Linux kernel 5 different behavior

[Vasili Pupkin]

In the newest kernel version, Wireguard encrypted packets are sent
from the same user credentials as the user that created original
packets. I have a firewall setup that limits programs run from a
particular user to wireguard tun interface, it worked in kernel 4.18
and is broken in kernel 5.0. In the new kernel encrypted packets are
also marked as owned by this user and routed to the tun interface
generating a recursion.