Fix typos.

Typos found with codespell

Signed-off-by: Samanta Navarro <ferivoz@riseup.net>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>

Make.Rules

@@ -155,7 +155,7 @@ endif
 #
 # In the context of this tree, on such such systems, a yes setting will
 # guarantee that every user, by default, is able to bless any binary with
-# any capability - a ready made local exploit machanism.
+# any capability - a ready made local exploit mechanism.
 RAISE_SETFCAP := no
 
 # If set to yes, this will cause the go "web" demo app to force the needed p

README

@@ -8,12 +8,12 @@ This library would not have been possible without the help of
     Aleph1, Roland Buresund and Andrew Main, Alexander Kjeldaas.
 
 More information on capabilities in the Linux kernel, links to the
-official git repostitory for libcap, release notes and how to report
+official git repository for libcap, release notes and how to report
 bugs can be found at:
 
     http://sites.google.com/site/fullycapable/
 
-The primary upstream git repostitory is this one:
+The primary upstream git repository is this one:
 
     https://git.kernel.org/pub/scm/libs/libcap/libcap.git/
 

cap/cap.go

@@ -151,7 +151,7 @@ const (
 )
 
 var (
-	// starUp protects setting of the following values: magic,
+	// startUp protects setting of the following values: magic,
 	// words, maxValues.
 	startUp sync.Once
 
@@ -261,7 +261,7 @@ func (sc *syscaller) prctlwcall6(prVal, v1, v2, v3, v4, v5 uintptr) (int, error)
 	return int(r), nil
 }
 
-// cInit perfoms the lazy identification of the capability vintage of
+// cInit performs the lazy identification of the capability vintage of
 // the running system.
 func (sc *syscaller) cInit() {
 	h := &header{

cap/file.go

@@ -267,7 +267,7 @@ func (c *Set) SetFd(file *os.File) error {
 
 //go:uintptrescapes
 
-// SetFile attempts to set the file capabilities of the specfied
+// SetFile attempts to set the file capabilities of the specified
 // filename. This function can also be used to delete a file's
 // capabilities, by calling with c = nil.
 //

cap/iab.go

@@ -56,7 +56,7 @@ func IABInit() *IAB {
 	}
 }
 
-// IABGetProc summarizes the Inh, Amb and Bound capabilty vectors of
+// IABGetProc summarizes the Inh, Amb and Bound capability vectors of
 // the current process.
 func IABGetProc() *IAB {
 	iab := IABInit()
@@ -188,7 +188,7 @@ func (sc *syscaller) iabSetProc(iab *IAB) (err error) {
 }
 
 // SetProc attempts to change the Inheritable, Ambient and Bounding
-// capabilty vectors of the current process using the content,
+// capability vectors of the current process using the content,
 // iab. The Bounding vector strongly affects the potential for setting
 // other bits, so this function carefully performs the the combined
 // operation in the most flexible manner.

cap/launch.go

@@ -67,7 +67,7 @@ func NewLauncher(path string, args []string, env []string) *Launcher {
 // (*Launcher).Callback(fn) method. However, this launcher is bare
 // bones because, when launching, all privilege management performed
 // by the fn() is fully discarded when the fn() completes
-// exection. That is, it does not end by exec()ing some program.
+// execution. That is, it does not end by exec()ing some program.
 func FuncLauncher(fn func(interface{}) error) *Launcher {
 	return &Launcher{
 		callbackFn: func(ignored *syscall.ProcAttr, data interface{}) error {
@@ -101,7 +101,7 @@ func FuncLauncher(fn func(interface{}) error) *Launcher {
 // *syscall.ProcAttr value to be used when a process launch is taking
 // place. A non-nil structure pointer can be modified by the callback
 // to enhance the launch. For example, the .Files field can be
-// overriden to affect how the launched process' stdin/out/err are
+// overridden to affect how the launched process' stdin/out/err are
 // handled.
 //
 // Further, the 2nd argument to the callback function is provided at
@@ -206,7 +206,7 @@ func launch(result chan<- lResult, attr *Launcher, data interface{}, quit chan<-
 	if tid == pid {
 		// Force the go runtime to find a new thread to run
 		// on.  (It is really awkward to have a process'
-		// PID=TID thread in effectively a zomebie state. The
+		// PID=TID thread in effectively a zombie state. The
 		// Go runtime has support for it, but pstree gives
 		// ugly output since the prSetName value sticks around
 		// after launch completion...

