From b7c1659fa9fc3b1a9998d16a63b47d80900d9fdd Mon Sep 17 00:00:00 2001
From: Illyoung Choi <iychoi@email.arizona.edu>
Date: Fri, 15 Dec 2023 13:28:36 -0700
Subject: [PATCH] Ignore security.capability xattr

---
 irodsfs/dir.go   | 2 +-
 irodsfs/xattr.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/irodsfs/dir.go b/irodsfs/dir.go
index 7720e18..3961b06 100644
--- a/irodsfs/dir.go
+++ b/irodsfs/dir.go
@@ -311,7 +311,7 @@ func (dir *Dir) Setxattr(ctx context.Context, attr string, data []byte, flags ui
 	defer logger.Infof("Called Setxattr (%d) - %q", operID, dir.path)
 
 	if IsUnhandledAttr(attr) {
-		return syscall.EINVAL
+		return syscall.EACCES
 	}
 
 	dir.mutex.RLock()
diff --git a/irodsfs/xattr.go b/irodsfs/xattr.go
index ab35c9e..ac1477d 100644
--- a/irodsfs/xattr.go
+++ b/irodsfs/xattr.go
@@ -17,7 +17,7 @@ func IsUnhandledAttr(attr string) bool {
 	// we suppress attr "system.posix_acl_access" as it may cause wrong permission check
 	case "system.posix_acl_access", "system.posix_acl_default", "system.dos_attrib":
 		return true
-	case "security.selinux", "security.apparmor":
+	case "security.selinux", "security.apparmor", "security.capability":
 		return true
 	case "user.xdg.origin.url", "user.xdg.referrer.url":
 		return true