+/*
+ * Apply UNIX-specific metadata to a file if available. This includes standard
+ * UNIX permissions (uid, gid, and mode) and possibly extended attributes too.
+ *
+ * Note that some xattrs which grant privileges, e.g. security.capability, are
+ * cleared by Linux on chown(), even when running as root. Also, when running
+ * as non-root, if we need to chmod() the file to readonly, we can't do that
+ * before setting xattrs because setxattr() requires write permission. These
+ * restrictions result in the following ordering which we follow: chown(),
+ * setxattr(), then chmod().
+ *
+ * N.B. the file may be specified by either 'fd' (for regular files) or 'path',
+ * and it may be a symlink. For symlinks we need lchown() and lsetxattr() but
+ * need to skip the chmod(), since mode bits are not meaningful for symlinks.
+ */