lsetxattr returns EPERM if attempt to set a value to symlink

Question

I am testing simple program to add timestamp to xattr. lsetxattr system call returns error with EPERM. Is that expected behaviour? How can I set xattr to symlink, not follow the link?

#include <sys/types.h>
#include <attr/xattr.h>
#include <errno.h>
#include <time.h>
#include <stdio.h>

int main(int argc, char **argv){
    time_t t = time(NULL);
    if(lsetxattr(argv[1], "user.ts", &t, sizeof(time_t), 0) == -1){
        perror(argv[1]);
    }
    return(0);
}

example:

> ls -l a b c
-rw-r--r-- 1 saka users 0 Feb  1 09:08 a
-rw-r--r-- 1 saka users 0 Feb  1 09:08 b
lrwxrwxrwx 1 saka users 1 Feb  1 09:08 c -> b
> ./ts a
> ./ts c
c: Operation not permitted

I tested on 3.10.0-862.14.4.el7.x86_64 with xfs or ext3.

Answer 1

I guess it's this:

/*
 * In the user.* namespace, only regular files and directories can have
 * extended attributes. For sticky directories, only the owner and
 * privileged users can write attributes.
 */

And in fact, trying to set a trusted.foo attribute on a symlink with lsetxattr(2) as root works, while a user.foo fails with EPERM.