[#3848] Change risk to policy

modified: doc/sphinx/arm/agent.rst modified: doc/sphinx/arm/ddns.rst modified: doc/sphinx/arm/dhcp4-srv.rst modified: doc/sphinx/arm/dhcp6-srv.rst modified: doc/sphinx/arm/security.rst
2025-08-22 18:08:16 +00:00 · 2025-06-18 09:52:02 -04:00 · 2025-06-18 09:52:02 -04:00 · 0a85700c28
commit 0a85700c28
parent d8eb27b3fa
5 changed files with 10 additions and 9 deletions
--- a/doc/sphinx/arm/agent.rst
+++ b/doc/sphinx/arm/agent.rst
@ -288,7 +288,7 @@ Starting and Stopping the Control Agent
 -  ``-X`` - As of Kea 3.0, disables security restrictions. The server will
   still check for violations but will emit warning logs when they are found
   rather than fail with an error. Please see
-   :ref:`sec-kea-runtime-security-risk-checking` for details.
+   :ref:`sec-kea-runtime-security-policy-checking` for details.
 The CA is started by running its binary and specifying the configuration
 file it should use. For example:
--- a/doc/sphinx/arm/ddns.rst
+++ b/doc/sphinx/arm/ddns.rst
@ -166,7 +166,7 @@ directly. It accepts the following command-line switches:
 -  ``-X`` - As of Kea 3.0, disables security restrictions. The server will
   still check for violations but will emit warning logs when they are found
   rather than fail with an error. Please see
-   :ref:`sec-kea-runtime-security-risk-checking` for details.
+   :ref:`sec-kea-runtime-security-policy-checking` for details.
 Upon startup, the module loads its configuration and begins listening
 for NCRs based on that configuration.
--- a/doc/sphinx/arm/dhcp4-srv.rst
+++ b/doc/sphinx/arm/dhcp4-srv.rst
@ -81,7 +81,7 @@ the following command-line switches:
 -  ``-X`` - As of Kea 3.0, disables security restrictions. The server will
   still check for violations but will emit warning logs when they are found
   rather than fail with an error. Please see
-   :ref:`sec-kea-runtime-security-risk-checking` for details.
+   :ref:`sec-kea-runtime-security-policy-checking` for details.
 On startup, the server detects available network interfaces and
 attempts to open UDP sockets on all interfaces listed in the
--- a/doc/sphinx/arm/dhcp6-srv.rst
+++ b/doc/sphinx/arm/dhcp6-srv.rst
@ -81,7 +81,7 @@ the following command-line switches:
 -  ``-X`` - As of Kea 3.0, disables security restrictions. The server will
   still check for violations but will emit warning logs when they are found
   rather than fail with an error. Please see
-   :ref:`sec-kea-runtime-security-risk-checking` for details.
+   :ref:`sec-kea-runtime-security-policy-checking` for details.
 On startup, the server detects available network interfaces and
 attempts to open UDP sockets on all interfaces listed in the
--- a/doc/sphinx/arm/security.rst
+++ b/doc/sphinx/arm/security.rst
@ -556,15 +556,16 @@ and DDNS servers since Kea version 2.7.2.
 The three primary Kea daemons (:iscman:`kea-dhcp4`, :iscman:`kea-dhcp6` and :iscman:`kea-dhcp-ddns`) all support a control
 channel, which is implemented as a UNIX socket. The control channel, which opens a UNIX socket, is disabled by default.
-.. _sec-kea-runtime-security-risk-checking:
+.. _sec-kea-runtime-security-policy-checking:
-Kea Runtime Security Risk Checking
+Kea Runtime Security Policy Checking
-==================================
+====================================
-Runtime security risk checking was initially added to Kea daemons :iscman:`kea-dhcp4`,
+Runtime security policy checking was initially added to Kea daemons :iscman:`kea-dhcp4`,
 :iscman:`kea-dhcp6`, :iscman:`kea-dhcp-ddns`, :iscman:`kea-ctrl-agent`. in Kea 2.7.9
 release.  In Kea 3.0 additional checks were added. By default, when a daemon detects
-a security risk it emits an error log and exits. The following checks are performed:
+a security policy violation it emits an error log and exits. The following checks are
 performed:
 - Use of unsupported file paths or permissions as detailed in :ref:`sec-summary-of-path-restrictions`