--- a/paxinc.h
+++ b/paxinc.h
@@ -22,6 +22,12 @@
 # define VCSID "<unknown>"
 #endif
 
+#ifdef EBUG
+# define USE_DEBUG 1
+#else
+# define USE_DEBUG 1
+#endif
+
 /* ELF love */
 #include "elf.h"
 #include "paxelf.h"
--- a/porting.h
+++ b/porting.h
@@ -30,6 +30,7 @@
 #include <pwd.h>
 #include <regex.h>
 #include <sched.h>
+#include <signal.h>
 #include <stdbool.h>
 #include <stdio.h>
 #include <stdlib.h>
--- a/security.c
+++ b/security.c
@@ -41,6 +41,26 @@ static int pax_seccomp_rules_add(scmp_filter_ctx ctx, int syscalls[], size_t num
 }
 #define pax_seccomp_rules_add(ctx, syscalls) pax_seccomp_rules_add(ctx, syscalls, ARRAY_SIZE(syscalls))
 
+static void pax_seccomp_sigal(int signo, siginfo_t *info, void *context)
+{
+	uint32_t arch;
+	warn("seccomp violated: syscall %i", info->si_syscall);
+	fflush(stderr);
+	arch = seccomp_arch_native();
+	warn("  syscall = %s", seccomp_syscall_resolve_num_arch(arch, info->si_syscall));
+	kill(getpid(), SIGSYS);
+	_exit(1);
+}
+
+static void pax_seccomp_signal_init(void)
+{
+	struct sigaction act;
+	sigemptyset(&act.sa_mask);
+	act.sa_sigaction = pax_seccomp_sigal,
+	act.sa_flags = SA_SIGINFO | SA_RESETHAND;
+	sigaction(SIGSYS, &act, NULL);
+}
+
 static void pax_seccomp_init(bool allow_forking)
 {
 	/* Order determines priority (first == lowest prio).  */
@@ -147,6 +167,9 @@ static void pax_seccomp_init(bool allow_forking)
 	/* We already called prctl. */
 	seccomp_attr_set(ctx, SCMP_FLTATR_CTL_NNP, 0);
 
+	if (USE_DEBUG)
+		pax_seccomp_signal_init();
+
 #ifndef __SANITIZE_ADDRESS__
 	/* ASAN does some weird stuff. */
 	if (seccomp_load(ctx) < 0)