From 69794e333a41f3d7d0de44da790c5d356c58e28b Mon Sep 17 00:00:00 2001
From: Parnell Springmeyer <parnell@digitalmentat.com>
Date: Tue, 14 Feb 2017 08:53:30 -0600
Subject: [PATCH] Using para tags for manual formatting

---
 nixos/modules/security/wrappers/default.nix | 31 +++++++++++----------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix
index 6f93403960a..c5b99c0c801 100644
--- a/nixos/modules/security/wrappers/default.nix
+++ b/nixos/modules/security/wrappers/default.nix
@@ -109,26 +109,27 @@ in
         };
       };
       description = ''
-        This option allows the ownership and permissions on the setuid
-        wrappers for specific programs to be overridden from the
-        default (setuid root, but not setgid root).
+        <para>This option allows the ownership and permissions on the
+        setuid wrappers for specific programs to be overridden from
+        the default (setuid root, but not setgid root).</para>
 
-        Additionally, this option can set capabilities on a wrapper
-        program that propagates those capabilities down to the
-        wrapped, real program.
+        <para>Additionally, this option can set capabilities on a
+        wrapper program that propagates those capabilities down to the
+        wrapped, real program.</para>
 
-        The <literal>program</literal> attribute is the name of the
-        program to be wrapped. If no <literal>source</literal>
+        <para>The <literal>program</literal> attribute is the name of
+        the program to be wrapped. If no <literal>source</literal>
         attribute is provided, specifying the absolute path to the
         program, then the program will be searched for in the path
-        environment variable.
+        environment variable.</para>
 
-        NOTE: cap_setpcap, which is required for the wrapper program
-        to be able to raise caps into the Ambient set is NOT raised to
-        the Ambient set so that the real program cannot modify its own
-        capabilities!! This may be too restrictive for cases in which
-        the real program needs cap_setpcap but it at least leans on
-        the side security paranoid vs. too relaxed.
+        <para>NOTE: cap_setpcap, which is required for the wrapper
+        program to be able to raise caps into the Ambient set is NOT
+        raised to the Ambient set so that the real program cannot
+        modify its own capabilities!! This may be too restrictive for
+        cases in which the real program needs cap_setpcap but it at
+        least leans on the side security paranoid vs. too
+        relaxed.</para>
       '';
     };