diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index f1fae05..aad46d8 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -487,12 +487,24 @@ interface(`kernel_clear_ring_buffer',`
 ## <summary>
 ##	Allows caller to request the kernel to load a module
 ## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to request that the kernel
+##	load a kernel module.  An example of this is the
+##	auto-loading of network drivers when doing an
+##	ioctl() on a network interface.
+##	</p>
+##	<p>
+##	In the specific case of a module loading request
+##	on a network interface, the domain will also
+##	need the net_admin capability.
+##	</p>
+## </desc>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
-## <rolecap/>
 #
 interface(`kernel_request_load_module',`
 	gen_require(`