[$] A security-module hook for user-namespace creation

The Linux Security Module (LSM) subsystem works by way of an extensive setof hooks placed strategically throughout the kernel. Any specific securitymodule can attach to the hooks for the behavior it intends to govern and beconsulted whenever a decision needs to be made. The placement of LSM hooksoften comes with a bit of controversy; developers have been known to objectto the performance cost of hooks in hot code paths, and sometimes there are misunderstandings over how integration withLSMs should be handled. The disagreement over a security hook for thecreation of user namespaces, though, is based on a different sort ofconcern.