cap/names.go

@@ -63,7 +63,7 @@ const (
 	SETGID
 
 	// SETUID allows a process to freely manipulate its own UIDs:
-	//   - arbitraily set the UID, EUID, REUID and RESUID
+	//   - arbitrarily set the UID, EUID, REUID and RESUID
 	//     values
 	//   - allows the forging of UID credentials passed over a
 	//     socket
@@ -85,7 +85,7 @@ const (
 	// default, as its unsuppressed behavior was not
 	// auditable: it could asynchronously grant its own
 	// Permitted capabilities to and remove capabilities from
-	// other processes arbitraily. The former leads to
+	// other processes arbitrarily. The former leads to
 	// undefined behavior, and the latter is better served by
 	// the kill system call.]
 	SETPCAP

cap/syscalls.go

@@ -40,7 +40,7 @@ const (
 )
 
 // scwMu is used to fully serialize the write system calls. Note, this
-// would generally not be necesary, but in the case of Launch we get
+// would generally not be necessary, but in the case of Launch we get
 // into a situation where the launching thread is temporarily allowed
 // to deviate from the kernel state of the rest of the runtime and
 // allowing other threads to perform w* syscalls will potentially

contrib/pcaps4convenience

@@ -63,22 +63,22 @@ p4c_test(){
     # are we sane?
     WICH=`which which 2>/dev/null`
     if [ $WICH == "" ]; then
-        # thats bad
+        # that's bad
         echo "Sorry, I haven't found which"
         exit
     fi
 
-    # we needt his apps
+    # we need this app
     SETCAP=`which setcap 2>/dev/null`
     if [ "$SETCAP" == "" ]; then
-        echo "Sorry, I'm missing setcap !"
+        echo "Sorry, I'm missing setcap!"
         exit
     fi
 
-    # checking setcap for SET_SETFCAP PCap ?
+    # checking setcap for SET_SETFCAP PCap?
     # for now we stick to root
     if [ "$( id -u )" != "0" ]; then
-        echo "Sorry, you must be root !"
+        echo "Sorry, you must be root!"
         exit 1
     fi
 }
@@ -113,7 +113,7 @@ p4c_app_convert(){
 
 
 p4c_app_revert(){
-    # revert a singel app
+    # revert a single app
     # $1 is app name
     APP=`which -a $1 2>/dev/null`
     if [ "$APP" != "" ]; then
@@ -136,7 +136,7 @@ p4c_app_revert(){
 
 
 p4c_convert(){
-    # we go throug the APPSARRAY and call s2p_app_convert to do the job
+    # we go through the APPSARRAY and call s2p_app_convert to do the job
     COUNTER=0
     let UPPER=${#APPSARRAY[*]}-1
     until [ $COUNTER == $UPPER ]; do
@@ -170,9 +170,9 @@ p4c_usage(){
     echo "through the PAM module pam_cap.so."
     echo "A user who has not the needed PCaps in his Inheritance Set CAN NOT execute"
     echo "these binaries successful."
-    echo "(well, still per sudo or su -c - but thats not the point here)"
+    echo "(well, still per sudo or su -c - but that's not the point here)"
     echo
-    echo "You need and I will check fot the utilities which and setcap."
+    echo "You need and I will check for the utilities which and setcap."
     echo
     echo "Your Filesystem has to support extended attributes and your kernel must have"
     echo "support for POSIX File Capabilities (CONFIG_SECURITY_FILE_CAPABILITIES)."

