Preventing unauthorized invocation of open system call in Linux by running processes in sand-boxed environments using capability based authorization implemented in user space.
