I think it would likely work but your agent ACLs would be the same on the host system as the zones. As long as the access would be identical you should be fine. Your kind of stuck if you want to grant role X access to zone bar and role y access to zone foo but not the other way around. You might also want to grant a role access to a zone but not the host system, again your out of luck.
but if those locations are loopback mounted, won't they not inherit from the parent zone, so you should be able to push separate acls to each ?