(In reply to Goldwyn Rodrigues from comment #6) > (In reply to Fabian Vogt from comment #5) > > (In reply to Goldwyn Rodrigues from comment #4) > > > On second thoughts, this is a security risk. > > > > The handling for security_inode_copy_up_xattr is the same. > > Not quite. The security_inode_copy_up_xattr copies the labels which are used > by selinux to impose security restrictions. It just skips selinux (the only > user) specific xattr. I'd say that the general idea is the same. [...] > > I don't think there's a better way to handle this, but I'd like to be proven > > otherwise. > > There is already a discussion on this. > https://www.spinics.net/lists/linux-nfs/msg61045.html Indeed - I wonder why I did not find that. > Workaround is to use the exported FS without ACL. I don't think that is possible, neither on the server nor on the client side.