The kernel seems to reject setxattr for users/groups that are not
accesible in the user namespace. Inside of rootbld that includes root.

--- a/tests/test_acls.py
+++ b/tests/test_acls.py
@@ -33,6 +33,7 @@ import pytest  # type: ignore
 import contextlib
 import pathlib
 import io
+import getpass
 
 import posix1e
 from posix1e import *
@@ -390,7 +391,7 @@ class TestAclExtensions:
         # from any source.
         basic_acl = posix1e.ACL(text=BASIC_ACL_TEXT)
         basic_acl.applyto(subject)
-        enhanced_acl = posix1e.ACL(text="u::rw,g::-,o::-,u:root:rw,mask::r")
+        enhanced_acl = posix1e.ACL(text="u::rw,g::-,o::-,u:%s:rw,mask::r" % getpass.getuser())
         assert enhanced_acl.valid()
         enhanced_acl.applyto(subject)
 
@@ -418,7 +419,7 @@ class TestAclExtensions:
         basic_acl = posix1e.ACL(text=BASIC_ACL_TEXT)
         basic_acl.applyto(subject)
         assert not has_extended(subject)
-        enhanced_acl = posix1e.ACL(text="u::rw,g::-,o::-,u:root:rw,mask::r")
+        enhanced_acl = posix1e.ACL(text="u::rw,g::-,o::-,u:%s:rw,mask::r" % getpass.getuser())
         assert enhanced_acl.valid()
         enhanced_acl.applyto(subject)
         assert has_extended(subject)
@@ -433,7 +434,7 @@ class TestAclExtensions:
             basic_acl.applyto(a)
             for item in a, b:
                 assert not has_extended(item)
-            enhanced_acl = posix1e.ACL(text="u::rw,g::-,o::-,u:root:rw,mask::r")
+            enhanced_acl = posix1e.ACL(text="u::rw,g::-,o::-,u:%s:rw,mask::r" % getpass.getuser())
             assert enhanced_acl.valid()
             enhanced_acl.applyto(b)
             for item in a, b: