Commit d3cc2cd7 authored by Richard Haines's avatar Richard Haines Committed by Paul Moore

selinux: Update SELinux SCTP documentation

Update SELinux-sctp.rst "SCTP Peer Labeling" section to reflect
how the association permission is validated.
Reported-by: default avatarDominick Grift <dac.override@gmail.com>
Signed-off-by: default avatarRichard Haines <richard_c_haines@btinternet.com>
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent 68741a8a
...@@ -116,11 +116,12 @@ statement as shown in the following example:: ...@@ -116,11 +116,12 @@ statement as shown in the following example::
SCTP Peer Labeling SCTP Peer Labeling
=================== ===================
An SCTP socket will only have one peer label assigned to it. This will be An SCTP socket will only have one peer label assigned to it. This will be
assigned during the establishment of the first association. Once the peer assigned during the establishment of the first association. Any further
label has been assigned, any new associations will have the ``association`` associations on this socket will have their packet peer label compared to
permission validated by checking the socket peer sid against the received the sockets peer label, and only if they are different will the
packets peer sid to determine whether the association should be allowed or ``association`` permission be validated. This is validated by checking the
denied. socket peer sid against the received packets peer sid to determine whether
the association should be allowed or denied.
NOTES: NOTES:
1) If peer labeling is not enabled, then the peer context will always be 1) If peer labeling is not enabled, then the peer context will always be
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment