The `--enable-native-access` flag only applies to the boot layer, not to ModuleLayers created programmatically. Yet, `Module.ensureNativeAccess` suggests to add `--enable-native-access <module>` even if <module> is in a different module layer. Example:

```
java --module-path example.jar:main.jar --enable-native-access example --enable-native-access otherexample --module main/main.Main
WARNING: Unknown module: otherexample specified to --enable-native-access
module main
module example
Hello com.example.Main
module otherexample
Hello com.example.Main
WARNING: A restricted method in java.lang.System has been called
WARNING: java.lang.System::load has been called by com.example.Main in module otherexample (file:example2.jar)
WARNING: Use --enable-native-access=otherexample to avoid a warning for callers in this module
WARNING: Restricted methods will be blocked in a future release unless native access is enabled
```

The reproducer can be found here https://github.com/zapster/module-layer-native-access-example/tree/module-layer-warning

The `otherexample` module is in a different ModuleLayer created in `main.Main`, thus `--enable-native-access otherexample` will not work. Even worse, it is leading to another conflicting warning.

Since it seems intentional that `--enable-native-access` only applies to the boot layer, I believe the warning/error printing code should check whether the module is on the boot layer and if not omit the suggestion or print a different one.

AFAIK, the check was introduce in JDK-8295044 and recently update by JDK-8331671.