Comment 18 for bug 1390223

Ah those "upstream" kernels weren't pure... Just tested manually compiled kernel master branch and tag 4.2, no issues. Copied over a packaged one: problem reappears.
It's not a container problem though. Running this on a host has the same effect:
# aa-exec -p $pick_your_favorite_profile -- socat UNIX:/var/spool/postfix/public/showq -
also gets an EPERM.
Also not 32/64 bit dependent, however we do have some containers where it always works, and some where it always fails, and that was their only obvious distinction, which now seems unrelated.