Yes, that's the essence of what i suggested: if various security concepts can be
present at once then inode->security should not be a stupid pointer to a single,
exclusive data structure (because that hardwires a "only a single security subsystem
active" assumption), but should be a pointer to a linked list of security structures
- as many as there are security subsystems interested in that inode.