[selinux-policy: 2442/3172] Improve documentation of corecmd_exec_bin() and corecmd_exec_shell().

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:36:50 UTC 2010 

commit 3a744d127566c14f309ae882c3de3925be0fb914
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri Feb 26 08:58:32 2010 -0500

    Improve documentation of corecmd_exec_bin() and corecmd_exec_shell().

 policy/modules/kernel/corecommands.if |   40 ++++++++++++++++++++++++++++++++-
 1 files changed, 39 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
index a6e68d7..54972ac 100644
--- a/policy/modules/kernel/corecommands.if
+++ b/policy/modules/kernel/corecommands.if
@@ -293,6 +293,26 @@ interface(`corecmd_read_bin_sockets',`
 ##	Execute generic programs in bin directories,
 ##	in the caller domain.
 ## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to execute generic programs
+##	in system bin directories (/bin, /sbin, /usr/bin,
+##	/usr/sbin) a without domain transition.
+##	</p>
+##	<p>
+##	Typically, this interface should be used when the domain
+##	executes general system progams within the privileges
+##	of the source domain.  Some examples of these programs
+##	are ls, cp, sed, python, and tar. This does not include
+##	shells, such as bash.
+##	</p>
+##	<p>
+##	Related interface:
+##	</p>
+##	<ul>
+##		<li>corecmd_exec_shell()</li>
+##	</ul>
+## </desc>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
@@ -770,8 +790,26 @@ interface(`corecmd_check_exec_shell',`
 
 ########################################
 ## <summary>
-##	Execute a shell in the caller domain.
+##	Execute shells in the caller domain.
 ## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to execute shells without
+##	a domain transition.
+##	</p>
+##	<p>
+##	Typically, this interface should be used when the domain
+##	executes shells within the privileges
+##	of the source domain.  Some examples of these programs
+##	are bash, tcsh, and zsh.
+##	</p>
+##	<p>
+##	Related interface:
+##	</p>
+##	<ul>
+##		<li>corecmd_exec_bin()</li>
+##	</ul>
+## </desc>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.

More information about the scm-commits mailing list