Full sandboxing is not possible with LD_PRELOAD, because the application can still issue raw system calls (syscalls) by using the 'int 0x80' instruction, skipping any library call.
How exactly does one use seccomp to alter/intercept syscalls instead of simply blocking or allowing them? I can't find anything which uses it like that with a search.
GP is misinformed. seccomp is an optimization to ptrace-based syscall interception, when you're only interested in intercepting a subset of a process's syscalls. Instead of getting an event and processing every single syscall a process makes, you can register a seccomp filter that fires a ptrace event in only specific cases (which can be super coarse like "the syscall number is open", or more fine grained like "the syscall number is open and the file is being opened with O_WRONLY or O_RDWR"). Without something like this, ptrace based interception would be almost unusably slow for many cases.
If you also intercept the exec* family calls, you can forbid the user from running any but the trusted executables (so that will exclude e.g. anything written in Python etc).
It does get tricky since you are depending on glibc internals to find out what symbols to override. IIRC some of the exec* functions called each other internally without going through the symbol table, so you cannot override just execve which corresponds to the system call, as execvp will not call the execve function.
Then there's a whole ton of new secure Linux system calls that instead of a full path name take a directory file descriptor + name in that directory. E.g. execveat, openat etc.
So I wouldn't recommend it in a fully hostile (secure) environment.
