I have tried working with version 2.2.1-18-g5749e70 (go-fuse v2.1.1-0.20211219085202-934a183ed914; 2021-12-26 go1.13.8 linux/amd64) (built locally from development repository, commit5749e70), and discovered what I would describe as a regression.

Permission is denied for opening a socket file on the mounted file system.

The problem is not appearing with gocryptfs 1.7.1 (go-fuse 0.0~git20190214.58dcd77) (available through distribution).

Note that I have only tested withforce_owner andnonempty options in effect. Options are the same on both tests (expressed with-- syntax on later version). The user attempting to access the socket is the user receiving the forced ownership. This user has sufficient permissions for the file on both the mounted and ciphered sides.