Comment # 8 on bug 1089349 from Neil Brown

It is safe for overlayfs to ignore the system.nfs4_acl attribute (which is not
empty btw).  It is informational only.
I would be a bit more comfortable with the patch if it was conditional on the
attribute name starting "system.", and/or if it was upstream. 
There should be no security risk that - falling back on the mode bits for
access checks should always be more restrictive (I hope).