* **build-filter**
* build BPF binary-search tree
* **build-table**
* build transformation table
* **seitan-loader**
* load BPF blob
* attach filter
* call blocking syscall
* on return, start binary
* **seitan**
* load transformation table blob
* listen to netlink proc connector
* look for seitan-loader, once found:
* get seccomp notifier via pidfd_getfd()
* listen to it, new syscall:
* look up in transformation table
* load args from memory
* execute transformation, unblock, or block
* return, optionally injecting context