> > Which begs the question: why is ecryptfs doing that with the xattr
A more serious problem, is that permissions are not always checked at
the VFS level, but often at some place in the filesystem (as well)
like the NFS server for example. Which means, that the current design
will fail miserably in those cases.
You don't have to care, of course, but I would rather have chosen a
design, where the stack doesn't have to care about implementation
details like that in the underlying filesystem.