This is a LSM in which the kernel denies the execution of binaries
to non-root users, unless there is an extended-attribute named
security.whitelisted present upon the binary.
NOTE: The content/value of that attribute doesn't matter, only the existance is tested
There is some back-story in the following blog-post:
This module was enhanced in the hashcheck LSM.