#LSM avoids the approach of #syscall sc interposition unlike #Systrace as it
doesnt scale to multiproc kernel
is subject to #TOCTTOU attacks.
it inserts "hooks" (upcalls to module) at every point in #kernel where a user-level sc is about to result in access to say #inodes