selinux: Update SELinux SCTP documentation

Update SELinux-sctp.rst "SCTP Peer Labeling" section to reflect how the association permission is validated. Reported-by: Dominick Grift <[email protected]> Signed-off-by: Richard Haines <[email protected]> Signed-off-by: Paul Moore <[email protected]>
modi0012 · Mar 20, 2018 · d3cc2cd · d3cc2cd
1 parent 68741a8
commit d3cc2cd
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/Documentation/security/SELinux-sctp.rst b/Documentation/security/SELinux-sctp.rst
@@ -116,11 +116,12 @@ statement as shown in the following example::
 SCTP Peer Labeling
 ===================
 An SCTP socket will only have one peer label assigned to it. This will be
-assigned during the establishment of the first association. Once the peer
-label has been assigned, any new associations will have the ``association``
-permission validated by checking the socket peer sid against the received
-packets peer sid to determine whether the association should be allowed or
-denied.
+assigned during the establishment of the first association. Any further
+associations on this socket will have their packet peer label compared to
+the sockets peer label, and only if they are different will the
+``association`` permission be validated. This is validated by checking the
+socket peer sid against the received packets peer sid to determine whether
+the association should be allowed or denied.
 
 NOTES:
    1) If peer labeling is not enabled, then the peer context will always be