The difficulty is in the pattern matching rule.
If we want to export only /usr/glenda, then the pattern matching filer must pass
/usr
/usr/glenda
and must not pass
/usr/
I really wonder about the pattern-matching code being there at all.
Without it, exportfs is constrained by the authenticated user's permissions, within the exported name space,
and that's enforced by the operating system (system calls).
To export only /usr/glenda, I'd build a name space that has only /usr/glenda in it, and export that.
The read-only option is enforced by exportfs itself, but at the 9P level: it's not too hard to enumerate
the messages and options that do not cause modifications and reject all others (although exportfs wasn't updated to include an
option added later to open). Still, that can be got right once for all by exportfs.