Can't believe this kind of use case has not been foreseen with
respect to systrace...

Case in point: a rather large program in ports (cmake) is giving
out systrace warnings. I don't know where in the source, I just
see some fswrite warnings and the paths are rather generic enough
(okay, so it's trying to write to /usr, fine).

Reading through systrace, the only things I can do from a systrace
config file is allow/permit/ask. There's no way to just abort the
faulty program (sending it a SIGTRAP or whatever). So, wee, debug.
(and also, is it wise ? I mean, you have a program you're keeping
under systrace. You're assuming systrace is 100% protection, right ?
This is just wrong compared to the way inetd functions, where you
CAN have violations simply NOT KEEP ON THE OFFENDING DAEMON).

I ended up turning those deny into `ask', waited for the requester to
show up, and attached a gdb to the running process at that point...

This works, but it is counter-intuitive.