[$] Two approaches to tightening restrictions on loadable modules

The kernel's loadable-module facility allows code to be loaded into (andsometimes removed from) a running kernel. Among other things, loadablemodules make it possible to run a kernel with only the subsystems neededfor the system's hardware and workload. Loadable modules can also make iteasy for out-of-tree code to access parts of the kernel that developerswould prefer to keep private; this has led to many discussions in thepast. The topic has returned to the kernel's mailing lists with twodifferent patch sets aimed at further tightening the restrictions appliedto loadable modules.