contrib/pcaps4server

@@ -8,7 +8,7 @@
 # changelog:
 # 1 - initial release pcaps4convenience
 # 1 - 2007.02.15 - initial release
-# 2 - 2007.11.02 - changed to new setfcaps api; each app is now callable; supressed error of id
+# 2 - 2007.11.02 - changed to new setfcaps api; each app is now callable; suppressed error of id
 # 3 - 2007.12.28 - changed to libcap2 package setcap/getcap
 # 4 - renamed to pcaps4server
 #      removed suid0 and convenience files,

contrib/pcaps4suid0

@@ -77,23 +77,23 @@ p4s_test(){
     # are we sane?
     WICH=`which which 2>/dev/null`
     if [ $WICH == "" ]; then
-        # thats bad
+        # that's bad
         echo "Sorry, I haven't found which"
         exit
     fi
 
-    # we needt his apps
+    # we need these apps
     CHMOD=`which chmod 2>/dev/null`
     SETCAP=`which setcap 2>/dev/null`
     if [ "$CHMOD" == "" -o "$SETCAP" == "" ]; then
-        echo "Sorry, I'm missing chmod or setcap !"
+        echo "Sorry, I'm missing chmod or setcap!"
         exit
     fi
 
-    # checking setcap for SET_SETFCAP PCap ?
+    # checking setcap for SET_SETFCAP PCap?
     # for now we stick to root
     if [ "$( id -u )" != "0" ]; then
-        echo "Sorry, you must be root !"
+        echo "Sorry, you must be root!"
         exit 1
     fi
 }
@@ -129,7 +129,7 @@ p4s_app_convert(){
 
 
 p4s_app_revert(){
-    # revert a singel app
+    # revert a single app
     # $1 is app name
     APP=`which -a $1 2>/dev/null`
     if [ "$APP" != "" ]; then
@@ -153,7 +153,7 @@ p4s_app_revert(){
 
 
 p4s_convert(){
-    # we go throug the APPSARRAY and call s2p_app_convert to do the job
+    # we go through the APPSARRAY and call s2p_app_convert to do the job
     COUNTER=0
     let UPPER=${#APPSARRAY[*]}-1
     until [ $COUNTER == $UPPER ]; do
@@ -190,7 +190,7 @@ p4s_usage(){
     echo "If you are using pam_cap.so, you might want to change the set into the"
     echo "Inherited and Effective set (check for the SET var)."
     echo
-    echo "You need and I will check fot the utilities which, chmod and setcap."
+    echo "You need and I will check for the utilities which, chmod and setcap."
     echo
     echo "Your Filesystem has to support extended attributes and your kernel must have"
     echo "support for POSIX File Capabilities (CONFIG_SECURITY_FILE_CAPABILITIES)."

contrib/sucap/su.c

@@ -127,7 +127,7 @@ static int make_environment(pam_handle_t *pamh, int keep_env)
 	return retval;
     }
 
-    /* also propogate the POSIX specific ones */
+    /* also propagate the POSIX specific ones */
     for (i=0; retval == PAM_SUCCESS && posix_env[i]; ++i) {
 	tmpe = getenv(posix_env[i]);
 	if (tmpe != NULL) {
@@ -529,7 +529,7 @@ int wait_for_child(pid_t child)
             fprintf(stderr, "[error waiting child: %s]\n", strerror(errno));
             /*
              * Break the loop keeping exit_code undefined.
-             * Do we have a chance for a successfull wait() call
+             * Do we have a chance for a successful wait() call
              * after kill()? (SAW)
              */
             wait_for_child_caught = 1;
@@ -632,7 +632,7 @@ static char * const *build_shell_args(const char *pw_shell, int login,
             ) {
 
             use_default = 0;                  /* we will use this shell */
-            D(("commited to using user's shell"));
+            D(("committed to using user's shell"));
             if (command) {
                 arg_no += 2;                  /* will append "-c" "command" */
             }
@@ -881,7 +881,7 @@ static const struct utmp *find_utmp_entry(const char *ut_line,
 }
 
 /*
- * Identify the terminal name and the abreviation we will use.
+ * Identify the terminal name and the abbreviation we will use.
  */
 static void set_terminal_name(const char *terminal, char *ut_line, char *ut_id)
 {
@@ -918,7 +918,7 @@ static void set_terminal_name(const char *terminal, char *ut_line, char *ut_id)
 
 /*
  * Append an entry to wtmp. See utmp_open_session for the return convention.
- * Be carefull: the function uses alarm().
+ * Be careful: the function uses alarm().
  */
 
