Prompting the user for access control decisions at the level of system calls is not useful unless your target audience is solely "Linux kernel developer"; i.e. .01% of Fedora users at best. Even at a much higher level you have to assume that if you prompt for this kind of stuff, 50% of the time they're going to get it wrong.
I've seen security products that do something like this on Windows. I had something like that running during the virus crisis of Summer 2003, and it didn't stop the machine from falling apart (Was it Gator? Some toxic waste that rode in on Kazaa's boots? Did I actually click on one of the 200,000 viruses I got in the mail? Was it the antivirus program?) and was just one more thing that helped make the machine unusual.
Seems to me that we don't need anything radical to run a process in a box with a limited set of system calls available; this can be done with ptrace or selinux, and the next obvious step is to beef up those APIs if they aren't quite adequate for what you want to do.
One of the reasons why security products for Windows are so bad is that there isn't really a firewall API in Windows so every firewall product finds a set of hooks that look good and then they pray that they don't blow up the network stack. It makes sense to provide APIs that will let people do things like that in a reasonable way, because otherwise they'll do them in an unreasonable way.
