It says on their Github profile that they are building some kind of nowhere detection product. Maybe in that context, a very strict syscall allowlist is useful or good?

> It is designed for CI pipelines, CTF jail challenges, and lightweight code evaluation

Looking at the list, it seems pretty good for that. What does a CI runner that just needs to run GCC or whatever really need?

Edit: no open does seem restrictive. Not that it's bad security (not my area of expertise), but how many useful programs use open that are just off limits here?