I have proposed a patch to relax restrictions on user extended xattrs and allow file owner (or CAP_FOWNER) to get/set user extended xattrs on symlink and device files. Signed-off-by: Vivek Goyal <vgoyal@xxxxxxxxxx> --- man7/xattr.7 | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) Index: man-pages/man7/xattr.7 =================================================================== --- man-pages.orig/man7/xattr.7 2021-09-01 13:46:16.165016463 -0400 +++ man-pages/man7/xattr.7 2021-09-01 16:31:51.038016463 -0400 @@ -129,8 +129,13 @@ a way not controllable by disk quotas fo special files and directories. .PP For this reason, -user extended attributes are allowed only for regular files and directories, -and access to user extended attributes is restricted to the +user extended attributes are allowed only for regular files and directories +till kernel 5.14. In newer kernel (5.15 onwards), restrictions have been +relaxed a bit and user extended attributes are also allowed on symlinks +and special files as long as caller is either owner of the file or is +privileged (CAP_FOWNER). + +Access to user extended attributes is restricted to the owner and to users with appropriate capabilities for directories with the sticky bit set (see the .BR chmod (1)
