After commit 272130 (https://lists.freebsd.org/pipermail/svn-src-head/2014-September/062990.html), mac_bsdextended allows renaming and moving, when it should not. Unfortunately, the change is rather old, so the same problem is in 10-STABLE already too. Quick test (change "user" to your favorite login in you system): # kldload mac_bsdextended # ugidfw add subject uid user object type l mode rs # su - user $ ln -s src dst $ rm -v dst rm: dst: Permission denied # correct $ mv -v dst dst2 dst -> dst2 # incorrect, it should be permission denied $ exit # You can look into sys/security/mac_bsdextended/ugidfw_vnode.c, functions ugidfw_vnode_check_rename_from() and ugidfw_vnode_check_unlink() - the codes are the same, but behavior is different. Before 272130, it really worked and mv was not possible, so probably change 272130 changed behavior, so that ugidfw_vnode_check_rename_from() is not called for rename operation anymore?
Over to committer of 272130.