Seccomp-strict - dom0 kernel syscall filtering - ROP Gadget Mitigation

Is there any mitigation for ROP gadget chaining in order to make a

syscall to open a shell within dom0? Can seccomp-strict be loaded into

the dom0 kernel?

syscall filtering using seccomp-strict C library might be a mitigation to this

vulnerability.