From 3a744d127566c14f309ae882c3de3925be0fb914 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Feb 26 2010 13:58:32 +0000
Subject: Improve documentation of corecmd_exec_bin() and corecmd_exec_shell().


---

diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
index a6e68d7..54972ac 100644
--- a/policy/modules/kernel/corecommands.if
+++ b/policy/modules/kernel/corecommands.if
@@ -293,6 +293,26 @@ interface(`corecmd_read_bin_sockets',`
 ##	Execute generic programs in bin directories,
 ##	in the caller domain.
 ## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to execute generic programs
+##	in system bin directories (/bin, /sbin, /usr/bin,
+##	/usr/sbin) a without domain transition.
+##	</p>
+##	<p>
+##	Typically, this interface should be used when the domain
+##	executes general system progams within the privileges
+##	of the source domain.  Some examples of these programs
+##	are ls, cp, sed, python, and tar. This does not include
+##	shells, such as bash.
+##	</p>
+##	<p>
+##	Related interface:
+##	</p>
+##	<ul>
+##		<li>corecmd_exec_shell()</li>
+##	</ul>
+## </desc>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
@@ -770,8 +790,26 @@ interface(`corecmd_check_exec_shell',`
 
 ########################################
 ## <summary>
-##	Execute a shell in the caller domain.
+##	Execute shells in the caller domain.
 ## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to execute shells without
+##	a domain transition.
+##	</p>
+##	<p>
+##	Typically, this interface should be used when the domain
+##	executes shells within the privileges
+##	of the source domain.  Some examples of these programs
+##	are bash, tcsh, and zsh.
+##	</p>
+##	<p>
+##	Related interface:
+##	</p>
+##	<ul>
+##		<li>corecmd_exec_bin()</li>
+##	</ul>
+## </desc>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.