[$] KRSI — the other BPF security module

One of the first uses of the BPF virtualmachine outside of networking was to implement access-control policiesfor the seccomp()system call. Since then, though, the role of BPF in the security area hasnot changed much in the mainline kernel, even though BPF has evolvedconsiderably from the "classic" variant still used with seccomp()to the "extended" BPF now supported by the kernel. That has not been for alack of trying, though. The out-of-tree Landlock security module was covered here over three years ago. We also looked at the kernel runtime securityinstrumentation (KRSI) patch set in September. KP Singh has posted a newKRSI series, so the time seems right for a closer look.