On Sat, Jan 16, 2021 at 7:48 AM Marc-André Lureau <marcandre.lureau@xxxxxxxxx> wrote: > Hi, > > getpeercon() isn't implemented for VSOCK. Note, I am not very familiar > with SELinux, but I was porting some applications that uses AF_UNIX to > AF_VSOCK and reached that point. > > I found some previous discussions about VSOCK & LSM from 2013, but the > reasons it was abandoned don't seem so clear or valid to me: > https://lore.kernel.org/selinux/1803195.0cVPJuGAEx@sifl/ Hi, my apologies for the slow reply. The SELinux/LSM VSOCK support wasn't abandoned due to any significant roadblocks, it was simply a matter of time - I seemed to be the only one who was interested in working on it, and I couldn't find enough time to work on it ;) If you are interested in spending some time on adding proper LSM/SELinux VSOCK support my gut feeling is that it would still be a good thing. However, I would suggest spending some time investigating the current state of things, while you may get lucky, I believe it is safer to assume that anything from 2013 is horribly out of date. -- paul moore www.paul-moore.com
