Implementation

Kernel answers with messages that can be read from /dev/systrace file descriptor:

SYSTR_MSG_ASK:  Kernel requests policy decision from userland about a system call.
SYSTR_MSG_RES: Reports the return value and error code after system call execution:
This way we know if execve succeeded and allows switch of policy.
SYSTR_MSG_EMUL : Reports a change of emulation.  The in-kernel policy has been reset.
SYSTR_MSG_CHILD : Reports that a new child was created or has terminated.
Keeps track of processes that are currently monitored.