Index: sys/kern/vfs_syscalls.c
===================================================================
--- sys/kern/vfs_syscalls.c	(revision 213377)
+++ sys/kern/vfs_syscalls.c	(working copy)
@@ -2712,6 +2712,8 @@
 	int vfslocked;
 
 	AUDIT_ARG_FFLAGS(uap->flags);
+	if ((uap->flags & (SF_SETTABLE | UF_SETTABLE)) != uap->flags)
+		return (EOPNOTSUPP);
 	NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, UIO_USERSPACE,
 	    uap->path, td);
 	if ((error = namei(&nd)) != 0)
Index: sys/sys/stat.h
===================================================================
--- sys/sys/stat.h	(revision 213377)
+++ sys/sys/stat.h	(working copy)
@@ -261,22 +261,28 @@
  *
  * Super-user and owner changeable flags.
  */
-#define	UF_SETTABLE	0x0000ffff	/* mask of owner changeable flags */
 #define	UF_NODUMP	0x00000001	/* do not dump file */
 #define	UF_IMMUTABLE	0x00000002	/* file may not be changed */
 #define	UF_APPEND	0x00000004	/* writes to file may only append */
 #define UF_OPAQUE	0x00000008	/* directory is opaque wrt. union */
 #define UF_NOUNLINK	0x00000010	/* file may not be removed or renamed */
+
+					/* mask of superuser changeable flags */
+#define	UF_SETTABLE	(UF_NODUMP | UF_IMMUTABLE | UF_APPEND | UF_OPAQUE | \
+			 UF_NOUNLINK)
 /*
  * Super-user changeable flags.
  */
-#define	SF_SETTABLE	0xffff0000	/* mask of superuser changeable flags */
 #define	SF_ARCHIVED	0x00010000	/* file is archived */
 #define	SF_IMMUTABLE	0x00020000	/* file may not be changed */
 #define	SF_APPEND	0x00040000	/* writes to file may only append */
 #define	SF_NOUNLINK	0x00100000	/* file may not be removed or renamed */
 #define	SF_SNAPSHOT	0x00200000	/* snapshot inode */
 
+					/* mask of superuser changeable flags */
+#define	SF_SETTABLE	(SF_ARCHIVED | SF_IMMUTABLE | SF_APPEND | \
+			 SF_NOUNLINK | SF_SNAPSHOT)
+
 #ifdef _KERNEL
 /*
  * Shorthand abbreviations of above.