[selinux-policy: 2442/3172] Improve documentation of corecmd_exec_bin() and corecmd_exec_shell().
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:36:50 UTC 2010
commit 3a744d127566c14f309ae882c3de3925be0fb914
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri Feb 26 08:58:32 2010 -0500
Improve documentation of corecmd_exec_bin() and corecmd_exec_shell().
policy/modules/kernel/corecommands.if | 40 ++++++++++++++++++++++++++++++++-
1 files changed, 39 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
index a6e68d7..54972ac 100644
--- a/policy/modules/kernel/corecommands.if
+++ b/policy/modules/kernel/corecommands.if
@@ -293,6 +293,26 @@ interface(`corecmd_read_bin_sockets',`
## Execute generic programs in bin directories,
## in the caller domain.
## </summary>
+## <desc>
+## <p>
+## Allow the specified domain to execute generic programs
+## in system bin directories (/bin, /sbin, /usr/bin,
+## /usr/sbin) a without domain transition.
+## </p>
+## <p>
+## Typically, this interface should be used when the domain
+## executes general system progams within the privileges
+## of the source domain. Some examples of these programs
+## are ls, cp, sed, python, and tar. This does not include
+## shells, such as bash.
+## </p>
+## <p>
+## Related interface:
+## </p>
+## <ul>
+## <li>corecmd_exec_shell()</li>
+## </ul>
+## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
@@ -770,8 +790,26 @@ interface(`corecmd_check_exec_shell',`
########################################
## <summary>
-## Execute a shell in the caller domain.
+## Execute shells in the caller domain.
## </summary>
+## <desc>
+## <p>
+## Allow the specified domain to execute shells without
+## a domain transition.
+## </p>
+## <p>
+## Typically, this interface should be used when the domain
+## executes shells within the privileges
+## of the source domain. Some examples of these programs
+## are bash, tcsh, and zsh.
+## </p>
+## <p>
+## Related interface:
+## </p>
+## <ul>
+## <li>corecmd_exec_bin()</li>
+## </ul>
+## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
More information about the scm-commits
mailing list