Blacklist more kernel modules to reduce attack surface