1 files changed, 16 insertions, 16 deletions
diff --git a/man7/kernel_lockdown.7 b/man7/kernel_lockdown.7
index 7976a29c14..8bcd603b96 100644
--- a/man7/kernel_lockdown.7
+++ b/man7/kernel_lockdown.7
@@ -50,44 +50,44 @@ kprobes
 .PP
 and the ability to directly configure and control devices, so as to prevent
 the use of a device to access or modify a kernel image:
-.IP \(bu 3
+.IP \[bu] 3
 The use of module parameters that directly specify hardware parameters to
 drivers through the kernel command line or when loading a module.
-.IP \(bu
+.IP \[bu]
 The use of direct PCI BAR access.
-.IP \(bu
+.IP \[bu]
 The use of the ioperm and iopl instructions on x86.
-.IP \(bu
+.IP \[bu]
 The use of the KD*IO console ioctls.
-.IP \(bu
+.IP \[bu]
 The use of the TIOCSSERIAL serial ioctl.
-.IP \(bu
+.IP \[bu]
 The alteration of MSR registers on x86.
-.IP \(bu
+.IP \[bu]
 The replacement of the PCMCIA CIS.
-.IP \(bu
+.IP \[bu]
 The overriding of ACPI tables.
-.IP \(bu
+.IP \[bu]
 The use of ACPI error injection.
-.IP \(bu
+.IP \[bu]
 The specification of the ACPI RDSP address.
-.IP \(bu
+.IP \[bu]
 The use of ACPI custom methods.
 .PP
 Certain facilities are restricted:
-.IP \(bu 3
+.IP \[bu] 3
 Only validly signed modules may be loaded (waived if the module file being
 loaded is vouched for by IMA appraisal).
-.IP \(bu
+.IP \[bu]
 Only validly signed binaries may be kexec'd (waived if the binary image file
 to be executed is vouched for by IMA appraisal).
-.IP \(bu
+.IP \[bu]
 Unencrypted hibernation/suspend to swap are disallowed as the kernel image is
 saved to a medium that can then be accessed.
-.IP \(bu
+.IP \[bu]
 Use of debugfs is not permitted as this allows a whole range of actions
 including direct configuration of, access to and driving of hardware.
-.IP \(bu
+.IP \[bu]
 IMA requires the addition of the "secure_boot" rules to the policy,
 whether or not they are specified on the command line,
 for both the built-in and custom policies in secure boot lockdown mode.