diff --git a/net_util/src/lib.rs b/net_util/src/lib.rs
index 476c6575c..4607ce989 100644
--- a/net_util/src/lib.rs
+++ b/net_util/src/lib.rs
@@ -77,7 +77,7 @@ fn create_sockaddr(ip_addr: net::Ipv4Addr) -> net_gen::sockaddr {
     unsafe { mem::transmute(addr_in) }
 }
 
-fn create_socket() -> Result<net::UdpSocket> {
+fn create_inet_socket() -> Result<net::UdpSocket> {
     // This is safe since we check the return value.
     let sock = unsafe { libc::socket(libc::AF_INET, libc::SOCK_DGRAM, 0) };
     if sock < 0 {
@@ -88,6 +88,17 @@ fn create_socket() -> Result<net::UdpSocket> {
     Ok(unsafe { net::UdpSocket::from_raw_fd(sock) })
 }
 
+fn create_unix_socket() -> Result<net::UdpSocket> {
+    // This is safe since we check the return value.
+    let sock = unsafe { libc::socket(libc::AF_UNIX, libc::SOCK_DGRAM, 0) };
+    if sock < 0 {
+        return Err(Error::CreateSocket(IoError::last_os_error()));
+    }
+
+    // This is safe; nothing else will use or hold onto the raw sock fd.
+    Ok(unsafe { net::UdpSocket::from_raw_fd(sock) })
+}
+
 fn vnet_hdr_len() -> usize {
     std::mem::size_of::<virtio_net_hdr_v1>()
 }
diff --git a/net_util/src/tap.rs b/net_util/src/tap.rs
index a4bde2c6b..7c7a16832 100644
--- a/net_util/src/tap.rs
+++ b/net_util/src/tap.rs
@@ -5,7 +5,10 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the THIRD-PARTY file.
 
-use super::{create_sockaddr, create_socket, vnet_hdr_len, Error as NetUtilError, MacAddr};
+use super::{
+    create_inet_socket, create_sockaddr, create_unix_socket, vnet_hdr_len, Error as NetUtilError,
+    MacAddr,
+};
 use crate::mac::MAC_ADDR_LEN;
 use std::fs::File;
 use std::io::{Error as IoError, Read, Result as IoResult, Write};
@@ -196,7 +199,7 @@ impl Tap {
 
     /// Set the host-side IP address for the tap interface.
     pub fn set_ip_addr(&self, ip_addr: net::Ipv4Addr) -> Result<()> {
-        let sock = create_socket().map_err(Error::NetUtil)?;
+        let sock = create_inet_socket().map_err(Error::NetUtil)?;
         let addr = create_sockaddr(ip_addr);
 
         let mut ifreq = self.get_ifreq();
@@ -224,7 +227,7 @@ impl Tap {
             return Ok(());
         }
 
-        let sock = create_socket().map_err(Error::NetUtil)?;
+        let sock = create_unix_socket().map_err(Error::NetUtil)?;
 
         let mut ifreq = self.get_ifreq();
 
@@ -254,7 +257,7 @@ impl Tap {
 
     /// Get mac addr for tap interface.
     pub fn get_mac_addr(&self) -> Result<MacAddr> {
-        let sock = create_socket().map_err(Error::NetUtil)?;
+        let sock = create_unix_socket().map_err(Error::NetUtil)?;
 
         let ifreq = self.get_ifreq();
 
@@ -275,7 +278,7 @@ impl Tap {
 
     /// Set the netmask for the subnet that the tap interface will exist on.
     pub fn set_netmask(&self, netmask: net::Ipv4Addr) -> Result<()> {
-        let sock = create_socket().map_err(Error::NetUtil)?;
+        let sock = create_inet_socket().map_err(Error::NetUtil)?;
         let addr = create_sockaddr(netmask);
 
         let mut ifreq = self.get_ifreq();
@@ -306,7 +309,7 @@ impl Tap {
 
     /// Enable the tap interface.
     pub fn enable(&self) -> Result<()> {
-        let sock = create_socket().map_err(Error::NetUtil)?;
+        let sock = create_unix_socket().map_err(Error::NetUtil)?;
 
         let mut ifreq = self.get_ifreq();