=== Seccomp BPF Analysis: syd_process ===
--- File Information ---
File: ./bpf/syd_process.bpf
Size: 296 bytes
Instructions: 37

--- Disassembled Filter ---
 line  CODE  JT   JF      K
=================================
 0000: 0x20 0x00 0x00 0x00000004  A = arch
 0001: 0x15 0x00 0x22 0xc000003e  if (A != ARCH_X86_64) goto 0036
 0002: 0x20 0x00 0x00 0x00000000  A = sys_number
 0003: 0x35 0x00 0x01 0x40000000  if (A < 0x40000000) goto 0005
 0004: 0x15 0x00 0x1f 0xffffffff  if (A != 0xffffffff) goto 0036
 0005: 0x20 0x00 0x00 0x00000000  A = sys_number
 0006: 0x25 0x00 0x14 0x0000001b  if (A <= 0x1b) goto 0027
 0007: 0x25 0x00 0x0a 0x000000aa  if (A <= 0xaa) goto 0018
 0008: 0x15 0x1b 0x00 0x000001c3  if (A == 0x1c3) goto 0036
 0009: 0x15 0x13 0x00 0x00000149  if (A == pkey_mprotect) goto 0029
 0010: 0x15 0x00 0x06 0x00000142  if (A != execveat) goto 0017
 0011: 0x20 0x00 0x00 0x00000034  A = flags >> 32 # execveat(dfd, filename, argv, envp, flags)
 0012: 0x54 0x00 0x00 0x00000000  A &= 0x0
 0013: 0x15 0x00 0x15 0x00000000  if (A != 0) goto 0035
 0014: 0x20 0x00 0x00 0x00000030  A = flags # execveat(dfd, filename, argv, envp, flags)
 0015: 0x54 0x00 0x00 0x00010000  A &= 0x10000
 0016: 0x15 0x13 0x12 0x00000000  if (A == 0) goto 0036 else goto 0035
 0017: 0x15 0x12 0x11 0x000000ab  if (A == setdomainname) goto 0036 else goto 0035
 0018: 0x15 0x11 0x00 0x000000aa  if (A == sethostname) goto 0036
 0019: 0x15 0x00 0x05 0x00000065  if (A != ptrace) goto 0025
 0020: 0x20 0x00 0x00 0x00000014  A = request >> 32 # ptrace(request, pid, addr, data)
 0021: 0x15 0x00 0x0d 0x00000000  if (A != 0x0) goto 0035
 0022: 0x20 0x00 0x00 0x00000010  A = request # ptrace(request, pid, addr, data)
 0023: 0x15 0x0c 0x00 0x00004206  if (A == 0x4206) goto 0036
 0024: 0x15 0x0b 0x0a 0x00000010  if (A == 0x10) goto 0036 else goto 0035
 0025: 0x15 0x0a 0x00 0x00000045  if (A == msgsnd) goto 0036
 0026: 0x15 0x09 0x08 0x0000003b  if (A == execve) goto 0036 else goto 0035
 0027: 0x15 0x08 0x00 0x0000001b  if (A == mincore) goto 0036
 0028: 0x15 0x00 0x06 0x0000000a  if (A != mprotect) goto 0035
 0029: 0x20 0x00 0x00 0x00000024  A = args[2] >> 32
 0030: 0x54 0x00 0x00 0x00000000  A &= 0x0
 0031: 0x15 0x00 0x03 0x00000000  if (A != 0) goto 0035
 0032: 0x20 0x00 0x00 0x00000020  A = args[2]
 0033: 0x54 0x00 0x00 0x00000004  A &= 0x4
 0034: 0x15 0x01 0x00 0x00000004  if (A == 4) goto 0036
 0035: 0x06 0x00 0x00 0x7fff0000  return ALLOW
 0036: 0x06 0x00 0x00 0x80000000  return KILL_PROCESS
