Systrace enforces system call policies for
applications by constraining the application's
access to the system. The policy is generated
interactively. Operations not covered by the
policy raise an alarm, allowing the user to refine
the currently configured policy. After a policy
has been sufficiently constructed, further alarms
often indicate security problems. Policies can
also be generated automatically for sandboxing
purposes.
