I have an existing program that I would like to sandbox using seccomp (v2). How can I find what seccomp rules I need to allow for the program? I’ve tried adding seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(…), 0) for all syscalls printed by strace -xfc a.out, but apparently that wasn’t enough, since I’m still getting “SIGSYS, Bad system call” when I run the