mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-30 22:26:55 +00:00
selinux: Update SELinux SCTP documentation
Update SELinux-sctp.rst "SCTP Peer Labeling" section to reflect how the association permission is validated. Reported-by: Dominick Grift <dac.override@gmail.com> Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
68741a8ada
commit
d3cc2cd7c8
1 changed files with 6 additions and 5 deletions
|
@ -116,11 +116,12 @@ statement as shown in the following example::
|
||||||
SCTP Peer Labeling
|
SCTP Peer Labeling
|
||||||
===================
|
===================
|
||||||
An SCTP socket will only have one peer label assigned to it. This will be
|
An SCTP socket will only have one peer label assigned to it. This will be
|
||||||
assigned during the establishment of the first association. Once the peer
|
assigned during the establishment of the first association. Any further
|
||||||
label has been assigned, any new associations will have the ``association``
|
associations on this socket will have their packet peer label compared to
|
||||||
permission validated by checking the socket peer sid against the received
|
the sockets peer label, and only if they are different will the
|
||||||
packets peer sid to determine whether the association should be allowed or
|
``association`` permission be validated. This is validated by checking the
|
||||||
denied.
|
socket peer sid against the received packets peer sid to determine whether
|
||||||
|
the association should be allowed or denied.
|
||||||
|
|
||||||
NOTES:
|
NOTES:
|
||||||
1) If peer labeling is not enabled, then the peer context will always be
|
1) If peer labeling is not enabled, then the peer context will always be
|
||||||
|
|
Loading…
Reference in a new issue