>From my superficial reading of the code the error seems to come from here: >https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/security/apparmor/lsm.c?h=v6.12.6#n1313
It appears that AppArmor SO_PEERSEC support for unix domain sockets bound to a filesystem path name is missing from the upstream kernel and is only enabled as a side effect of a patch distributed with AppArmor: https://gitlab.com/apparmor/apparmor/-/blob/692e6850ba90582105713a683bed753bad696aab/kernel-patches/v4.17/0002-apparmor-af_unix-mediation.patch Ubuntu kernels contain a rebased variant of the patch which is likely why SO_PEERSEC works on Ubuntu. The reason I stumbled on this issue is that we (ubports-team) are currently packaging lomiri-content-hub which implicitly relies on SO_PEERSEC through the DBus daemon to get the AppArmor profile of a process requesting to export a file. Without this it is not possible to confine Lomiri/Ubuntu Touch apps running on Debian. -- Guido Berhoerster
