x/sys/unix: GetsockoptPeerSec support

[tiran]

Go doesn't have an interface to get the peer security context of a Unix socket. This is basically the same issue as #3836 but for SO_PEERSEC. SO_PEERSEC retrieves the peer's SELinux or AppArmor label. The return value a NULL-terminated string with maximum 255 chars. SO_PEERSEC is a Linux-only option for getsockopt.

Python example:

>>> import socket
>>> a, b = socket.socketpair()
>>> a.getsockopt(socket.SOL_SOCKET, socket.SO_PEERSEC, 255)
'system_u:object_r:unlabeled_t:s0\x00'

Please answer these questions before submitting your issue. Thanks!

1. What version of Go are you using (go version)?
   go version go1.6.2 linux/amd64
2. What operating system and processor architecture are you using (go env)?
   Fedora 24 X86_64

[bradfitz]

Since the syscall package is frozen for feature additions, this is probably most appropriate for the golang.org/x/sys/unix repo, which we also help maintain.

[gopherbot]

Change https://golang.org/cl/83275 mentions this issue: unix: add GetsockoptString on Linux