Note that when nfsd encounters a mountpoint, and either:
	1. the filesystem mounted there is not exported, or
	2. the filesystem mounted there is exported to a client other than
		the client making the curent request, or
	3. the filesystem mounted there is exported without nohide, and the
		mounted-on filesystem is exported without crossmnt,

then nfsd allows the client to continue traversing the underlying filesystem.

This behavior may be somewhat unexpected, though I suspect it's probably the
traditional behavior, at least in cases 1 and 3.

Case 2 seems particularly counterintuitive, as it results in different clients
seeing different filesystem trees.  Also, in the gss case, it makes security
negotiation impossible.

And I'd really much prefer to eliminate all 3 cases.  That would seem the least
surprising behavior.  Users that really want to be able to expose via NFS files
that they've mounted over locally can still do so if they really want to, by
running mountd in a separate filesystem namespace.