Isso está documentado na página de manual xattr (7) :
Extended attribute namespaces
[…] Currently, the
security,system,trusted, anduserextended attribute classes are defined as described below. Additional classes may be added in the future.Extended security attributes
[…] Read and write access permissions to security attributes depend on the policy implemented for each security attribute by the security module. When no security module is loaded, all processes have read access to extended security attributes, and write access is limited to processes that have the CAP_SYS_ADMIN capability.
Extended system attributes
[…] Read and write access permissions to system attributes depend on the policy implemented for each system attribute implemented by filesystems in the kernel.
Trusted extended attributes
Trusted extended attributes are visible and accessible only to processes that have the CAP_SYS_ADMIN capability. Attributes in this class are used to implement mecha‐ nisms in user space (i.e., outside the kernel) which keep information in extended attributes to which ordinary processes should not have access.
Extended user attributes
[…] The access permissions for user attributes are defined by the file permission bits: read permission is required to retrieve the attribute value, and writer permis‐ sion is required to change it.