After discussing this with upstream it became clear that the documentation is incorrect and it is deliberate that only the "user.*" extended attributes are applied by default during extraction.
"This decision was done because only user.* attributes are 100% safe to
extract. The security.* (especially capabilities) can have some binary
format specific to the box creating the archive but incompatible with host
extracting the archive."
After discussing this with upstream it became clear that the documentation is incorrect and it is deliberate that only the "user.*" extended attributes are applied by default during extraction.
"This decision was done because only user.* attributes are 100% safe to
extract. The security.* (especially capabilities) can have some binary
format specific to the box creating the archive but incompatible with host
extracting the archive."
https:/ /lists. gnu.org/ archive/ html/bug- tar/2019- 06/msg00001. html
The man for tar should be updated to reflect that to avoid any confusion.