diff --git a/ldd/exec.go b/ldd/exec.go
index 23c4e89..47e20a8 100644
--- a/ldd/exec.go
+++ b/ldd/exec.go
@@ -20,6 +20,7 @@ func Exec(p string) ([]*Entry, error) {
 		(&bwrap.Config{
 			Hostname:      "fortify-ldd",
 			Chdir:         "/",
+			Syscall:       &bwrap.SyscallPolicy{DenyDevel: true, Multiarch: true},
 			NewSession:    true,
 			DieWithParent: true,
 		}).Bind("/", "/").DevTmpfs("/dev"), "ldd",