core (due to
         e.g., shared caches).  This attack vector is unproven.
-        </para>
 
-        <para>
         Disabling SMT is a supplement to the L1 data cache flushing mitigation
         (see <xref linkend="opt-security.virtualization.flushL1DataCache"/>)
         versus malicious VM guests (SMT could "bring back" previously flushed
         data).
-        </para>
-        <para>
       '';
     };
 
@@ -73,10 +61,8 @@ with lib;
         Whether the hypervisor should flush the L1 data cache before
         entering guests.
         See also <xref linkend="opt-security.allowSimultaneousMultithreading"/>.
-        </para>
 
-        <para>
-          <variablelist>
+        <variablelist>
           <varlistentry>
             <term><literal>null</literal></term>
             <listitem><para>uses the kernel default</para></listitem>
@@ -98,7 +84,7 @@ with lib;
             enters the guest.  May incur significant performance cost.
             </para></listitem>
           </varlistentry>
-          </variablelist>
+        </variablelist>
       '';
     };
   };
author	Eelco Dolstra <edolstra@gmail.com>	2019-05-13 09:15:17 +0200
committer	Eelco Dolstra <edolstra@gmail.com>	2019-05-13 09:15:17 +0200
commit	de9e23846968417d129adc03c21d3e28aa977496 (patch)
tree	f2dfe94efad03c940ae71e53004f122410987080 /nixos/modules/security/misc.nix
parent	59a733edae6c08ec88d007a0ebcdcdb8f906e3ff (diff)