This commit removes system calls used by older glibc and kernel versions such as present in Debian Bullseye.
The new list has been tested with glibc >= 2.36 and Linux >= 6.0 on Archlinux and Debian Bookworm
The new list has been tested with Debian Stable/Bullseye, Debian testing/Bookworm and Arch Linux
This also adds a warning to the strict sandbox if X11 is detected in order to make sure users are aware of the missing process isolation.
The basic filter was updated as well to avoid an issue with firefox