Hey there 
.
I just released restrict -- my first crate, a simple Rust crate to help secure Linux applications by controlling which system calls are allowed or denied in your projects.
The main focus of this project is developer experience (DX) and safety. It offers strongly typed syscalls with easy-to-use functions like allow_all(), deny_all(), allow(Syscall::Openat), and deny(Syscall::Socket), giving you fine-grained control over your app’s system-level behavior. Check it out — i would appreciate a feedback, there would be more features and refinements in the future.
here is a simple snippet:
let mut policy = Policy::allow_all()?;
policy
.deny(Syscall::Execve)? // prevent process spawning
.deny(Syscall::Ptrace)? // prevent tracing/hijacking
.apply()?;
