> I think having two different main()s is silly. Why not keep the privsep > and everything else but just skip the systrace bits?
Right. Do the ioctl early on. If it flags that systrace is on, then simply do direct-calls to the file checking code. Try a few more approaches, try to make it simpler.
