Hi, getpeercon() isn't implemented for VSOCK. Note, I am not very familiar with SELinux, but I was porting some applications that uses AF_UNIX to AF_VSOCK and reached that point. I found some previous discussions about VSOCK & LSM from 2013, but the reasons it was abandoned don't seem so clear or valid to me: https://lore.kernel.org/selinux/1803195.0cVPJuGAEx@sifl/ To me, SELinux could always associate a VSOCK with a process context, at the very least, and thus enforce some communication policies. No? thanks -- Marc-André Lureau