 #define WWTMP_STATE_BEGINNING     0
@@ -1008,7 +1008,7 @@ struct utmp *login_stored_utmp=NULL;
  *   1     non-fatal error
  *  -1     fatal error
  *  callname and err_descr will be set
- * Be carefull: the function indirectly uses alarm().
+ * Be careful: the function indirectly uses alarm().
  */
 static int utmp_do_open_session(const char *user, const char *terminal,
 				const char *rhost, pid_t pid,
@@ -1034,7 +1034,7 @@ static int utmp_do_open_session(const char *user, const char *terminal,
 
 	/*
 	 * here, we make a record of the former entry. If the
-	 * utmp_close_session code is attatched to the same process,
+	 * utmp_close_session code is attached to the same process,
 	 * the wtmp will be replaced, otherwise we leave init to pick
 	 * up the pieces.
 	 */
@@ -1153,7 +1153,7 @@ static int utmp_do_close_session(const char *terminal,
  *   1     non-fatal error
  *  -1     fatal error
  * place and err_descr will be set
- * Be carefull: the function indirectly uses alarm().
+ * Be careful: the function indirectly uses alarm().
  */
 static int utmp_open_session(pam_handle_t *pamh, pid_t pid,
 			     int *retval,
@@ -1332,8 +1332,8 @@ static int launch_callback_fn(void *h)
     }
 
     /*
-     * Restore a signal status: information if the signal is ingored
-     * is inherited accross exec() call.  (SAW)
+     * Restore a signal status: information if the signal is ignored
+     * is inherited across exec() call.  (SAW)
      */
     enable_terminal_signals();
 

doc/cap_iab.3

@@ -47,7 +47,7 @@ Vector will survive
 and the Bound (or \fIblocked\fP) vector is the twos-complement of the
 process bounding set.
 .PP
-In some environments, it is considered desireable to naively inherit
+In some environments, it is considered desirable to naively inherit
 capabilities. That is pass capabilities, independent of the status of
 the executed binary, from parent to child through exec* system
 calls. The surviving capabilities become the Permitted flag for the
@@ -96,7 +96,7 @@ The text format accepted by
 is a comma separated list of capability values. Each capability is
 prefixed by nothing (or %) (Inh); ! (Bound); ^ (Amb). Or, some
 combination thereof. Since the Amb vector is constrained to be no
-greater than the Inh set, ^ is eqivalent to %^. Further, unless B is
+greater than the Inh set, ^ is equivalent to %^. Further, unless B is
 non-zero, % can be omitted. The following are legal text
 representations: "!%cap_chown" (Bound but Inh),
 "!cap_setuid,^cap_chown" (Bound, Inh+Amb). "cap_setuid,!cap_chown"

doc/capability.notes

@@ -22,7 +22,7 @@ the name 'system' who's account is locked with a '*' password. This
 user can be made the owner of all of the system directories on your
 system and critical system binaries too.
 
-Why is this a good idea? In a simple case, the CAP_FUSER capabilty is
+Why is this a good idea? In a simple case, the CAP_FUSER capability is
 required for the superuser to delete files owned by a non-root user in
 a 'sticky-bit' protected non-root owned directory. Thus, the sticky
 bit can help you protect the /lib/ directory from an compromized

doc/capsh.1

@@ -43,7 +43,7 @@ was found via the shell's PATH searching. If the
 occurs after a
 .BI \-\-chroot= /some/path
 argument the PATH located binary may not be resolve to the same binary
-as that running initially. This behavior is an intented feature as it
+as that running initially. This behavior is an intended feature as it
 can complete the chroot transition.
 .TP
 .BI \-\-caps= cap-set

doc/old/_setfilecap.2

@@ -93,7 +93,7 @@ Search permission is denied on a component of the path prefix.
 .TP
 .SB ELOOP
 .I filename
-containes a circular reference (via symlinks).
+contains a circular reference (via symlinks).
 .TP
 .SB EBADF
 .I fd

doc/values/7.txt

@@ -1,5 +1,5 @@
 Allows a process to freely manipulate its own UIDs:
-  - arbitraily set the UID, EUID, REUID and RESUID
+  - arbitrarily set the UID, EUID, REUID and RESUID
     values
   - allows the forging of UID credentials passed over a
     socket

doc/values/8.txt

@@ -14,6 +14,6 @@ capabilities (2008), this capability was suppressed by
 default, as its unsuppressed behavior was not
 auditable: it could asynchronously grant its own
 Permitted capabilities to and remove capabilities from
-other processes arbitraily. The former leads to
+other processes arbitrarily. The former leads to
 undefined behavior, and the latter is better served by
 the kill system call.]

