Improve the documentation of ubac_constrained().

2010-03-02 11:28:44 -05:00 · 2010-03-02 11:28:44 -05:00 · 888d9e4652
commit 888d9e4652
parent 4e12649d4e
1 changed files with 14 additions and 1 deletions
--- a/policy/modules/kernel/ubac.if
+++ b/policy/modules/kernel/ubac.if
@ -5,13 +5,26 @@

 ########################################
 ## <summary>
-##	Constrain by user-based access control.
+##	Constrain by user-based access control (UBAC).
 ## </summary>
+## <desc>
+##	<p>
+##	Constrain the specified type by user-based
+##	access control (UBAC).  Typically, these are
+##	user processes or user files that need to be
+##	differentiated by SELinux user.  Normally this
+##	does not include administrative or privileged
+##	programs. For the UBAC rules to be enforced,
+##	both the subject (source) type and the object
+##	(target) types must be UBAC constrained.
+##	</p>
+## </desc>
 ## <param name="type">
 ##	<summary>
 ##	Type to be constrained by UBAC.
 ##	</summary>
 ## </param>
+## <infoflow type="none"/>
 #
 interface(`ubac_constrained',`
 	gen_require(`