/* an example of a rule to fail getpid() calls done by 'ps' */
rule
{
	syscall_name = getpid
	rule_name = fail_getpid
	filter_expression {COMM ~= "ps"}
	action {
	       type = FAIL
	       error_code = -22
	}
}