I want to create an access rule in Linux so that only files with a certain eXtended attribute can be moved, copied or created in a certain directory regardless of my priviledges in that directory.
The xattr should be created in system or security Namespace, so that I cannot change it as a user.
To my understanding, almost all ACL systems are focused around "subject to object" access control (i.e user/process to file/directory), but what I want is "object to object" (i.e file to directory) access control.
Perhaps SELinux? Is this even possible?
Cheers, Kalle