seccomp()

seccomp allows developers to write complex rules to allow/disallow certain system calls or filter system calls based on argument variables. seccomp rules are inherited by children process.

libseccomp-dev