go/compare-cap.go

@@ -184,7 +184,7 @@ func tryProcCaps() {
 		}
 	}
 
-	// The current process is now without any access to privelege.
+	// The current process is now without any access to privilege.
 }
 
 func main() {

goapps/web/web.go

@@ -1,4 +1,4 @@
-// Progam web provides an example of a webserver using capabilities to
+// Program web provides an example of a webserver using capabilities to
 // bind to a privileged port, and then drop all capabilities before
 // handling the first web request.
 //

libcap/execable.h

@@ -19,7 +19,7 @@
 #include <string.h>
 
 #ifdef __EXECABLE_H
-#error "only inlcude execable.h once"
+#error "only include execable.h once"
 #endif
 #define __EXECABLE_H
 

progs/capshdoc.h

@@ -56,7 +56,7 @@ static const char *explanation6[] = {  /* cap_setgid = 6 */
 };
 static const char *explanation7[] = {  /* cap_setuid = 7 */
     "Allows a process to freely manipulate its own UIDs:",
-    "  - arbitraily set the UID, EUID, REUID and RESUID",
+    "  - arbitrarily set the UID, EUID, REUID and RESUID",
     "    values",
     "  - allows the forging of UID credentials passed over a",
     "    socket",
@@ -79,7 +79,7 @@ static const char *explanation8[] = {  /* cap_setpcap = 8 */
     "default, as its unsuppressed behavior was not",
     "auditable: it could asynchronously grant its own",
     "Permitted capabilities to and remove capabilities from",
-    "other processes arbitraily. The former leads to",
+    "other processes arbitrarily. The former leads to",
     "undefined behavior, and the latter is better served by",
     "the kill system call.]",
     NULL

progs/quicktest.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 #
 # Run through a series of tests to try out the various capability
-# manipulations posible through exec.
+# manipulations possible through exec.
 #
 # [Run this as root in a root-enabled process tree.]
 
@@ -90,7 +90,7 @@ pass_capsh --keep=0 --keep=1 --keep=0 --keep=1 --print
 /bin/chmod u+s tcapsh
 /bin/ls -l tcapsh
 
-# leverage keep caps to maintain capabilities accross a change of euid
+# leverage keep caps to maintain capabilities across a change of euid
 # from setuid root to capable luser (as per wireshark/dumpcap 0.99.7)
 # This test is subtle. It is testing that a change to self, dropping
 # euid=0 back to that of the luser keeps capabilities.
@@ -205,7 +205,7 @@ EOF
 
     # Next force the privileged binary to have an empty capability set.
     # This is sort of the opposite of privileged - it should ensure that
-    # the file can never aquire privilege by the ambient method.
+    # the file can never acquire privilege by the ambient method.
     ./setcap = ./privileged
     fail_capsh --keep=1 --uid=$nouid --inh=cap_setuid --addamb=cap_setuid -- -c "./privileged --print --uid=1"
 

psx/doc.go

@@ -1,5 +1,5 @@
 // Package psx provides support for system calls that are run
-// simultanously on all threads under Linux.
+// simultaneously on all threads under Linux.
 //
 // This property can be used to work around a historical lack of
 // native Go support for such a feature. Something that is the subject

psx/psx_syscall.h

@@ -59,7 +59,7 @@ long int psx_syscall6(long int syscall_nr,
  * is to define this function as weak in a library that can optionally
  * use libpsx and then, should the caller link -lpsx, that library can
  * implicitly use these POSIX semantics syscalls. See libcap for an
- * example of this useage.
+ * example of this usage.
  */
 void psx_load_syscalls(long int (**syscall_fn)(long int,
 					       long int, long int, long int),