1 files changed, 13 insertions, 13 deletions

diff --git a/lib/libc/sys/cap_enter.2 b/lib/libc/sys/cap_enter.2
index 7051a96266b9..428e0b0bcd09 100644
--- a/lib/libc/sys/cap_enter.2
+++ b/lib/libc/sys/cap_enter.2
@@ -97,19 +97,6 @@ and
 operations of the
 .Xr procctl 2
 function for similar per-process functionality.
-.Sh CAVEAT
-Creating effective process sandboxes is a tricky process that involves
-identifying the least possible rights required by the process and then
-passing those rights into the process in a safe manner.
-Consumers of
-.Fn cap_enter
-should also be aware of other inherited rights, such as access to VM
-resources, memory contents, and other process properties that should be
-considered.
-It is advisable to use
-.Xr fexecve 2
-to create a runtime environment inside the sandbox that has as few implicitly
-acquired rights as possible.
 .Sh RETURN VALUES
 .Rv -std cap_enter cap_getmode
 .Pp
@@ -162,3 +149,16 @@ These functions and the capability facility were created by
 .An "Robert N. M. Watson"
 at the University of Cambridge Computer Laboratory with support from a grant
 from Google, Inc.
+.Sh CAVEATS
+Creating effective process sandboxes is a tricky process that involves
+identifying the least possible rights required by the process and then
+passing those rights into the process in a safe manner.
+Consumers of
+.Fn cap_enter
+should also be aware of other inherited rights, such as access to VM
+resources, memory contents, and other process properties that should be
+considered.
+It is advisable to use
+.Xr fexecve 2
+to create a runtime environment inside the sandbox that has as few implicitly
+acquired rights as possible.