For sandboxing some forms of untrusted code, the risk of a red pill could be greatly reduced if qemu had "seccomp" mode, i.e., a way for a guest OS to request that qemu drop any future unwhitelisted vmexit calls.  How complicated would it be to add this functionality to qemu and which parts of qemu would I need to modify?

Jason