selinux: Update SELinux SCTP documentation

Update SELinux-sctp.rst "SCTP Peer Labeling" section to reflect how the association permission is validated. Reported-by: Dominick Grift <dac.override@gmail.com> Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Richard Haines <richard_c_haines@btinternet.com> 2018-03-19 13:33:36 -0400
committer: Paul Moore <paul@paul-moore.com> 2018-03-20 16:26:15 -0400
commit: d3cc2cd7c8d7adfb43075036878e319d5893280d (patch)
tree: d32051445aa3bb3692760e35a54d8d2e5be7ba74 /Documentation/security
parent: 68741a8adab900fafb407532e6bae0887f14fbe0 (diff)
1 files changed, 6 insertions, 5 deletions
diff --git a/Documentation/security/SELinux-sctp.rst b/Documentation/security/SELinux-sctp.rst
index 2f66bf30658a..a332cb1c5334 100644
--- a/Documentation/security/SELinux-sctp.rst
+++ b/Documentation/security/SELinux-sctp.rst
@@ -116,11 +116,12 @@ statement as shown in the following example::
 SCTP Peer Labeling
 ===================
 An SCTP socket will only have one peer label assigned to it. This will be
-assigned during the establishment of the first association. Once the peer
+assigned during the establishment of the first association. Any further
-label has been assigned, any new associations will have the ``association``
+associations on this socket will have their packet peer label compared to
-permission validated by checking the socket peer sid against the received
+the sockets peer label, and only if they are different will the
-packets peer sid to determine whether the association should be allowed or
+``association`` permission be validated. This is validated by checking the
-denied.
+socket peer sid against the received packets peer sid to determine whether
+the association should be allowed or denied.
 NOTES:
   1) If peer labeling is not enabled, then the peer context will always be
author	Richard Haines <richard_c_haines@btinternet.com>	2018-03-19 13:33:36 -0400
committer	Paul Moore <paul@paul-moore.com>	2018-03-20 16:26:15 -0400
commit	d3cc2cd7c8d7adfb43075036878e319d5893280d (patch)
tree	d32051445aa3bb3692760e35a54d8d2e5be7ba74 /Documentation/security
parent	68741a8adab900fafb407532e6bae0887f14fbe0 (diff)

diff --git a/Documentation/security/SELinux-sctp.rst b/Documentation/security/SELinux-sctp.rst index 2f66bf30658a..a332cb1c5334 100644 --- a/Documentation/security/SELinux-sctp.rst +++ b/Documentation/security/SELinux-sctp.rst
@@ -116,11 +116,12 @@ statement as shown in the following example::
116	SCTP Peer Labeling	116	SCTP Peer Labeling
117	===================	117	===================
118	An SCTP socket will only have one peer label assigned to it. This will be	118	An SCTP socket will only have one peer label assigned to it. This will be
119	assigned during the establishment of the first association. Once the peer	119	assigned during the establishment of the first association. Any further
120	label has been assigned, any new associations will have the ``association``	120	associations on this socket will have their packet peer label compared to
121	permission validated by checking the socket peer sid against the received	121	the sockets peer label, and only if they are different will the
122	packets peer sid to determine whether the association should be allowed or	122	``association`` permission be validated. This is validated by checking the
123	denied.	123	socket peer sid against the received packets peer sid to determine whether
		124	the association should be allowed or denied.
124		125
125	NOTES:	126	NOTES:
126	1) If peer labeling is not enabled, then the peer context will always be	127	1) If peer labeling is not enabled, then the peer context will always be