Fix some more reported issues

tool/net/help.txt

@@ -2700,6 +2700,94 @@ UNIX MODULE
 
     See the unix.Rusage section below for details on returned fields.
 
+  unix.pledge([promises:str])
+      ├─→ true
+      └─→ nil, unix.Errno
+
+    Restrict system operations.
+
+    This can be used to sandbox your redbean workers. It allows finer
+    customization compared to the `-S` flag.
+
+    By default exit and exit_group are always allowed. This is useful
+    for processes that perform pure computation and interface with the
+    parent via shared memory.
+
+    Currently only available on OpenBSD and Linux. On Linux, the default
+    action when your policy is violated is to return `EPERM`. On OpenBSD
+    the kernel will kill the process.
+
+    `promises` is a string that may include any of the following groups
+    delimited by spaces.
+
+    stdio
+
+      Allows clock_getres, clock_gettime, close, dup, dup2, dup3,
+      fchdir, fstat, fsync, ftruncate, getdents, getegid, getrandom,
+      geteuid, getgid, getgroups, getitimer, getpgid, getpgrp, getpid,
+      getppid, getresgid, getresuid, getrlimit, getsid, gettimeofday,
+      getuid, lseek, madvise, brk, mmap, mprotect, munmap, nanosleep,
+      pipe, pipe2, poll, pread, preadv, pwrite, pwritev, read, readv,
+      recvfrom, recvmsg, select, sendmsg, sendto, setitimer, shutdown,
+      sigaction, sigprocmask, sigreturn, socketpair, umask, wait4,
+      write, writev.
+
+    rpath
+
+      Allows chdir, getcwd, openat, fstatat, faccessat, readlinkat,
+      lstat, chmod, fchmod, fchmodat, chown, fchown, fchownat, fstat.
+
+    wpath
+
+      Allows getcwd, openat, fstatat, faccessat, readlinkat, lstat,
+      chmod, fchmod, fchmodat, chown, fchown, fchownat, fstat.
+
+    cpath
+
+      Allows rename, renameat, link, linkat, symlink, symlinkat, unlink,
+      unlinkat, mkdir, mkdirat, rmdir.
+
+    dpath
+
+      Allows mknod
+
+    tmppath
+
+      Allows lstat, chmod, chown, unlink, fstat.
+
+    inet
+
+      Allows socket, listen, bind, connect, accept4, accept,
+      getpeername, getsockname, setsockopt, getsockopt.
+
+    fattr
+
+      Allows utimes, utimensat, chmod, fchmod, fchmodat, chown,
+      fchownat, lchown, fchown, utimes.
+
+    unix
+
+      Allows socket, listen, bind, connect, accept4, accept,
+      getpeername, getsockname, setsockopt, getsockopt.
+
+    dns
+
+      Allows sendto, recvfrom, socket, connect.
+
+    proc
+
+      Allows fork, vfork, kill, getpriority, setpriority, setrlimit,
+      setpgid, setsid.
+
+    exec
+
+      Allows execve.
+
+    id
+
+      Allows setuid, setreuid, setresuid, setgid, setregid, setresgid,
+      setgroups, setrlimit, getpriority, setpriority.
+
   unix.gmtime(unixts:int)
       ├─→ year,mon,mday,hour,min,sec,gmtoffsec,wday,yday,dst:int,zone:str
       └─→ nil,unix.Errno
@@ -3038,94 +3126,6 @@ UNIX MODULE
     higher priority process after failing to finish its work, within the
     allotted time slice.
 
-  sandbox.pledge([promises:str])
-      ├─→ true
-      └─→ nil, unix.Errno
-
-    Restrict system operations.
-
-    This can be used to sandbox your redbean workers. It allows finer
-    customization compared to the `-S` flag.
-
-    By default exit and exit_group are always allowed. This is useful
-    for processes that perform pure computation and interface with the
-    parent via shared memory.
-
-    Currently only available on OpenBSD and Linux. On Linux, the default
-    action when your policy is violated is to return `EPERM`. On OpenBSD
-    the kernel will kill the process.
-
-    `promises` is a string that may include any of the following groups
-    delimited by spaces.
-
-    stdio
-
-      Allows clock_getres, clock_gettime, close, dup, dup2, dup3,
-      fchdir, fstat, fsync, ftruncate, getdents, getegid, getrandom,
-      geteuid, getgid, getgroups, getitimer, getpgid, getpgrp, getpid,
-      getppid, getresgid, getresuid, getrlimit, getsid, gettimeofday,
-      getuid, lseek, madvise, brk, mmap, mprotect, munmap, nanosleep,
-      pipe, pipe2, poll, pread, preadv, pwrite, pwritev, read, readv,
-      recvfrom, recvmsg, select, sendmsg, sendto, setitimer, shutdown,
-      sigaction, sigprocmask, sigreturn, socketpair, umask, wait4,
-      write, writev.
-
-    rpath
-
-      Allows chdir, getcwd, openat, fstatat, faccessat, readlinkat,
-      lstat, chmod, fchmod, fchmodat, chown, fchown, fchownat, fstat.
-
-    wpath
-
-      Allows getcwd, openat, fstatat, faccessat, readlinkat, lstat,
-      chmod, fchmod, fchmodat, chown, fchown, fchownat, fstat.
-
-    cpath
-
-      Allows rename, renameat, link, linkat, symlink, symlinkat, unlink,
-      unlinkat, mkdir, mkdirat, rmdir.
-
-    dpath
-
-      Allows mknod
-
-    tmppath
-
-      Allows lstat, chmod, chown, unlink, fstat.
-
-    inet
-
-      Allows socket, listen, bind, connect, accept4, accept,
-      getpeername, getsockname, setsockopt, getsockopt.
-
-    fattr
-
-      Allows utimes, utimensat, chmod, fchmod, fchmodat, chown,
-      fchownat, lchown, fchown, utimes.
-
-    unix
-
-      Allows socket, listen, bind, connect, accept4, accept,
-      getpeername, getsockname, setsockopt, getsockopt.
-
-    dns
-
-      Allows sendto, recvfrom, socket, connect.
-
-    proc
-
-      Allows fork, vfork, kill, getpriority, setpriority, setrlimit,
-      setpgid, setsid.
-
-    exec
-
-      Allows execve.
-
-    id
-
-      Allows setuid, setreuid, setresuid, setgid, setregid, setresgid,
-      setgroups, setrlimit, getpriority, setpriority.
-
 
 ────────────────────────────────────────────────────────────────────────────────
 

tool/net/lunix.c

@@ -646,7 +646,7 @@ static int LuaUnixRaise(lua_State *L) {
 }
 
 // unix.wait([pid:int, options:int])
-//     ├─→ pid:int, wstatus:int
+//     ├─→ pid:int, wstatus:int, unix.Rusage
 //     └─→ nil, unix.Errno
 static int LuaUnixWait(lua_State *L) {
   struct rusage ru;