I am wondering if the seccomp system call [1] would be welcomed in the OpenBSD tree. I remember it was among the subjects of last year's Google Summer of Code. If there is still interest in having it implemented, I am willing to work on it: I have a diff that creates the system call and allows seccomp to be called with the SECCOMP_SET_MODE_STRICT operation. It's a first step, the next (big) one would be BPF(4) syscall filtering.
[1] http://man7.org/linux/man-pages/man2/seccomp.2.html
