[#3848] Change risk to policy

modified:   doc/sphinx/arm/agent.rst
modified:   doc/sphinx/arm/ddns.rst
modified:   doc/sphinx/arm/dhcp4-srv.rst
modified:   doc/sphinx/arm/dhcp6-srv.rst
modified:   doc/sphinx/arm/security.rst

doc/sphinx/arm/agent.rst

@@ -288,7 +288,7 @@ Starting and Stopping the Control Agent
 -  ``-X`` - As of Kea 3.0, disables security restrictions. The server will
    still check for violations but will emit warning logs when they are found
    rather than fail with an error. Please see
-   :ref:`sec-kea-runtime-security-risk-checking` for details.
+   :ref:`sec-kea-runtime-security-policy-checking` for details.
 
 The CA is started by running its binary and specifying the configuration
 file it should use. For example:

doc/sphinx/arm/ddns.rst

@@ -166,7 +166,7 @@ directly. It accepts the following command-line switches:
 -  ``-X`` - As of Kea 3.0, disables security restrictions. The server will
    still check for violations but will emit warning logs when they are found
    rather than fail with an error. Please see
-   :ref:`sec-kea-runtime-security-risk-checking` for details.
+   :ref:`sec-kea-runtime-security-policy-checking` for details.
 
 Upon startup, the module loads its configuration and begins listening
 for NCRs based on that configuration.

doc/sphinx/arm/dhcp4-srv.rst

@@ -81,7 +81,7 @@ the following command-line switches:
 -  ``-X`` - As of Kea 3.0, disables security restrictions. The server will
    still check for violations but will emit warning logs when they are found
    rather than fail with an error. Please see
-   :ref:`sec-kea-runtime-security-risk-checking` for details.
+   :ref:`sec-kea-runtime-security-policy-checking` for details.
 
 On startup, the server detects available network interfaces and
 attempts to open UDP sockets on all interfaces listed in the

doc/sphinx/arm/dhcp6-srv.rst

@@ -81,7 +81,7 @@ the following command-line switches:
 -  ``-X`` - As of Kea 3.0, disables security restrictions. The server will
    still check for violations but will emit warning logs when they are found
    rather than fail with an error. Please see
-   :ref:`sec-kea-runtime-security-risk-checking` for details.
+   :ref:`sec-kea-runtime-security-policy-checking` for details.
 
 On startup, the server detects available network interfaces and
 attempts to open UDP sockets on all interfaces listed in the

doc/sphinx/arm/security.rst

@@ -556,15 +556,16 @@ and DDNS servers since Kea version 2.7.2.
 The three primary Kea daemons (:iscman:`kea-dhcp4`, :iscman:`kea-dhcp6` and :iscman:`kea-dhcp-ddns`) all support a control
 channel, which is implemented as a UNIX socket. The control channel, which opens a UNIX socket, is disabled by default.
 
-.. _sec-kea-runtime-security-risk-checking:
+.. _sec-kea-runtime-security-policy-checking:
 
-Kea Runtime Security Risk Checking
-==================================
+Kea Runtime Security Policy Checking
+====================================
 
-Runtime security risk checking was initially added to Kea daemons :iscman:`kea-dhcp4`,
+Runtime security policy checking was initially added to Kea daemons :iscman:`kea-dhcp4`,
 :iscman:`kea-dhcp6`, :iscman:`kea-dhcp-ddns`, :iscman:`kea-ctrl-agent`. in Kea 2.7.9
 release.  In Kea 3.0 additional checks were added. By default, when a daemon detects
-a security risk it emits an error log and exits. The following checks are performed:
+a security policy violation it emits an error log and exits. The following checks are
+performed:
 
 - Use of unsupported file paths or permissions as detailed in :ref:`sec-summary-of-path-restrictions`