From a7477f6ee2c31c551bcf02b6edfc995efa96ed05 Mon Sep 17 00:00:00 2001
From: Andrei Pavel <andrei@isc.org>
Date: Tue, 20 May 2025 13:03:17 +0300
Subject: [PATCH] [#3833] Add table in the security section

---
 doc/sphinx/arm/security.rst | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/doc/sphinx/arm/security.rst b/doc/sphinx/arm/security.rst
index ac5a019262..63b6ce86f4 100644
--- a/doc/sphinx/arm/security.rst
+++ b/doc/sphinx/arm/security.rst
@@ -403,6 +403,30 @@ stdout/stderr and files. Syslog may export the logs over the network, exposing t
     running, log an unrecoverable error. For ease of use simply omit the ``path``
     parameter.
 
+Summary of Path Restrictions
+----------------------------
+
+Path restrictions mentioned through this section can be summarized according to
+the following table:
+
++-------------------------------------+---------------------------------------+----------------------------------+
+| Restricted Element                  | Default Value                         | Environment Variable Override    |
++=====================================+=======================================+==================================+
+| Config Files (``config-write``)     | Same Directory as Initial Config File | N/A                              |
++-------------------------------------+---------------------------------------+----------------------------------+
+| Host Cache Files (``cache-write``)  | ``var/lib/kea``                       | ``KEA_DHCP_DATA_DIRECTORY``      |
++-------------------------------------+---------------------------------------+----------------------------------+
+| Lease Files                         | ``var/lib/kea``                       | ``KEA_DHCP_DATA_DIRECTORY``      |
++-------------------------------------+---------------------------------------+----------------------------------+
+| Log Files                           | ``var/log/kea``                       | ``KEA_LOG_FILE_DIR``             |
++-------------------------------------+---------------------------------------+----------------------------------+
+| Forensic Log Files                  | ``var/log/kea``                       | ``KEA_LEGAL_LOG_DIR``            |
++-------------------------------------+---------------------------------------+----------------------------------+
+| Unix Sockets                        | ``var/run/kea``                       | ``KEA_CONTROL_SOCKET_DIR``       |
++-------------------------------------+---------------------------------------+----------------------------------+
+
+
+
 Cryptography Components
 -----------------------