Is warning/disabling restricted to the system calls involved in the KubeArmor/KubeArmor/BPF/system_monitor.c file?

If so, is it possible to hook into raw_tracepoint/sys_enter, disable the system calls of the current process based on the system call number and the binary executable file path information of the task_struct, and then pass some key information to user space for further processing?"

@dejavudwh KubeArmor does not allow custom syscalls. We have predefines set of hooks which are safe to work with to do enforcement. We specifically use BPF LSM for that.

I believe if you create a Block Policy for the process you want to Block. KubeArmor should already be blocking it without needing to hook into sys_enter.