Comment # 11 on bug 1089349 from Goldwyn Rodrigues

(In reply to Fabian Vogt from comment #10)
> Any news here? Patch got submitted, but AFAICT didn't land.

I followed up. However, Miklos says it would be better if we can suppress
system.nfs4_acl if it is equal to inode->i_mode. However, nfs4_acl seems to be
opaque to the client and is interpreted by knfsd only.

>From what I read now, ignoring "system." does pose a security risk. A file
which is allowed read for a user from a system.posix_acl_access or
system.nfs4_acl will become unreadable after a copy_up operation and vice
versa.

Let me look further how we can hide system.nfs4_acl