[flakes]

Curious, what were you using for doing syscall logging? LD_PRELOAD tricks, or ebpf filtering?

[entelechy]

mostly strace and it's macos equivalent; Later we moved to ptrace and ebpf. LD_PRELOAD unfortunately doesn't work for statically linked libc. There are also kernel probes but didn't like that it required root permissions...