[selinux-policy: 2534/3172] Add additional documentation to kernel_request_load_module().
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:45:15 UTC 2010
commit e8871c20925f2d4ad01878e159c8013fadb90d98
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Mar 16 15:08:00 2010 -0400
Add additional documentation to kernel_request_load_module().
policy/modules/kernel/kernel.if | 14 +++++++++++++-
1 files changed, 13 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index f1fae05..aad46d8 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -487,12 +487,24 @@ interface(`kernel_clear_ring_buffer',`
## <summary>
## Allows caller to request the kernel to load a module
## </summary>
+## <desc>
+## <p>
+## Allow the specified domain to request that the kernel
+## load a kernel module. An example of this is the
+## auto-loading of network drivers when doing an
+## ioctl() on a network interface.
+## </p>
+## <p>
+## In the specific case of a module loading request
+## on a network interface, the domain will also
+## need the net_admin capability.
+## </p>
+## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
-## <rolecap/>
#
interface(`kernel_request_load_module',`
gen_require(`
More information about the scm-commits
mailing list