SECCOMP_RET_USER_NOTIF appears to switch between the tracee and tracer processes for each syscall. Using SECCOMP_RET_TRAP to trigger a SIGSYS for every syscall in IO intensive apps introduces 5% overhead (and avoids a separate tracer).

I wonder if there's any mechanism that works for intercepting static ELF's like Go programs and such.

They use a seccomp filter to decide which syscalls get sent to the other process for processing.