From 1fb230f11f3dcb58ebc292008c99e05e8026e1d6 Mon Sep 17 00:00:00 2001
From: John Johansen <john@jjmx.net>
Date: Tue, 30 Jan 2024 09:33:48 +0000
Subject: [PATCH] Merge manpages: Add ENOPROTOOPT error in aa_getcon() manpage

The call aa_getpeercon() can return ENOPROTOOPT error in some cases, specifically when the kernel lacks 'fine grained unix mediation'. Currently, this capability isn't available in upstream kernels, but only in patched ones (for example, the regular Ubuntu kernels). Unfortunately, the manpage lacks this info. This patch fixes this.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/366
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1143
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
(cherry picked from commit b03abbd75fb6d9e309bfb43ab87b77c39d32efdf)
Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 libraries/libapparmor/doc/aa_getcon.pod | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/libraries/libapparmor/doc/aa_getcon.pod b/libraries/libapparmor/doc/aa_getcon.pod
index 008f199e5..07a4abd16 100644
--- a/libraries/libapparmor/doc/aa_getcon.pod
+++ b/libraries/libapparmor/doc/aa_getcon.pod
@@ -116,6 +116,14 @@ The specified I<file/task> does not exist or is not visible.
 
 The confinement data is too large to fit in the supplied buffer.
 
+=item B<ENOPROTOOPT>
+
+The kernel doesn't support the SO_PEERLABEL option in sockets. This happens
+mainly when the kernel lacks 'fine grained unix mediation' support. It also
+can happen on LSM stacking kernels where another LSM has claimed this
+interface and decides to return this error, although this is really a
+corner case.
+
 =back
 
 =head1 NOTES