From e8871c20925f2d4ad01878e159c8013fadb90d98 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Tue, 16 Mar 2010 15:08:00 -0400
Subject: [PATCH] Add additional documentation to kernel_request_load_module().

---
 policy/modules/kernel/kernel.if | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index f1fae05dd..aad46d834 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -487,12 +487,24 @@ interface(`kernel_clear_ring_buffer',`
 ## <summary>
 ##	Allows caller to request the kernel to load a module
 ## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to request that the kernel
+##	load a kernel module.  An example of this is the
+##	auto-loading of network drivers when doing an
+##	ioctl() on a network interface.
+##	</p>
+##	<p>
+##	In the specific case of a module loading request
+##	on a network interface, the domain will also
+##	need the net_admin capability.
+##	</p>
+## </desc>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
-## <rolecap/>
 #
 interface(`kernel_request_load_module',`
 	gen_require(`