Comment by octoberfranklin

Access control is the operating system's job, and modern OSes already provide plenty of great tools for doing that.

Just use the existing sandboxing infrastructure like bubblewrap, seccomp, etc. I have way more faith in that than in something than some regex-based blocklist.