mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-30 22:26:55 +00:00
Code Issues Releases Wiki Activity

selinux: Update SELinux SCTP documentation

Browse source 
Update SELinux-sctp.rst "SCTP Peer Labeling" section to reflect
how the association permission is validated.

Reported-by: Dominick Grift <dac.override@gmail.com>
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Richard Haines 2018-03-19 17:33:36 +00:00 committed by Paul Moore
parent 68741a8ada
commit d3cc2cd7c8
1 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
Documentation/security/SELinux-sctp.rst
View file

@ -116,11 +116,12 @@ statement as shown in the following example::
SCTP Peer Labeling SCTP Peer Labeling
=================== ===================
An SCTP socket will only have one peer label assigned to it. This will be An SCTP socket will only have one peer label assigned to it. This will be
assigned during the establishment of the first association. Once the peer assigned during the establishment of the first association. Any further
label has been assigned, any new associations will have the ``association`` associations on this socket will have their packet peer label compared to
permission validated by checking the socket peer sid against the received the sockets peer label, and only if they are different will the
packets peer sid to determine whether the association should be allowed or ``association`` permission be validated. This is validated by checking the
denied. socket peer sid against the received packets peer sid to determine whether
the association should be allowed or denied.
NOTES: NOTES:
1) If peer labeling is not enabled, then the peer context will always be 1) If peer labeling is not enabled, then the peer context will always be