Restricting automatic kernel-module loading

Having userspace do the policing indeed sounds like a good idea.

The mechanism to do so is already in place: request_module() already asks the userspace helper. modprobe is already able to deny loading of modules and even launch commands instead, and if modprobe is not up to the job then a different helper could be specified with the kernel.modprobe sysctl?