Historically, intercepting Linux system calls was done with ptrace. While ptrace is more commonly known for debugging purposes, one could easily monitor system calls by using PTRACE_SYSCALL (or even PTRACE_SYSEMU) to wait for the traced process to make a system call, then send off PTRACE_GETREGS and PTRACE_SETREGS to read and write the registers associated with the system call.So while the Linux kernel always had the facilities to monitor, fake, modify and restrict system calls, the glaring prob...