How to disallow system calls while running a program in a sandbox environment?

Question

I was checking out codepad.org and a while(1) fork gave the following output.

Disallowed system call: SYS_fork

Check this link for exact details. http://codepad.org/rNR9mMVv

Googling more, I got to to know that they also disable system call using sockets.

Disallowed system call: SYS_socketcall

Can anyone tell me how one can disable certain system calls before running the program in a sandboxed environment?

Answer 1

By replacing runtime libraries with mocks that have empty stubs or exception throwers instead of real functions?

Answer 2

If you're willing to pay the performance penalty, ptrace() can be used for this. There's another way I cannot seem to find right now.