Add a SYSTR_POLICY_KILL per-syscall policy option that sends SIGKILL to

the traced process when the syscall is attempted. This is more useful and
safer for unsupervised sandboxing than returning EPERM (which is the
behaviour of SYSTR_POLICY_NEVER), as this could cause dangerous misbehaviour
in applications that don't expect it.

"I like it" deraadt@ markus@

0 files changed, 0 insertions, 0 deletions