If anyone is going to work on this let me make a concrete suggestion.
Let's aim at not stacked lsm's but chained lsm's, and put the chaining
logic in the lsm core.
The core difficulty appears to be how do you multiplex the security pointers
on various objects out there.
My wishlist has this working so that I can logically have a local security
policy in a container, restricted by the global policy but with additional